# Have problem with shutdown on my xp



## Martin4Jay (Jan 28, 2012)

Hi,
I am having problems with shutdown on Micosoft xp service pack 3, can you check my Highjack this log, when you get 5 minute and see what can be causing the problem.

Many thanks
Martin

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:47:33, on 28/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe
C:\Program Files\DigiGuide TV Guide\digiguide.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Cumulus\cumulus.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=NUYh597mIU
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {d1e06b91-60e6-4492-af9f-53043fa32716} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [Oregon] C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe
O4 - Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
O4 - Startup: Met Office Desktop Widget.lnk = C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} (Sony SNC-P5 Control) - http://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204929890000
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O20 - AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c9d2e3ae18ab52) (gupdate1c9d2e3ae18ab52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

--
End of file - 16731 bytes


----------



## Phantom010 (Mar 9, 2009)

Martin4Jay said:


> Hi,
> I am having problems with shutdown on Micosoft xp service pack 3, can you check my Highjack this log, when you get 5 minute and see what can be causing the problem.
> 
> Many thanks
> Martin


Can you be more precise? You're having trouble shutting down the computer the normal way? If so, it only shuts down when pushing the button? Or, the computer is shutting down on its own?


----------



## Phantom010 (Mar 9, 2009)

If you cannot shut down your computer the normal way, try the following:

Click Start > Run > type *regedit*

Press Enter.

Browse to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explor er

In the right pane, if there is the REG_DWORD *NoClose*, either delete it or change the value from 1 to 0.


----------



## flavallee (May 12, 2002)

Martin:

Do the following in the order that they're listed.

------------------------------------------------

Start HiJackThis, then click "Do a system scan only".

The scan is usually finished in 30 - 60 seconds, but may take longer in some computers.

After the scan is finished, put a checkmark in these log entries:

*R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: (no name) - {d1e06b91-60e6-4492-af9f-53043fa32716} - (no file)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll

O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll

O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll

O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbIncr.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll

O20 - AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll*

ONLY after you confirm that you selected the CORRECT log entries, click "Fix Checked - Yes".

Close HiJackThis, then restart the computer.

------------------------------------------------

Wait for the computer to completely settle down from the restart.

Start HiJackThis again, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

------------------------------------------------

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

------------------------------------------------


----------



## flavallee (May 12, 2002)

I strongly advise you to get rid of *AVG PC Tuneup 2011* and any other cleaner/optimizer/booster/tuneup type utilities that are installed in that computer.

The end result of using these type utilities can be a damaged Windows operating system and programs that no longer work and unexpected error/warning messages and overall havoc with your computer.

  :down:

---------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

Thank you Phantom010 but did not find it but I did get rid AVG Internet security and Avast keys, so I will see what happens if it happens again I will try flavallee advice, Thanks everyone for the response I will let you know how it goes.
Martin


----------



## Phantom010 (Mar 9, 2009)

But you did not answer the questions. It's hard to make the right diagnostic without the facts:



> Can you be more precise? You're having trouble shutting down the computer the normal way? If so, it only shuts down when pushing the button? Or, the computer is shutting down on its own?


----------



## Martin4Jay (Jan 28, 2012)

Ok I use the start and turn of computer and shutdown and it freeze just about the time it
s going to close.


----------



## Phantom010 (Mar 9, 2009)

OK, then the registry key I had you look for wouldn't have helped. You may have one or more processes not ending properly at shutdown. Let's see if the steps from flavallee's advice will help.


----------



## Martin4Jay (Jan 28, 2012)

I agree Just going to see what happens thanks for your advice


----------



## flavallee (May 12, 2002)

After you complete the instructions in post #4, we'll go from there. :up:

Just try to be patient.

---------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

Oh that's cool


----------



## Martin4Jay (Jan 28, 2012)

Hi flavallee Did the same this morning. So did what you said and it shutdown ok after, just wait and see what happens now.
Thanks Martin

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:04:39, on 30/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Soluto\soluto.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\DigiGuide TV Guide\digiguide.exe
C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=NUYh597mIU
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {d1e06b91-60e6-4492-af9f-53043fa32716} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [Oregon] C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe
O4 - Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
O4 - Startup: Met Office Desktop Widget.lnk = C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} (Sony SNC-P5 Control) - http://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204929890000
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c9d2e3ae18ab52) (gupdate1c9d2e3ae18ab52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

--
End of file - 14097 bytes


----------



## Martin4Jay (Jan 28, 2012)

Well tried it tonight shutdown on startup then it rumble and rumble and rumble went quite for 60 seconds and then when off.
So not sure if it is fix but try tonight and I will let you know in the morning.
Thanks
Martin


----------



## Martin4Jay (Jan 28, 2012)

It closed down quicker last night  so what I will do I will report back if I get the problem again. I will let you know on Friday

Thanks


----------



## flavallee (May 12, 2002)

Martin4Jay said:


> Well tried it tonight shutdown on startup then it rumble and rumble and rumble went quite for 60 seconds and then when off.


Can you be more specific about that comment?

---------------------------------------------------------

You haven't submitted the "uninstall_list.txt" log that I requested.

---------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

shutdown computer makes a noise like the hard drive making a noise and the fans before it shutdown took 60 seconds before it shutdown then twice it shutdown with no problem yesterday so I will report back when I have the same problem see how it goes the next couple of days


----------



## Martin4Jay (Jan 28, 2012)

A4 Tech PC Camera V
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader X (10.1.1)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avery DesignPro
AVG PC Tuneup 2011
Bandoo
BBC iPlayer Desktop
BBC iPlayer Desktop
Bing Bar
Bluesoleil2.6.0.9 Release 070606
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
Cumulus 1.9.2
DigiGuide TV Guide
EarthDesk
Easy DVD Creator 2.3.1
Epson Easy Photo Print 2
Epson Event Manager
EPSON Printer Software
Epson Printer Software Downloader
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EPSON SX510W Series Printer Uninstall
EPSON Web-To-Page
EpsonNet Print
EpsonNet Setup
Facebook Video Calling 1.1.1.1
flowBubbles 2.30
GOM Player
Google Earth
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 2.01
Greeting Card Factory Deluxe 8.0
High-Definition Video Playback
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ieSpell
iLivid
iLivid
IncrediMail
IncrediMail 2.0
IncrediMail MediaBar 2 Toolbar
iTunes
Java(TM) 6 Update 29
Junk Mail filter update
Memeo AutoSync
Memeo Instant Backup
Memeo Send
Memeo Share
Met Office Desktop Widget
Met Office Desktop Widget
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access database engine 2007 (English)
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WorldWide Telescope
MSN
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NavDesk 2008
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
neroxml
Nokia Multimedia Factory
Norton 360
NVIDIA Drivers
OpenOffice.org Installer 1.0
PaltalkScene
PC Connectivity Solution
Photo Notifier and Animation Creator
Photo Notifier and Animation Creator
PhotoMail Maker
PhotoMail Maker
Picasa 3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
Safari
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Segoe UI
Sky Player
Skype Toolbars
Skype™ 4.2
SlingPlayer
SlingPlayer
Soluto
Stellarium 0.11.1
SystemControl
Uninstall Entriq MediaSphere
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
VC 9.0 Runtime
Veetle TV 0.9.18
Virtual Earth 3D (Beta)
vShare Plugin
Weather OS
WebSlingPlayer ActiveX
Windows iLivid Toolbar
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery


----------



## flavallee (May 12, 2002)

Re-read the first part of post #4.

It looks like you missed a few of them.

-----------------------------------------------------

Go to Control Panel - Add Or Remove Programs, then uninstall/remove the following:

*AVG PC Tuneup 2011

Bandoo

Bing Bar

CCleaner

Conduit Engine

iLivid

IncrediMail MediaBar 2 Toolbar

vShare Plugin

Windows iLivid Toolbar*

------------------------------------------------------


----------



## flavallee (May 12, 2002)

Martin4Jay said:


> shutdown computer makes a noise like the hard drive making a noise and the fans before it shutdown took 60 seconds before it shutdown then twice it shutdown with no problem yesterday so I will report back when I have the same problem see how it goes the next couple of days


If you haven't done it, I suggest you backup your important and irreplaceable data before that hard drive decides to crash and die - which they all eventually do.

---------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

1) I did what you said but these two programs wont let me uninstal it just like it's blocked from unistaling.

Conduit Engine

IncrediMail MediaBar 2 Toolbar


2) My hard drive is only a year old so can't see that being the problem.

Thanks


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

-------------------------------------------------------

Even if the hard drive is only a year old, you should still backup and save your personal data on a regular basis.

And just because it's a year old doesn't mean it can't fail.

------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

Whoooooo Flavallee fair point I am using seagate backup ;-)
Here is the Highjack This info.
Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:56, on 01/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Soluto\soluto.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
C:\Program Files\DigiGuide TV Guide\digiguide.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Cumulus\cumulus.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=NUYh597mIU
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {d1e06b91-60e6-4492-af9f-53043fa32716} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [Oregon] C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe
O4 - Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
O4 - Startup: Met Office Desktop Widget.lnk = C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} (Sony SNC-P5 Control) - http://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204929890000
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c9d2e3ae18ab52) (gupdate1c9d2e3ae18ab52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

--
End of file - 14238 bytes


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

After the scan is finished, put a checkmark in this log entry:

*R3 - URLSearchHook: (no name) - {d1e06b91-60e6-4492-af9f-53043fa32716} - (no file)*

then click "Fix Checked - Yes".

Close HiJackThis.

----------------------------------------------------

You're using a number of programs and add-ons that I've never used and am not familiar with, so I don't know if any of them are causing the startup/shutdown issues.

----------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

flavallee said:


> Start HiJackThis, then click "Do a system scan only".
> 
> After the scan is finished, put a checkmark in this log entry:
> 
> ...


I appreciated you honesty and thanks for you help so far do you want be to let you know or give it a couple of days
Thanks


----------



## flavallee (May 12, 2002)

Sure. Use the computer for a couple of days and then let us know how it's running.

You need to understand that there's only so much that we can do from here without being there.

---------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

That's fine you been very helpful thanks
Martin


----------



## Martin4Jay (Jan 28, 2012)

Thought it got sorted still having the same problem freezes then it restarts,not sure what is causing it thanks flavallee for the help you giving
Martin


----------



## flavallee (May 12, 2002)

Install the free version of

*Malwarebytes Anti-Malware 1.60.1.1000*

*SUPERAntiSpyware 5.0.0.1144*

Make sure to update their definition files during the install process.

After they're installed and updated, restart the computer.

--------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------

Start SUPERAntiSpyware.

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

Malwarebytes' Anti-Malware 1.39
Database version: 2468
Windows 5.1.2600 Service Pack 3

21/07/2009 13:42:58
mbam-log-2009-07-21 (13-42-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 199130
Time elapsed: 1 hour(s), 16 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netcom3 (Rogue.NetCom3) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Netcom3 Cleaner (Rogue.NetCom3) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.NetCom3) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MPMFC1 (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\User\application data\spywarebot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Log\2007 Sep 25 - 09_11_28 PM_936.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Log\2007 Sep 25 - 09_11_32 PM_139.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\WINDOWS\search and destroy\uninstall.exe (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.


----------



## flavallee (May 12, 2002)

Martin4Jay said:


> Malwarebytes' Anti-Malware 1.39
> Database version: 2468
> Windows 5.1.2600 Service Pack 3
> 
> ...


The scan log that you provided is dated July 21, 2009 amd with a very outdated 1.39 version of Malwarebytes Anti-Malware.

You need to use the link that I provided you with to update it to 1.60 and then run a new scan and then submit a new log.

-------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/03/2012 at 04:03 PM

Application Version : 5.0.1144

Core Rules Database Version : 8198
Trace Rules Database Version: 6010

Scan type : Quick Scan
Total Scan Time : 00:10:56

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 710
Memory threats detected : 0
Registry items scanned : 29025
Registry threats detected : 3
File items scanned : 7068
File threats detected : 316

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32

Rogue.Netcom3/SpyClean
C:\Program Files\Netcom3 Cleaner

Adware.Tracking Cookie
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.somersetcountygazette.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.newsquestdigitalmedia.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.premiumtv.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.baa.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.baa.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.baa.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.baa.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
httptrack.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
httptrack.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
httptrack.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
httptrack.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
httptrack.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
httptrack.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shipfinder.co [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
auslieferung.commindo-media-ressourcen.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.ilivid.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficjmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficjmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficjmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficjmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficjmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exodustravel.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffic-update.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffic-update.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffic-update.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffic-update.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffic-update.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.dsmmadvantage.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shipfinder.co [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shipfinder.co [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shipfinder.co [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shipfinder.co [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nakedsecurity.sophos.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nakedsecurity.sophos.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nakedsecurity.sophos.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nakedsecurity.sophos.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nakedsecurity.sophos.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.perf.overture.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wgmyglcpegq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-emea.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weboramapublishertrackinguk.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weboramapublishertrackinguk.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weboramapublishertrackinguk2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weboramapublishertrackinguk2.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.weborama.fr [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trinitymirror.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sublimemedia.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kantarmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kantarmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealtime.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.debenhams.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statsadv.dadapro.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nationmultimedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.komoona.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tng.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tng.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tng.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.akamai.interclickproxy.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads2.arctablet.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.fastclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.somersetcountygazette.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.somersetcountygazette.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.speedmaxpc.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.speedmaxpc.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.toplist.cz [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.somersetcountygazette.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.somersetcountygazette.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.somersetcountygazette.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.somersetcountygazette.co.uk [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unrulymedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.incredimailmediabar2.ourtoolbar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.incredimailmediabar2.ourtoolbar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.incredimailmediabar2.ourtoolbar.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.lon.liveperson.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## flavallee (May 12, 2002)

Did you select and remove EVERYTHING that the SUPERAntiSpyware scan found?

---------------------------------------------------------

Read my last reply about Malwarebytes Anti-Malware.

---------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

I keep getting the same did update to what your asking but the log gives me this.

Malwarebytes' Anti-Malware 1.39
Database version: 2468
Windows 5.1.2600 Service Pack 3

21/07/2009 13:42:58
mbam-log-2009-07-21 (13-42-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 199130
Time elapsed: 1 hour(s), 16 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netcom3 (Rogue.NetCom3) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Netcom3 Cleaner (Rogue.NetCom3) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpyClean (Rogue.NetCom3) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MPMFC1 (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\User\application data\spywarebot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Log\2007 Sep 25 - 09_11_28 PM_936.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Log\2007 Sep 25 - 09_11_32 PM_139.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\CustomScan.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\IgnoreList.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\ScanInfo.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\ScanResults.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\SelectedFolders.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\spywarebot\Settings\Settings.stg (Rogue.SpywareBot) -> Quarantined and deleted successfully.
c:\WINDOWS\search and destroy\uninstall.exe (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.


----------



## flavallee (May 12, 2002)

You're apparently selecting the wrong log from the list to display and submit.

Start Malwarebytes, then click the "About" tab. What's the version listed?

----------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

Sorry it's 1.60.1.1000


----------



## flavallee (May 12, 2002)

Martin4Jay said:


> Sorry it's 1.60.1.1000


OK, good. You have the current version installed. :up:

Start Malwarebytes, then click the "Logs" tab. The most current log should be at the bottom of the list. Submit it here.

---------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

2012/02/05 08:53:14 GMT	USER-5C75D7BEDB MESSAGE	Executing scheduled update: Flash Scan | Weekly
2012/02/05 08:53:39 GMT	USER-5C75D7BEDB MESSAGE	Starting protection
2012/02/05 08:53:45 GMT	USER-5C75D7BEDB ERROR	Scheduled update failed: I/O error failed with error code 0
2012/02/05 08:53:49 GMT	USER-5C75D7BEDB MESSAGE	Protection started successfully
2012/02/05 08:53:52 GMT	USER-5C75D7BEDB MESSAGE	Starting IP protection
2012/02/05 08:54:37 GMT	USER-5C75D7BEDB	User	MESSAGE	IP Protection started successfully


----------



## flavallee (May 12, 2002)

I have no idea what you submitted. That's not a scan log.

Since you have the current version of Malwarebytes Anti-Malware installed, I'm just going to assume that you selected and removed everything that was found after the scan was finished.

-------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

I did not have any virus show up after the scan


----------



## Martin4Jay (Jan 28, 2012)

Thanks for trying to help with this problem.


----------



## Martin4Jay (Jan 28, 2012)

Thank you my friend I will have a go later. I let you know how I get on.


----------



## Cookiegal (Aug 27, 2003)

I don't advise fiddling around in the registry, especially without creating a backup first.

It could be that the registry is not being completely released on shutdown due to a hanging application. Let's see if there are any errors in the Event Viewer.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Martin4Jay (Jan 28, 2012)

Applications

Event Type:	Error
Event Source:	.NET Runtime Optimization Service
Event Category:	None
Event ID:	1103
Date: 10/01/2012
Time: 23:38:34
User: N/A
Computer:	USER-5C75D7BEDB
Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

System

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 07/02/2012
Time: 15:25:13
User: N/A
Computer:	USER-5C75D7BEDB
Description:
The srv64C service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 07/02/2012
Time: 08:39:45
User: N/A
Computer:	USER-5C75D7BEDB
Description:
The srv64C service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 06/02/2012
Time: 23:19:28
User: N/A
Computer:	USER-5C75D7BEDB
Description:
The srv64C service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I hope this is what you wanted


----------



## Martin4Jay (Jan 28, 2012)

But in Applications there were lot's of warnings only the one red


----------



## flavallee (May 12, 2002)

AFTER Cookiegal is done with you, I'll give you instructions for deleting the temp file buildup. 

I just re-read your thread and we haven't done that yet. 

------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


----------



## Martin4Jay (Jan 28, 2012)

flavallee thanks I will


----------



## Martin4Jay (Jan 28, 2012)

http://download.bleepingcomputer.com/sUBs/dds.scr does not open in Chrome just get a blank webpage


----------



## Cookiegal (Aug 27, 2003)

Please try IE or Firefox.


----------



## Martin4Jay (Jan 28, 2012)

DDS.

.
DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by User at 16:56:31 on 2012-02-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.300 [GMT 0:00]
.
FW: AVG Firewall *Disabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
C:\Program Files\DigiGuide TV Guide\digiguide.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Desktop\É.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredimail.com/?a=NUYh597mIU
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = 
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
uRun: [Oregon] c:\program files\oregon scientific\weather os\Weather OS.exe --force_start_minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\user\startm~1\programs\startup\digigu~1.lnk - c:\program files\digiguide tv guide\Client.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\earthd~1.lnk - c:\program files\xericdesign\earthdesk\EarthDesk.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\metoff~1.lnk - c:\program files\met office desktop widget\Met Office Desktop Widget.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} - hxxp://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204929890000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1BD36937-2DBA-472E-9FD4-61204F47F3A2} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1	www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-1-30 51144]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-31 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-31 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-23 820344]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-3-6 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-3-6 5120]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-31 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-7 54752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-31 130008]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-3-29 598312]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-1-25 547872]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120203.002\IDSXpx86.sys [2012-2-3 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120206.035\NAVENG.SYS [2012-2-7 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120206.035\NAVEX15.SYS [2012-2-7 1576312]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2009-11-10 391688]
S1 MpKsl2dee8031;MpKsl2dee8031;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{443087eb-f2a5-4f3f-9036-9f65b1af2f39}\mpksl2dee8031.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{443087eb-f2a5-4f3f-9036-9f65b1af2f39}\MpKsl2dee8031.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 srv64C;srv64C;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 cpuz134;cpuz134;\??\c:\docume~1\user\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdate1c9d2e3ae18ab52;Google Update Service (gupdate1c9d2e3ae18ab52);c:\program files\google\update\GoogleUpdate.exe [2009-5-12 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-12 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\memeobackgroundservice.exe --> c:\program files\memeo\autobackup\MemeoBackgroundService.exe [?]
.
=============== Created Last 30 ================
.
2012-02-03 15:50:43	--------	d-----w-	c:\documents and settings\user\application data\SUPERAntiSpyware.com
2012-02-03 15:49:52	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-03 15:49:52	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-02-03 15:30:49	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-03 15:30:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-01 10:11:13	--------	d-----w-	c:\program files\Met Office Desktop Widget
2012-01-31 21:06:23	44024	----a-r-	c:\windows\system32\drivers\SymIM.sys
2012-01-31 09:00:34	331384	----a-w-	c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-01-31 09:00:33	369784	----a-w-	c:\windows\system32\drivers\n360\0502000.00d\symtdi.sys
2012-01-31 09:00:32	744568	----a-r-	c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-01-31 09:00:32	299640	----a-w-	c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-01-31 09:00:31	340088	----a-r-	c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-01-31 09:00:30	516216	----a-r-	c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-01-31 09:00:30	50168	----a-r-	c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-01-31 09:00:29	136312	----a-r-	c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-01-31 08:59:27	--------	d-----w-	c:\windows\system32\drivers\n360\0502000.00D
2012-01-30 10:22:25	51144	----a-w-	c:\windows\system32\drivers\Soluto.sys
2012-01-30 10:22:19	--------	d-----w-	c:\program files\Soluto
2012-01-28 20:45:59	388096	----a-r-	c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-28 18:07:41	--------	d-----w-	c:\documents and settings\user\application data\DriverCure
2012-01-28 18:07:40	--------	d-----w-	c:\documents and settings\user\application data\SpeedMaxPc
2012-01-28 18:07:13	--------	d-----w-	c:\documents and settings\all users\application data\SpeedMaxPc
2012-01-25 18:19:19	4790	----a-w-	c:\windows\system32\tmp.reg
2012-01-21 10:26:42	--------	d-----w-	c:\documents and settings\all users\application data\GameXN
2012-01-16 13:46:39 --------	d-----w-	c:\windows\system32\N360_BACKUP
2012-01-10 22:59:44	--------	d-----w-	c:\documents and settings\user\application data\uk.gov.meto.pws.air
2012-01-10 17:49:56	60872	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-01-10 17:49:56	126584	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-10 17:49:55	--------	d-----w-	c:\program files\Symantec
2012-01-10 17:49:55	--------	d-----w-	c:\program files\common files\Symantec Shared
2012-01-10 17:49:27	--------	d-----w-	c:\windows\system32\drivers\N360
2012-01-10 17:49:24	--------	d-----w-	c:\program files\Norton 360
2012-01-10 17:13:30	--------	d-----w-	c:\program files\NortonInstaller
2012-01-10 17:13:30	--------	d-----w-	c:\documents and settings\all users\application data\NortonInstaller
2012-01-10 17:05:11	--------	d-----w-	c:\documents and settings\all users\application data\Norton
2012-01-09 20:59:01	--------	d-----w-	c:\documents and settings\all users\application data\AVG2012
.
==================== Find3M ====================
.
2011-11-25 21:57:19	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25:32	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35:08	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21:44	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21:44	152064	----a-w-	c:\windows\system32\schannel.dll
.
============= FINISH: 16:58:14.60 ===============


----------



## Martin4Jay (Jan 28, 2012)

Attach Text

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 07/01/2011 11:47:44
System Uptime: 07/02/2012 16:20:24 (1 hours ago)
.
Motherboard: | | nVidia-nForce
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 1997/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 631.785 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP111: 29/10/2011 20:54:09 - avast! Free Antivirus Setup
RP112: 29/10/2011 21:02:22 - Software Distribution Service 3.0
RP113: 29/10/2011 21:33:14 - Software Distribution Service 3.0
RP114: 30/10/2011 15:33:30 - Software Distribution Service 3.0
RP115: 31/10/2011 21:46:23 - Software Distribution Service 3.0
RP116: 02/11/2011 09:00:41 - Software Distribution Service 3.0
RP117: 02/11/2011 17:22:31 - AVG Regisry Defrag - before defragmentation
RP118: 05/11/2011 23:30:18 - System Checkpoint
RP119: 07/11/2011 23:08:57 - System Checkpoint
RP120: 10/11/2011 09:00:57 - Software Distribution Service 3.0
RP121: 11/11/2011 09:00:26 - Software Distribution Service 3.0
RP122: 11/11/2011 16:56:19 - avast! Internet Security Setup
RP123: 11/11/2011 20:38:07 - Installed Java(TM) 6 Update 29
RP124: 13/11/2011 16:14:23 - System Checkpoint
RP125: 15/11/2011 09:08:01 - avast! Internet Security Setup
RP126: 16/11/2011 16:54:14 - System Checkpoint
RP127: 19/11/2011 23:40:19 - System Checkpoint
RP128: 21/11/2011 23:25:26 - System Checkpoint
RP129: 24/11/2011 19:18:29 - System Checkpoint
RP130: 25/11/2011 23:36:03 - System Checkpoint
RP131: 27/11/2011 16:40:04 - System Checkpoint
RP132: 01/12/2011 23:23:49 - System Checkpoint
RP133: 04/12/2011 16:35:43 - System Checkpoint
RP134: 05/12/2011 21:05:36 - System Checkpoint
RP135: 11/12/2011 15:49:40 - System Checkpoint
RP136: 12/12/2011 23:18:37 - System Checkpoint
RP137: 13/12/2011 23:39:14 - System Checkpoint
RP138: 15/12/2011 09:00:47 - Software Distribution Service 3.0
RP139: 17/12/2011 15:14:23 - System Checkpoint
RP140: 19/12/2011 20:46:20 - System Checkpoint
RP141: 21/12/2011 14:29:22 - System Checkpoint
RP142: 27/12/2011 22:19:43 - Installed Google Earth.
RP143: 27/12/2011 22:23:16 - Removed Google Earth.
RP144: 27/12/2011 22:26:17 - Installed Google Earth.
RP145: 03/01/2012 14:03:07 - System Checkpoint
RP146: 09/01/2012 20:58:26 - Installed AVG 2012
RP147: 09/01/2012 20:58:51 - Installed AVG 2012
RP148: 10/01/2012 23:04:07 - Removed AVG 2012
RP149: 10/01/2012 23:06:07 - Removed AVG 2012
RP150: 10/01/2012 23:24:44 - Software Distribution Service 3.0
RP151: 12/01/2012 09:01:07 - Software Distribution Service 3.0
RP152: 16/01/2012 14:00:37 - Norton 360 Registry Clean
RP153: 19/01/2012 09:00:42 - Software Distribution Service 3.0
RP154: 19/01/2012 21:55:27 - Removed Soluto
RP155: 19/01/2012 21:59:27 - Soluto
RP156: 21/01/2012 15:01:15 - System Checkpoint
RP157: 26/01/2012 09:01:20 - Software Distribution Service 3.0
RP158: 28/01/2012 20:45:57 - Installed HiJackThis
RP159: 01/02/2012 08:23:03 - Removed Bing Bar
RP160: 01/02/2012 08:34:40 - Removed Bluesoleil2.6.0.9 Release 070606
.
==== Installed Programs ======================
.
A4 Tech PC Camera V
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader X (10.1.1)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avery DesignPro
BBC iPlayer Desktop
Bonjour
Compatibility Pack for the 2007 Office system
Conduit Engine
Cumulus 1.9.2
DigiGuide TV Guide
EarthDesk
Easy DVD Creator 2.3.1
Epson Easy Photo Print 2
Epson Event Manager
EPSON Printer Software
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EPSON SX510W Series Printer Uninstall
EPSON Web-To-Page
EpsonNet Print
EpsonNet Setup
Facebook Video Calling 1.1.1.1
flowBubbles 2.30
GameXN GO
GOM Player
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 2.01
Greeting Card Factory Deluxe 8.0
High-Definition Video Playback
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ieSpell
ImagXpress
IncrediMail
IncrediMail 2.0
IncrediMail MediaBar 2 Toolbar
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Memeo AutoSync
Memeo Send
Memeo Share
Met Office Desktop Widget
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access database engine 2007 (English)
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WorldWide Telescope
Microsoft XML Parser
MobileMe Control Panel
MSN
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NavDesk 2008
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
neroxml
Nokia Multimedia Factory
Norton 360
NVIDIA Drivers
OpenOffice.org Installer 1.0
PaltalkScene
PC Connectivity Solution
Photo Notifier and Animation Creator
PhotoMail Maker
Picasa 3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
Safari
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Segoe UI
Sky Player
Sky Player Desktop
Skype Toolbars
Skype™ 4.2
SlingPlayer
Soluto
Spotify
Stellarium 0.11.1
SUPERAntiSpyware
SystemControl
Uninstall Entriq MediaSphere
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
VC 9.0 Runtime
Veetle TV 0.9.18
Virtual Earth 3D (Beta)
Weather OS
WebFldrs XP
WebSlingPlayer ActiveX
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Wise Disk Cleaner 5.81
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
YouTube Downloader 2.6.1
Zinio Reader
.
==== Event Viewer Messages From Past Week ========
.
31/01/2012 21:07:06, error: Service Control Manager [7034] - The KService service terminated unexpectedly. It has done this 1 time(s).
31/01/2012 08:38:02, error: Dhcp [1002] - The IP address lease 192.168.0.7 for the Network Card with network address 00E04CB19001 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
05/02/2012 14:54:17, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00E04CB19001 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
03/02/2012 23:18:40, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 00E04CB19001 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
02/02/2012 08:22:30, error: Service Control Manager [7022] - The KService service hung on starting.
01/02/2012 08:38:07, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
01/02/2012 08:07:24, error: Service Control Manager [7023] - The srv64C service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

You should have many more MS security updates installed than that. Have you been having problems with them? Is the operating system genuine?


----------



## Martin4Jay (Jan 28, 2012)

no only shutting down I will do an update


----------



## Cookiegal (Aug 27, 2003)

Let's verify the system to be sure you haven't been a victim of being sold a non-genuine operating system.

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

Also please do this:

Please download * WVCheck* and save it to your desktop.


Double click WVCheck.exe to run it. (If you downloaded the zipped version you will need to extract it first.)
As indicated by the prompt, this program can take a while depending on your hard drive space.
Once the program is done, copy the contents of the notepad file as a reply.


----------



## Martin4Jay (Jan 28, 2012)

Downloaded Microsoft update thanks

Microsoft Office Access Runtime and Data Connectivity 2007 Service Pack 3 (SP3)
Microsoft Office Compatibility Pack Service Pack 3 (SP3

Shall I see what happens now


----------



## flavallee (May 12, 2002)

Cookiegal:

They're all dated January 9, 2012 at Microsoft.

*Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)*

--------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-XXWQQ-XJ7F9-XJYFJ
Windows Product Key Hash: 8niLvA3coe3NuUfFYaOP5DTrdw8=
Windows Product ID: 76477-OEM-2160624-02919
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {F27A20D1-1BF7-46E3-BAAE-6214AF3115F0}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F27A20D1-1BF7-46E3-BAAE-6214AF3115F0}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XJYFJ</PKey><PID>76477-OEM-2160624-02919</PID><PIDType>3</PIDType><SID>S-1-5-21-1177238915-484763869-839522115</SID><SYSTEM><Manufacturer>NVIDIA</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20030808000000.000000+000</Date></BIOS><HWID>5F593B1F0184A26B</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>1C4448328351D7A</Val><Hash>L/oEqcX63shAfGajb0w4xiFv1iY=</Hash><Pid>70145-701-3548771-57534</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


----------



## Martin4Jay (Jan 28, 2012)

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1754_07-02-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3 
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2012-02-07 08:44:19
Last Success Time for Update Download: 2012-02-07 17:45:49
Last Success Time for Update Installation: 2012-01-26 09:04:59


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


-------- End of File, program close at 1758_07-02-2012 --------


----------



## Cookiegal (Aug 27, 2003)

flavallee said:


> Cookiegal:
> 
> They're all dated January 9, 2012 at Microsoft.
> 
> ...


Yup, so that indicates to me that Martin4Jay has used a registry cleaner which has deleted the uninstall strings. Not a good idea.


----------



## Cookiegal (Aug 27, 2003)

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## Martin4Jay (Jan 28, 2012)

Think that was cc cleaner but how would I get them back Cookie and thats for both of your help


----------



## Cookiegal (Aug 27, 2003)

The updates are actually still installed (I have to assume unless they were never installed in the first place) but you will never be able to uninstall them if they cause problems, which is unlikely after they've been installed a while but could happen when updates are freshly installed, on occasion. CCleaner is fine for deleting temp files, clearing caches, etc. but do NOT use the registry cleaner function. Registries don't need to be cleaned and doing so often causes more harm than good. 

If you go to C:\Windows folder there should be several files that are named KB*.log (the asterisk representing the name of the update). If those logs exist and they don't indicate any problems on installation then the updates are installed.


----------



## flavallee (May 12, 2002)

Cookiegal said:


> Yup, so that indicates to me that Martin4Jay has used a registry cleaner which has deleted the uninstall strings. Not a good idea.


Yep. *AVG PC Tuneup 2011* and *CCleaner* were discussed earlier in the thread. 

---------------------------------------------------------


----------



## Martin4Jay (Jan 28, 2012)

flavallee said:


> Yep. *AVG PC Tuneup 2011* and *CCleaner* were discussed earlier in the thread.
> 
> ---------------------------------------------------------


flavallee I had this problem when I got my computer back from the shop but I could not bother to take it back as wer e disabled and did not use AVG from 2 months ago and cc I was given advice to use. but anyway it did what it should do but could not copy anything as it decided to do a shutdown by it's self but I will be back in an hour ok thanks for the help


----------



## Martin4Jay (Jan 28, 2012)

I saw the KB but there was not there (the asterisk.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> The updates are actually still installed (I have to assume unless they were never installed in the first place) but you will never be able to uninstall them if they cause problems, which is unlikely after they've been installed a while but could happen when updates are freshly installed, on occasion. CCleaner is fine for deleting temp files, clearing caches, etc. but do NOT use the registry cleaner function. Registries don't need to be cleaned and doing so often causes more harm than good.
> 
> If you go to C:\Windows folder there should be several files that are named KB*.log (the asterisk representing the name of the update). If those logs exist and they don't indicate any problems on installation then the updates are installed.


Thank you


----------



## Cookiegal (Aug 27, 2003)

Martin4Jay said:


> I saw the KB but there was not there (the asterisk.


The asterisk only serves as a wild card. It means there will be various numbers in place of it.


----------



## Cookiegal (Aug 27, 2003)

Will you please run GMER and post the log as requested?


----------



## Martin4Jay (Jan 28, 2012)

I will do it tomorrow thanks


----------



## Cookiegal (Aug 27, 2003)

OK, that's fine.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Please download GMER from: http://gmer.net/index.php
> 
> Click on the "Download EXE" button and save the randomly named .exe file to your desktop.
> 
> ...


Cookie I did as you ask and did the scan and it decided to do a re-start on it's own soon as it finished and could not save the log.

This is what did when the computer settled afterwards.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-08 09:40:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0 Hitachi_ rev.GK8O
Running: bwpdoub2.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\awqcqfoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Download *OTS.exe * to your Desktop.
> 
> Close any open browsers.
> If your Real protection or Antivirus interferes with OTS, allow it to run.
> ...


I have to go out tonight and I volunteer in the morning, I will have a go tomorrow afternoon. 
thanks


----------



## Cookiegal (Aug 27, 2003)

That's fine. Thanks for letting me know.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> That's fine. Thanks for letting me know.


Thanks Cookie


```
OTS logfile created on: 09/02/2012 13:17:19 - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,023.00 Mb Total Physical Memory | 590.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 630.49 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Unable to calculate disk information.
 
Computer Name: USER-5C75D7BEDB
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\User\My Documents\Downloads\OTS.exe -> [2012/02/09 13:08:23 | 000,646,144 | ---- | M] (OldTimer Tools)
soluto.exe -> C:\Program Files\Soluto\Soluto.exe -> [2012/01/25 19:05:44 | 001,712,176 | ---- | M] (Soluto)
solutoservice.exe -> C:\Program Files\Soluto\SolutoService.exe -> [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2012/01/20 18:16:56 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com)
mbamservice.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation)
mbamgui.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe -> [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCore.exe -> [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
ccsvchst.exe -> C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe -> [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
nasvc.exe -> C:\Program Files\Nero\Update\NASvc.exe -> [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG)
vm305_sti.exe -> C:\WINDOWS\VM305_STI.EXE -> [2010/12/18 02:44:04 | 000,061,440 | R--- | M] (Vimicro)
earthdesk.exe -> C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe -> [2010/09/08 20:33:18 | 001,658,520 | ---- | M] (Xeric Design, Ltd.)
digiguide.exe -> C:\Program Files\DigiGuide TV Guide\DigiGuide.exe -> [2009/10/27 14:03:39 | 000,390,192 | ---- | M] ()
weather os.exe -> C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe -> [2009/10/19 22:26:48 | 000,625,152 | ---- | M] (Oregon Scientific)
slingagentservice.exe -> C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -> [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.)
eeventmanager.exe -> C:\Program Files\Epson Software\Event Manager\EEventManager.exe -> [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION)
kservice.exe -> C:\Program Files\Kontiki\KService.exe -> [2008/10/21 09:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
eebsvc.exe -> C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -> [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION)
photoshopelementsfileagent.exe -> C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -> [2005/10/03 11:04:04 | 000,102,400 | ---- | M] ()
 
[Modules - No Company Name]
sd10007.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll -> [2012/02/09 12:48:19 | 000,052,736 | ---- | M] ()
sd10006.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll -> [2012/02/09 12:48:16 | 000,063,488 | ---- | M] ()
uirepair.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL -> [2012/02/03 15:51:21 | 000,117,760 | ---- | M] ()
sd10005.dll -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll -> [2012/02/03 15:51:19 | 000,052,224 | ---- | M] ()
solutocleanup.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\b12c118d42ecfd01b085dd519f8d990f\SolutoCleanup.ni.dll -> [2012/01/30 10:25:48 | 000,684,032 | ---- | M] ()
pcgdataaggregation.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\056b88113a11ecb86dfb3db14040abbd\PCGDataAggregation.ni.dll -> [2012/01/30 10:25:42 | 000,838,656 | ---- | M] ()
pcgbootvisualizingcore.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\3ecbf0eb65b4d682ac12ea3f7ffd693d\PCGBootVisualizingCore.ni.dll -> [2012/01/30 10:25:35 | 000,333,824 | ---- | M] ()
interop.netfwtypelib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\88062dbcdba732ceb9fdd86a742fbece\Interop.NetFwTypeLib.ni.dll -> [2012/01/30 10:25:31 | 000,050,688 | ---- | M] ()
pcgcatalogitemfootprint.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\fb7b23b7748a3d1f4282060e3217159f\PCGCatalogItemFootprint.ni.dll -> [2012/01/30 10:25:28 | 000,357,888 | ---- | M] ()
pcgbrowsersprobe.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\a6b1669a35c3544aa073ae23dedbc6d6\PCGBrowsersProbe.ni.dll -> [2012/01/30 10:25:23 | 000,876,032 | ---- | M] ()
pcgsaprobe.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\98d0c87fac9b9e9b721e74e8fad1ede9\PCGSAProbe.ni.dll -> [2012/01/30 10:25:17 | 000,344,064 | ---- | M] ()
pcgcatalogitemcache.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\c0d0af7c21ad35cc47cf973cd008b54f\PCGCatalogItemCache.ni.dll -> [2012/01/30 10:25:13 | 000,111,104 | ---- | M] ()
pcgentities.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\becd9907fa5f478332e81788fefc7293\PCGEntities.ni.dll -> [2012/01/30 10:25:10 | 000,049,152 | ---- | M] ()
pcgclientcommunication.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\546b6759f077c081e155062794f11761\PCGClientCommunication.ni.dll -> [2012/01/30 10:25:05 | 000,888,320 | ---- | M] ()
solutoupdateservice.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\887a841ec0c891253f325b4e366e1397\SolutoUpdateService.ni.dll -> [2012/01/30 10:24:55 | 000,129,024 | ---- | M] ()
pcgupgrader.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\1d1f0177d82e198f746b6de2618dfc6b\PCGUpgrader.ni.dll -> [2012/01/30 10:24:51 | 000,148,480 | ---- | M] ()
solutoservice.ni.exe -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\bc32ba2cb1b060192548b70af327b187\SolutoService.ni.exe -> [2012/01/30 10:24:38 | 001,933,312 | ---- | M] ()
pcgpostbootresources.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\368fdbf54ad9b5c8f4d11c894f5f32c2\PCGPostBootResources.ni.dll -> [2012/01/30 10:24:19 | 000,645,120 | ---- | M] ()
pcghidprobe.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\b9a813abcd7991b7df7a0734e02ef1d0\PCGHIDProbe.ni.dll -> [2012/01/30 10:24:17 | 000,060,416 | ---- | M] ()
pcgrspprobe.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\eea2b0a978a3295ca20eb25dc30f9374\PCGRSPProbe.ni.dll -> [2012/01/30 10:24:14 | 000,044,032 | ---- | M] ()
community.csharpsqlite.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\f36a967ddaae73774dfb7e3df7c95013\Community.CsharpSqlite.ni.dll -> [2012/01/30 10:24:12 | 002,327,552 | ---- | M] ()
pcgwuinfo.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\7e0f151afe2970214d839f9858ed7dc9\PCGWuInfo.ni.dll -> [2012/01/30 10:24:09 | 000,202,240 | ---- | M] ()
interop.iwshruntimelibrary.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\d1b78475fd571b27e9f55dd9f2a5cb24\Interop.IWshRuntimeLibrary.ni.dll -> [2012/01/30 10:24:08 | 000,100,864 | ---- | M] ()
pcguserscenter.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\6499f0b28ea6b35fcad32488e23d5c7c\PCGUsersCenter.ni.dll -> [2012/01/30 10:24:06 | 000,067,072 | ---- | M] ()
pcgappcontrolpluginloader.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\eb259baa8992b8c2a5df3961e2a79627\PCGAppControlPluginLoader.ni.dll -> [2012/01/30 10:24:02 | 000,026,112 | ---- | M] ()
pcgclientcommon.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\265177cca77369530616f93b3601d7d1\PCGClientCommon.ni.dll -> [2012/01/30 10:24:00 | 004,109,824 | ---- | M] ()
pcgbootvisualizingcommon.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\3d25a5fa31088e8b46995f7186fd3f88\PCGBootVisualizingCommon.ni.dll -> [2012/01/30 10:23:50 | 000,197,632 | ---- | M] ()
pcgconfiguration.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\af0aaf90b80ef7c042b46f13d498e670\PCGConfiguration.ni.dll -> [2012/01/30 10:23:45 | 000,064,512 | ---- | M] ()
system.data.sqlserverce.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\f0a3fccd64c2e64230e2faccbfc9fa16\System.Data.SqlServerCe.ni.dll -> [2012/01/30 10:23:43 | 000,766,976 | ---- | M] ()
pcgdatabase.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\1e523dd10be97af2968810787a7d849b\PCGDatabase.ni.dll -> [2012/01/30 10:23:38 | 003,903,488 | ---- | M] ()
pcgazureentityframework.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\39e5b6e68e13d09edc6482a737735c74\PCGAzureEntityFramework.ni.dll -> [2012/01/30 10:23:29 | 000,047,616 | ---- | M] ()
pcgcommunication.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\b9fa16dfcdb8feb53771430fe181a298\PCGCommunication.ni.dll -> [2012/01/30 10:23:25 | 001,278,464 | ---- | M] ()
pcgdriverprobe.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\d6f4a87ffdd592a98976219eae1ea698\PCGDriverProbe.ni.dll -> [2012/01/30 10:23:20 | 000,194,560 | ---- | M] ()
pcgprecompiled.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\1773f7a2df59e5700bcd601d07cfbe84\PCGPreCompiled.ni.dll -> [2012/01/30 10:23:16 | 002,845,696 | ---- | M] ()
pcgprestoserializer.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\e3d6f62061022a21ec55601201ec6c51\PCGPrestoSerializer.ni.dll -> [2012/01/30 10:23:10 | 000,205,312 | ---- | M] ()
ionic.zip.reduced.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\8f5a0356dff1279ff87d91738f01da95\Ionic.Zip.Reduced.ni.dll -> [2012/01/30 10:23:07 | 000,596,480 | ---- | M] ()
newtonsoft.json.net35.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\06a6f0f39875ca13b294b0a6f043044a\Newtonsoft.Json.Net35.ni.dll -> [2012/01/30 10:23:05 | 001,554,432 | ---- | M] ()
pcgframework.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\3b942a2f4ff7719860111b70659e3fb3\PCGFramework.ni.dll -> [2012/01/30 10:22:57 | 002,652,672 | ---- | M] ()
soluto.ni.exe -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\4f4fe40ecad4abfa57c88680eeb2204f\Soluto.ni.exe -> [2012/01/30 10:22:50 | 001,999,360 | ---- | M] ()
pcgdllexportinspector.dll -> C:\Program Files\Soluto\PCGDllExportInspector.dll -> [2012/01/25 18:57:02 | 000,071,216 | ---- | M] ()
skgamesupdate.dll -> C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\53F537B72987463CB06D78F5541A3239\skGamesUpdate.dll -> [2012/01/21 10:26:46 | 000,022,400 | ---- | M] ()
system.data.dll -> C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll -> [2012/01/10 23:30:42 | 002,933,248 | ---- | M] ()
system.enterpriseservices.wrapper.dll -> C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll -> [2012/01/10 23:30:33 | 000,113,664 | ---- | M] ()
system.transactions.dll -> C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll -> [2012/01/10 23:30:30 | 000,261,632 | ---- | M] ()
system.data.linq.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\a4d9528595a7ed58d4e6308c791dbb43\System.Data.Linq.ni.dll -> [2011/10/13 16:09:44 | 002,526,720 | ---- | M] ()
smdiagnostics.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll -> [2011/10/13 16:09:36 | 000,256,000 | ---- | M] ()
system.runtime.serialization.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll -> [2011/10/13 16:09:35 | 002,345,472 | ---- | M] ()
system.xml.linq.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\df623b1abbd114e6586bf3b148c7d5e9\System.Xml.Linq.ni.dll -> [2011/10/13 16:09:30 | 000,420,864 | ---- | M] ()
system.core.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll -> [2011/10/13 16:09:15 | 002,295,296 | ---- | M] ()
system.serviceprocess.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll -> [2011/10/13 16:04:59 | 000,212,992 | ---- | M] ()
system.enterpriseservices.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll -> [2011/10/13 16:03:10 | 000,627,712 | ---- | M] ()
system.enterpriseservices.wrapper.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll -> [2011/10/13 16:03:10 | 000,280,064 | ---- | M] ()
system.transactions.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll -> [2011/10/13 16:03:01 | 000,627,200 | ---- | M] ()
system.configuration.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll -> [2011/10/13 15:59:49 | 000,971,264 | ---- | M] ()
system.xml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll -> [2011/10/13 14:20:35 | 005,450,752 | ---- | M] ()
system.windows.forms.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll -> [2011/10/13 14:20:04 | 012,430,848 | ---- | M] ()
system.drawing.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll -> [2011/10/13 14:19:27 | 001,587,200 | ---- | M] ()
system.data.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll -> [2011/10/13 14:18:15 | 006,616,576 | ---- | M] ()
system.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll -> [2011/10/13 14:09:51 | 007,950,848 | ---- | M] ()
mscorlib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll -> [2011/10/13 14:08:55 | 011,490,816 | ---- | M] ()
system.componentmodel.dataannotations.dll -> C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll -> [2010/12/18 02:29:23 | 000,057,344 | ---- | M] ()
ssleay32.dll -> C:\Program Files\DigiGuide TV Guide\ssleay32.dll -> [2010/02/20 11:46:27 | 000,159,744 | ---- | M] ()
libeay32.dll -> C:\Program Files\DigiGuide TV Guide\libeay32.dll -> [2010/02/20 11:45:41 | 000,872,448 | ---- | M] ()
libeay32.dll -> C:\Program Files\XericDesign\EarthDesk\libeay32.dll -> [2009/11/18 17:58:36 | 000,843,776 | ---- | M] ()
network.dll -> C:\Program Files\DigiGuide TV Guide\Network.dll -> [2009/10/27 14:03:41 | 000,312,832 | ---- | M] ()
js32.dll -> C:\Program Files\DigiGuide TV Guide\js32.dll -> [2009/10/27 14:03:40 | 000,713,216 | ---- | M] ()
digiguide.exe -> C:\Program Files\DigiGuide TV Guide\DigiGuide.exe -> [2009/10/27 14:03:39 | 000,390,192 | ---- | M] ()
scanengine.dll -> C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll -> [2008/12/22 09:50:28 | 000,135,168 | ---- | M] ()
satwain.dll -> C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll -> [2008/11/21 13:58:42 | 000,057,344 | ---- | M] ()
usb.dll -> C:\Program Files\Oregon Scientific\Weather OS\USB.dll -> [2008/04/16 23:59:10 | 000,032,768 | ---- | M] ()
msdmo.dll -> C:\WINDOWS\system32\msdmo.dll -> [2008/04/14 04:42:00 | 000,014,336 | ---- | M] ()
devenum.dll -> C:\WINDOWS\system32\devenum.dll -> [2008/04/14 04:41:52 | 000,059,904 | ---- | M] ()
photoshopelementsfileagent.exe -> C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -> [2005/10/03 11:04:04 | 000,102,400 | ---- | M] ()
 
[Win32 Services - Safe List]
(srv64C) srv64C [Auto | Stopped] ->  -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] ->  -> File not found
(SolutoService) Soluto PCGenome Core Service [Auto | Running] -> C:\Program Files\Soluto\SolutoService.exe -> [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(SeagateDashboardService) Seagate Dashboard Service [On_Demand | Stopped] -> C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2011/06/01 16:42:28 | 000,014,088 | ---- | M] (Memeo)
(N360) Norton 360 [Unknown | Running] -> C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -> [2011/04/17 00:45:11 | 000,130,008 | R--- | M] (Symantec Corporation)
(NAUpdate) @C:\Program Files\Nero\Update\NASvc.exe,-200 [Auto | Running] -> C:\Program Files\Nero\Update\NASvc.exe -> [2011/03/29 14:33:08 | 000,598,312 | ---- | M] (Nero AG)
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia)
(SlingAgentService) SlingAgentService [Auto | Running] -> C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -> [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.)
(KService) KService [Auto | Running] -> C:\Program Files\Kontiki\KService.exe -> [2008/10/21 09:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.)
(EPSON_EB_RPCV4_01) EPSON V5 Service4(01) [On_Demand | Stopped] -> C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -> [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION)
(EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [On_Demand | Stopped] -> C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)
(EpsonBidirectionalService) EpsonBidirectionalService [Auto | Running] -> C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -> [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION)
(AdobeActiveFileMonitor4.0) Adobe Active File Monitor V4 [Auto | Running] -> C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -> [2005/10/03 11:04:04 | 000,102,400 | ---- | M] ()
 
[Driver Services - Safe List]
(cpuz135) cpuz135 [Kernel | On_Demand | Running] ->  -> File not found
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2012/02/04 08:29:04 | 000,374,392 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2012/02/04 08:29:04 | 000,106,104 | ---- | M] (Symantec Corporation)
(Soluto) Soluto [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Soluto.sys -> [2012/01/25 18:56:46 | 000,051,144 | ---- | M] (Soluto LTD.)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2012/01/10 17:49:55 | 000,126,584 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120207.033\NAVEX15.SYS -> [2012/01/09 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120207.033\NAVENG.SYS -> [2012/01/09 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation)
(BHDrvx86) BHDrvx86 [Kernel | System | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -> [2011/12/23 22:17:32 | 000,820,344 | ---- | M] (Symantec Corporation)
(IDSxpx86) IDSxpx86 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120208.002\IDSXpx86.sys -> [2011/12/15 23:33:22 | 000,356,280 | ---- | M] (Symantec Corporation)
(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mbam.sys -> [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS -> [2011/04/21 01:37:49 | 000,369,784 | ---- | M] (Symantec Corporation)
(SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SymIM.sys -> [2011/03/31 03:04:12 | 000,044,024 | R--- | M] (Symantec Corporation)
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SymIM.sys -> [2011/03/31 03:04:12 | 000,044,024 | R--- | M] (Symantec Corporation)
(SRTSP) Symantec Real Time Storage Protection [File_System | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS -> [2011/03/31 03:00:09 | 000,516,216 | R--- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS -> [2011/03/31 03:00:09 | 000,050,168 | R--- | M] (Symantec Corporation)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS -> [2011/03/15 02:31:23 | 000,744,568 | R--- | M] (Symantec Corporation)
(SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS -> [2011/01/27 06:47:10 | 000,340,088 | R--- | M] (Symantec Corporation)
(SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS -> [2011/01/27 05:07:05 | 000,136,312 | R--- | M] (Symantec Corporation)
(fssfltr) fssfltr [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -> [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pccsmcfd.sys -> [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/14 04:51:44 | 000,010,624 | ---- | M] (Microsoft Corporation)
(ManyCam) ManyCam Virtual Webcam, WDM Video Capture Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ManyCam.sys -> [2008/01/14 10:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdralw2k.sys -> [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions)
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdr4_xp.sys -> [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions)
(ZSMC0305) A4 TECH PC Camera V [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\usbVM305.sys -> [2006/05/08 02:24:24 | 000,391,688 | R--- | M] (Vimicro Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2006/05/03 16:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.)
(BIOS) BIOS [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\BIOS.sys -> [2005/03/16 06:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group)
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvapu.sys -> [2004/10/22 03:41:46 | 000,413,824 | R--- | M] (NVIDIA Corporation)
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvax.sys -> [2004/10/22 03:38:28 | 000,053,376 | R--- | M] (NVIDIA Corporation)
(BS_I2cIo) BS_I2cIo [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\BS_I2cIo.sys -> [2004/02/23 14:56:30 | 000,005,120 | ---- | M] (BIOSTAR Group)
(NVENET) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENET.sys -> [2004/01/28 17:45:50 | 000,093,764 | R--- | M] (NVIDIA Corporation)
(ms_mpu401) Microsoft MPU-401 MIDI UART Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\msmpu401.sys -> [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" ->  -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"Secondary Start Pages" -> http://www.facebook.com/login.php [binary data] -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://mystart.incredimail.com/?a=NUYh597mIU -> 
HKEY_CURRENT_USER\: Main\\"Start Page Restore" -> http://www.facebook.com/ -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> 
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2011/09/09 14:28:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN\] -> [2012/02/01 08:07:03 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_5_2] -> [2012/02/09 12:46:36 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\User\Application Data\Mozilla\Extensions -> [2010/01/29 09:32:47 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/01/29 09:32:47 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} -> [2008/05/18 19:15:47 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\User\Application Data\Mozilla\Firefox\extensions -> [2012/02/01 08:19:54 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/12/16 08:04:55 | 000,427,647 | R--- | M] - 14772 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/09/05 17:04:56 | 000,064,928 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2011/09/09 14:28:09 | 000,414,416 | ---- | M] (RealPlayer)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll [Symantec NCO BHO] -> [2011/12/09 01:44:14 | 000,436,152 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll [Symantec Intrusion Prevention] -> [2011/03/31 03:01:20 | 000,210,872 | R--- | M] (Symantec Corporation)
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} [HKLM] -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [Easy Photo Print] -> [2010/06/18 23:22:21 | 000,266,240 | ---- | M] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype add-on for Internet Explorer] -> [2010/02/08 12:28:14 | 000,804,136 | ---- | M] (Skype Technologies S.A.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [Google Toolbar Notifier BHO] -> [2012/01/12 21:51:42 | 001,003,576 | ---- | M] (Google Inc.)
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2010/12/18 00:53:11 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll [Norton Toolbar] -> [2011/12/09 01:44:14 | 000,436,152 | R--- | M] (Symantec Corporation)
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}" [HKLM] -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [Easy Photo Print] -> [2010/06/18 23:22:21 | 000,266,240 | ---- | M] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2010/12/18 00:53:11 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
"10" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{043C5167-00BB-4324-AF7E-62013FAEDACF}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll [Norton Toolbar] -> [2011/12/09 01:44:14 | 000,436,152 | R--- | M] (Symantec Corporation)
WebBrowser\\"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2010/12/18 00:53:11 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"BigDog305" -> C:\WINDOWS\VM305_STI.EXE [C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)] -> [2010/12/18 02:44:04 | 000,061,440 | R--- | M] (Vimicro)
"EEventManager" -> C:\Program Files\Epson Software\Event Manager\EEventManager.exe [C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe] -> [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION)
"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation)
"Seagate Dashboard" -> C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui] -> [2011/06/01 16:42:28 | 000,079,112 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Oregon" -> C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe [C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized] -> [2009/10/19 22:26:48 | 000,625,152 | ---- | M] (Oregon Scientific)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2012/01/20 18:16:56 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< User Startup Folder > -> C:\Documents and Settings\User\Start Menu\Programs\Startup -> 
C:\Documents and Settings\User\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk -> C:\Program Files\DigiGuide TV Guide\Client.exe -> [2009/10/27 14:03:39 | 000,570,416 | ---- | M] (GipsyMedia Limited)
C:\Documents and Settings\User\Start Menu\Programs\Startup\EarthDesk.lnk -> C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe -> [2010/09/08 20:33:18 | 001,658,520 | ---- | M] (Xeric Design, Ltd.)
C:\Documents and Settings\User\Start Menu\Programs\Startup\Met Office Desktop Widget.lnk -> C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe -> [2012/02/01 10:10:57 | 000,142,336 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&ieSpell Options -> C:\Program Files\ieSpell\iespell.dll [res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM] -> [2010/01/22 16:59:00 | 000,304,640 | ---- | M] (Red Egg Software)
Check &Spelling -> C:\Program Files\ieSpell\iespell.dll [res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM] -> [2010/01/22 16:59:00 | 000,304,640 | ---- | M] (Red Egg Software)
Lookup on Merriam Webster -> C:\Program Files\ieSpell\Merriam Webster.HTM [file://C:\Program Files\ieSpell\Merriam Webster.HTM] -> [2006/10/31 13:51:36 | 000,000,912 | ---- | M] ()
Lookup on Wikipedia -> C:\Program Files\ieSpell\wikipedia.HTM [file://C:\Program Files\ieSpell\wikipedia.HTM] -> [2006/10/30 14:31:14 | 000,000,912 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Button: ieSpell] -> [2010/01/22 16:59:00 | 000,304,640 | ---- | M] (Red Egg Software)
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell] -> [2010/01/22 16:59:00 | 000,304,640 | ---- | M] (Red Egg Software)
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}:res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell Options] -> [2010/01/22 16:59:00 | 000,304,640 | ---- | M] (Red Egg Software)
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}:Exec [HKLM] -> C:\Program Files\Paltalk Messenger\paltalk.exe [Button: PalTalk] -> [2008/11/14 20:28:59 | 011,376,640 | ---- | M] (AVM Software Inc.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype add-on for Internet Explorer] -> [2010/02/08 12:28:14 | 000,804,136 | ---- | M] (Skype Technologies S.A.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype add-on for Internet Explorer] -> [2010/02/08 12:28:14 | 000,804,136 | ---- | M] (Skype Technologies S.A.)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}" [HKLM] ->  [ieSpell] -> File not found
CmdMapping\\"{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}" [HKLM] ->  [ieSpell Options] -> File not found
CmdMapping\\"{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}" [HKLM] -> C:\Program Files\Paltalk Messenger\paltalk.exe [PalTalk] -> [2008/11/14 20:28:59 | 011,376,640 | ---- | M] (AVM Software Inc.)
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7557 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7556 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} [HKLM] -> http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab [SentinelVE3D Class] -> 
{3BB1D69B-A780-4BE1-876E-F3D488877135} [HKLM] -> http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab [SentinelProxy Class] -> 
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} [HKLM] -> http://dl.tvunetworks.com/TVUAx.cab [CTVUAxCtrl Object] -> 
{5CB430A9-CAAC-4C91-AF61-6D410EEE1221} [HKLM] -> http://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab [Sony SNC-P5 Control] -> 
{680285A8-96D3-43DA-9D3D-51DD987D0B77} [HKLM] -> http://www.nero.com/doc/NeroVersionCheckerControl.cab [NeroVersionCheckerControl Control] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204929890000 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
{B80CD4E6-5B02-4B6C-99BE-68F1511E9549} [HKLM] -> http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab [WebSlingPlayer] -> 
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29} [HKLM] -> http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1BD36937-2DBA-472E-9FD4-61204F47F3A2}\\DhcpNameServer -> 192.168.0.1   (NVIDIA nForce Networking Controller) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation)
C:\Program Files\Soluto\soluto.exe /userinit -> C:\Program Files\Soluto\soluto.exe -> [2012/01/25 19:05:44 | 001,712,176 | ---- | M] (Soluto)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2011/05/04 17:54:14 | 000,551,296 | ---- | M] (SUPERAntiSpyware.com)
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2006/05/03 16:44:54 | 000,061,440 | ---- | M] (ATI Technologies Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/19 00:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\User\Application Data\Spotify\spotify.exe" -> C:\Documents and Settings\User\Application Data\Spotify\spotify.exe [C:\Documents and Settings\User\Application Data\Spotify\spotify.exe:*:Enabled:Spotify] -> [2012/01/01 18:17:14 | 004,016,816 | ---- | M] (Spotify Ltd)
"C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" -> C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe [C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin] -> [2012/01/24 00:09:44 | 003,124,040 | ---- | M] (Skype Limited)
"C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" -> C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe [C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin] -> [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google)
"C:\Documents and Settings\User\My Documents\Downloads\solutoinstaller (1).exe" -> C:\Documents and Settings\User\My Documents\Downloads\solutoinstaller (1).exe [C:\Documents and Settings\User\My Documents\Downloads\solutoinstaller (1).exe:*:Enabled:SolutoInstaller] -> [2011/05/28 12:10:56 | 001,227,824 | ---- | M] (Soluto Inc)
"C:\Documents and Settings\User\My Documents\Downloads\solutoinstaller-f1Y0HjDd7s.exe" -> C:\Documents and Settings\User\My Documents\Downloads\solutoinstaller-f1Y0HjDd7s.exe [C:\Documents and Settings\User\My Documents\Downloads\solutoinstaller-f1Y0HjDd7s.exe:*:Enabled:SolutoInstaller] -> [2012/01/19 21:58:32 | 001,578,544 | ---- | M] (Soluto Inc)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" ->  [C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer] -> File not found
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" -> C:\Program Files\Epson Software\Event Manager\EEventManager.exe [C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application] -> [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION)
"C:\Program Files\IncrediMail\bin\ImApp.exe" -> C:\Program Files\IncrediMail\bin\ImApp.exe [C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail] -> [2011/11/16 08:49:31 | 000,263,624 | ---- | M] (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImLc.exe" -> C:\Program Files\IncrediMail\bin\ImLc.exe [C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail] -> [2011/11/16 08:49:31 | 000,308,680 | ---- | M] (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" -> C:\Program Files\IncrediMail\bin\ImpCnt.exe [C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail] -> [2011/11/16 08:49:31 | 000,112,072 | ---- | M] (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" -> C:\Program Files\IncrediMail\bin\IncMail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail] -> [2011/11/16 08:49:31 | 000,366,024 | ---- | M] (IncrediMail, Ltd.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" ->  [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> File not found
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Kontiki\KService.exe" -> C:\Program Files\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> [2008/10/21 09:26:10 | 003,068,352 | ---- | M] (Kontiki Inc.)
"C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" -> C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe [C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*:Enabled:SeagateHipServAgent] -> [2011/06/01 16:16:54 | 002,260,992 | ---- | M] (Axentra Corporation)
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" -> C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe [C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer] -> [2009/09/25 13:15:32 | 003,041,032 | ---- | M] (Sling Media Inc.)
"C:\Program Files\Soluto\Soluto.exe" -> C:\Program Files\Soluto\Soluto.exe [C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray] -> [2012/01/25 19:05:44 | 001,712,176 | ---- | M] (Soluto)
"C:\Program Files\Soluto\SolutoConsole.exe" -> C:\Program Files\Soluto\SolutoConsole.exe [C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console] -> [2012/01/25 19:05:44 | 005,344,800 | ---- | M] (Soluto)
"C:\Program Files\Soluto\SolutoService.exe" -> C:\Program Files\Soluto\SolutoService.exe [C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service] -> [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto)
"C:\Program Files\Soluto\SolutoUpdateService.exe" -> C:\Program Files\Soluto\SolutoUpdateService.exe [C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service] -> [2012/01/25 19:05:44 | 000,135,712 | ---- | M] (Soluto)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/03/06 16:25:25 | 000,000,050 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{99fa027a-174c-11df-a916-00e04cb19001}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99fa027a-174c-11df-a916-00e04cb19001}\Shell
\{99fa027a-174c-11df-a916-00e04cb19001}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99fa027a-174c-11df-a916-00e04cb19001}\Shell\AutoRun
\{99fa027a-174c-11df-a916-00e04cb19001}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99fa027a-174c-11df-a916-00e04cb19001}\Shell\AutoRun\command
\{99fa027a-174c-11df-a916-00e04cb19001}\Shell\AutoRun\command\\"" ->  [F:\DPFMate.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MailWasherPro.lnk ->  -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk ->  -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SystemControl.lnk -> C:\Program Files\SystemControl\SystemControl\SystemControl.exe -> [2004/11/05 17:33:52 | 002,949,120 | ---- | M] (BIOSTAR MICROTECH INT'L CORP.)
C:^Documents and Settings^User^Start Menu^Programs^Startup^MailWasherPro.lnk ->  -> File not found
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2011/03/30 17:29:02 | 000,937,920 | ---- | M] (Adobe Systems Incorporated)
Adobe Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe -> [2010/12/18 00:17:29 | 000,057,344 | ---- | M] (Adobe Systems Incorporated)
AVG_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
BigDog305 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\VM305_STI.EXE -> [2010/12/18 02:44:04 | 000,061,440 | R--- | M] (Vimicro)
ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
DATAMNGR hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Epson Stylus SX510W(Network) hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Facebook Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe -> [2011/09/03 12:37:25 | 000,137,536 | ---- | M] (Facebook Inc.)
five Media Manager Tray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe -> [2010/12/18 00:53:09 | 000,368,640 | ---- | M] (Entriq, Inc.)
Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2009/01/17 17:15:08 | 000,133,104 | ---- | M] (Google Inc.)
IncrediMail hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\IncrediMail\bin\IncMail.exe -> [2011/11/16 08:49:31 | 000,366,024 | ---- | M] (IncrediMail, Ltd.)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2010/11/11 00:40:24 | 000,421,160 | ---- | M] (Apple Inc.)
kdx hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Kontiki\KHost.exe -> [2008/10/21 09:26:10 | 001,032,640 | ---- | M] (Kontiki Inc.)
ManyCam hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Memeo AutoSync hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe -> [2010/04/16 21:43:12 | 000,144,608 | ---- | M] (Memeo Inc.)
Memeo Send hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe -> [2010/07/20 18:18:14 | 000,236,816 | ---- | M] ()
MsnMsgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2010/04/16 21:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation)
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/11/29 17:38:18 | 000,421,888 | ---- | M] (Apple Inc.)
ReminderApp hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe -> [2009/10/20 09:35:52 | 000,144,672 | ---- | M] ()
SearchSettings hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
SmartDefrag hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
Spotify hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\User\Application Data\Spotify\Spotify.exe -> [2012/01/01 18:17:14 | 004,016,816 | ---- | M] (Spotify Ltd)
SpybotSD TeaTimer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2011/06/09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.)
swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/03/03 16:07:36 | 000,068,856 | ---- | M] (Google Inc.)
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\program files\real\realplayer\update\realsched.exe -> [2011/09/09 14:27:36 | 000,273,528 | ---- | M] (RealNetworks, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.divxa32" -> C:\WINDOWS\System32\msaud32_divx.acm [msaud32_divx.acm] -> [2003/02/03 06:01:02 | 000,186,368 | ---- | M] (Microsoft Corporation)
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/14 04:42:44 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 14:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/14 04:40:52 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 12:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/14 04:42:10 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010/06/17 14:03:00 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 12:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 12:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/14 04:42:44 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/14 04:41:56 | 000,755,200 | ---- | M] (Intel Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
srv64C ->  -> File not found
6to4 ->  -> File not found
AppMgmt ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
!SASCORE -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
AppMgmt ->  -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
SolutoService -> C:\Program Files\Soluto\SolutoService.exe -> [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto)
srv64C ->  -> File not found
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 10/01/2012 19:38:34 Computer Name = USER-5C75D7BEDB | Source = .NET Runtime Optimization Service | ID = 1103 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown 
System [ Error ] 07/02/2012 11:25:13 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
System [ Error ] 07/02/2012 12:22:29 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
System [ Error ] 07/02/2012 15:23:56 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
System [ Error ] 08/02/2012 04:09:03 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
System [ Error ] 08/02/2012 04:54:20 Computer Name = USER-5C75D7BEDB | Source = viamraid | ID = 262153 -> Description = The device, \Device\Scsi\viamraid1, did not respond within the timeout period.
System [ Error ] 08/02/2012 05:27:04 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
System [ Error ] 08/02/2012 08:55:05 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
System [ Error ] 08/02/2012 12:50:58 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
System [ Error ] 09/02/2012 04:20:37 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
System [ Error ] 09/02/2012 08:47:23 Computer Name = USER-5C75D7BEDB | Source = Service Control Manager | ID = 7023 -> Description = The srv64C service terminated with the following error:   %%126
 
[Files/Folders - Created Within 30 Days]
 Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage -> [2012/02/07 17:53:12 | 000,000,000 | ---D | C]
 dds.scr -> C:\Documents and Settings\User\Desktop\dds.scr -> [2012/02/07 17:01:44 | 000,607,260 | R--- | C] (Swearware)
 É.pif -> C:\Documents and Settings\User\Desktop\É.pif -> [2012/02/07 16:54:13 | 000,607,017 | R--- | C] (Swearware)
 SUPERAntiSpyware.com -> C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com -> [2012/02/03 15:50:43 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Documents and Settings\User\Start Menu\Programs\SUPERAntiSpyware -> [2012/02/03 15:49:56 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2012/02/03 15:49:52 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2012/02/03 15:49:52 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/02/03 15:30:51 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2012/02/03 15:30:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2012/02/03 15:30:49 | 000,000,000 | ---D | C]
 Met Office Desktop Widget -> C:\Program Files\Met Office Desktop Widget -> [2012/02/01 10:11:13 | 000,000,000 | ---D | C]
 SymIM.sys -> C:\WINDOWS\System32\drivers\SymIM.sys -> [2012/01/31 21:06:23 | 000,044,024 | R--- | C] (Symantec Corporation)
 symtdiv.sys -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symtdiv.sys -> [2012/01/31 09:00:34 | 000,331,384 | ---- | C] (Symantec Corporation)
 symtdi.sys -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symtdi.sys -> [2012/01/31 09:00:33 | 000,369,784 | ---- | C] (Symantec Corporation)
 symefa.sys -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symefa.sys -> [2012/01/31 09:00:32 | 000,744,568 | R--- | C] (Symantec Corporation)
 symnets.sys -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symnets.sys -> [2012/01/31 09:00:32 | 000,299,640 | ---- | C] (Symantec Corporation)
 symds.sys -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symds.sys -> [2012/01/31 09:00:31 | 000,340,088 | R--- | C] (Symantec Corporation)
 srtsp.sys -> C:\WINDOWS\System32\drivers\N360\0502000.00D\srtsp.sys -> [2012/01/31 09:00:30 | 000,516,216 | R--- | C] (Symantec Corporation)
 srtspx.sys -> C:\WINDOWS\System32\drivers\N360\0502000.00D\srtspx.sys -> [2012/01/31 09:00:30 | 000,050,168 | R--- | C] (Symantec Corporation)
 ironx86.sys -> C:\WINDOWS\System32\drivers\N360\0502000.00D\ironx86.sys -> [2012/01/31 09:00:29 | 000,136,312 | R--- | C] (Symantec Corporation)
 0502000.00D -> C:\WINDOWS\System32\drivers\N360\0502000.00D -> [2012/01/31 08:59:27 | 000,000,000 | ---D | C]
 Soluto.sys -> C:\WINDOWS\System32\drivers\Soluto.sys -> [2012/01/30 10:22:25 | 000,051,144 | ---- | C] (Soluto LTD.)
 Soluto -> C:\Program Files\Soluto -> [2012/01/30 10:22:19 | 000,000,000 | ---D | C]
 Soluto -> C:\Documents and Settings\All Users\Start Menu\Programs\Soluto -> [2012/01/30 10:22:19 | 000,000,000 | ---D | C]
 HiJackThis -> C:\Documents and Settings\User\Start Menu\Programs\HiJackThis -> [2012/01/28 20:45:58 | 000,000,000 | ---D | C]
 DriverCure -> C:\Documents and Settings\User\Application Data\DriverCure -> [2012/01/28 18:07:41 | 000,000,000 | ---D | C]
 SpeedMaxPc -> C:\Documents and Settings\User\Application Data\SpeedMaxPc -> [2012/01/28 18:07:40 | 000,000,000 | ---D | C]
 SpeedMaxPc -> C:\Documents and Settings\All Users\Application Data\SpeedMaxPc -> [2012/01/28 18:07:13 | 000,000,000 | ---D | C]
 GameXN -> C:\Documents and Settings\All Users\Application Data\GameXN -> [2012/01/21 10:26:42 | 000,000,000 | ---D | C]
 Seagate Dashboard -> C:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard -> [2012/01/17 20:57:57 | 000,000,000 | ---D | C]
 FW__TBC_Important_Members_meeting_Saturday_14_Junary_6.30pm -> C:\Documents and Settings\User\Desktop\FW__TBC_Important_Members_meeting_Saturday_14_Junary_6.30pm -> [2012/01/17 08:56:38 | 000,000,000 | ---D | C]
 Friday_Carer_Group_Jan_till_June_2012 -> C:\Documents and Settings\User\Desktop\Friday_Carer_Group_Jan_till_June_2012 -> [2012/01/17 08:54:40 | 000,000,000 | ---D | C]
 N360_BACKUP -> C:\WINDOWS\System32\N360_BACKUP -> [2012/01/16 13:46:39 | 000,000,000 | ---D | C]
 uk.gov.meto.pws.air -> C:\Documents and Settings\User\Application Data\uk.gov.meto.pws.air -> [2012/01/10 22:59:44 | 000,000,000 | ---D | C]
 Symantec -> C:\Documents and Settings\User\My Documents\Symantec -> [2012/01/10 17:53:21 | 000,000,000 | ---D | C]
 SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2012/01/10 17:49:56 | 000,126,584 | ---- | C] (Symantec Corporation)
 S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2012/01/10 17:49:56 | 000,060,872 | ---- | C] (Symantec Corporation)
 Symantec Shared -> C:\Program Files\Common Files\Symantec Shared -> [2012/01/10 17:49:55 | 000,000,000 | ---D | C]
 Symantec -> C:\Program Files\Symantec -> [2012/01/10 17:49:55 | 000,000,000 | ---D | C]
 N360 -> C:\WINDOWS\System32\drivers\N360 -> [2012/01/10 17:49:27 | 000,000,000 | ---D | C]
 Windows Sidebar -> C:\Program Files\Windows Sidebar -> [2012/01/10 17:49:24 | 000,000,000 | ---D | C]
 Norton 360 -> C:\Program Files\Norton 360 -> [2012/01/10 17:49:24 | 000,000,000 | ---D | C]
 Norton 360 -> C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360 -> [2012/01/10 17:49:24 | 000,000,000 | ---D | C]
 NortonInstaller -> C:\Program Files\NortonInstaller -> [2012/01/10 17:13:30 | 000,000,000 | ---D | C]
 NortonInstaller -> C:\Documents and Settings\All Users\Application Data\NortonInstaller -> [2012/01/10 17:13:30 | 000,000,000 | ---D | C]
 Norton -> C:\Documents and Settings\User\Start Menu\Programs\Norton -> [2012/01/10 17:05:12 | 000,000,000 | ---D | C]
 Norton -> C:\Documents and Settings\All Users\Documents\Norton -> [2012/01/10 17:05:11 | 000,000,000 | ---D | C]
 Norton -> C:\Documents and Settings\All Users\Application Data\Norton -> [2012/01/10 17:05:11 | 000,000,000 | ---D | C]
 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 User_Feed_Synchronization-{A43C8D48-871D-40B2-B899-E4CD30373D4F}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{A43C8D48-871D-40B2-B899-E4CD30373D4F}.job -> [2012/02/09 13:37:26 | 000,000,420 | -H-- | M] ()
 Shortcut to OTS.exe.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to OTS.exe.lnk -> [2012/02/09 13:08:54 | 000,000,871 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004UA.job -> [2012/02/09 12:59:03 | 000,000,974 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/02/09 12:55:02 | 000,000,886 | ---- | M] ()
 Met Office Desktop Widget.lnk -> C:\Documents and Settings\User\Start Menu\Programs\Startup\Met Office Desktop Widget.lnk -> [2012/02/09 12:49:32 | 000,000,812 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/02/09 12:48:01 | 000,000,882 | ---- | M] ()
 RealUpgradeLogonTaskS-1-5-21-1177238915-484763869-839522115-1004.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-484763869-839522115-1004.job -> [2012/02/09 12:46:48 | 000,000,276 | ---- | M] ()
 azxqosl.job -> C:\WINDOWS\tasks\azxqosl.job -> [2012/02/09 12:45:48 | 000,000,312 | -HS- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/02/09 12:45:44 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/02/09 12:45:41 | 1073,262,592 | -HS- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004Core.job -> [2012/02/09 08:59:02 | 000,000,922 | ---- | M] ()
 FacebookUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004UA.job -> C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004UA.job -> [2012/02/08 16:42:02 | 000,000,994 | ---- | M] ()
 FacebookUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004Core.job -> C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004Core.job -> [2012/02/08 13:42:01 | 000,000,972 | ---- | M] ()
 Cyber-Bullying-blog-title.png -> C:\Documents and Settings\User\Desktop\Cyber-Bullying-blog-title.png -> [2012/02/08 13:24:17 | 000,170,502 | ---- | M] ()
 MEMORY.DMP -> C:\WINDOWS\MEMORY.DMP -> [2012/02/08 09:25:35 | 1073,295,360 | ---- | M] ()
 Epson Printer Software Downloader.job -> C:\WINDOWS\tasks\Epson Printer Software Downloader.job -> [2012/02/07 21:31:04 | 000,000,238 | ---- | M] ()
 Shortcut to bwpdoub2.exe.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to bwpdoub2.exe.lnk -> [2012/02/07 18:18:28 | 000,000,902 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/02/07 17:53:16 | 000,012,598 | ---- | M] ()
 Shortcut to WVCheck.exe.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to WVCheck.exe.lnk -> [2012/02/07 17:52:18 | 000,000,895 | ---- | M] ()
 Shortcut to MGADiag.exe.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to MGADiag.exe.lnk -> [2012/02/07 17:51:23 | 000,000,895 | ---- | M] ()
 Shortcut to 403302_290192857707576_138763606183836_829587_130784844_n.jpg.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to 403302_290192857707576_138763606183836_829587_130784844_n.jpg.lnk -> [2012/02/07 17:31:00 | 000,001,147 | ---- | M] ()
 RealUpgradeScheduledTaskS-1-5-21-1177238915-484763869-839522115-1004.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-484763869-839522115-1004.job -> [2012/02/07 17:02:04 | 000,000,284 | ---- | M] ()
 dds.scr -> C:\Documents and Settings\User\Desktop\dds.scr -> [2012/02/07 17:01:46 | 000,607,260 | R--- | M] (Swearware)
 É.pif -> C:\Documents and Settings\User\Desktop\É.pif -> [2012/02/07 16:54:13 | 000,607,017 | R--- | M] (Swearware)
 boot.ini -> C:\boot.ini -> [2012/02/07 16:27:57 | 000,000,211 | -HS- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2012/02/06 15:48:15 | 000,000,284 | ---- | M] ()
 HiJackThis.lnk -> C:\Documents and Settings\User\Desktop\HiJackThis.lnk -> [2012/02/05 15:01:45 | 000,002,445 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/02/03 16:45:58 | 000,000,784 | ---- | M] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\User\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2012/02/03 15:49:57 | 000,001,678 | ---- | M] ()
 Met Office Desktop Widget.lnk -> C:\Documents and Settings\All Users\Desktop\Met Office Desktop Widget.lnk -> [2012/02/01 10:11:15 | 000,000,800 | ---- | M] ()
 0 -> C:\WINDOWS\0 -> [2012/02/01 08:38:06 | 000,000,032 | ---- | M] ()
 Spirtaul online passwords Document.rtf -> C:\Documents and Settings\User\Desktop\Spirtaul online passwords Document.rtf -> [2012/01/31 22:19:34 | 000,010,539 | ---- | M] ()
 Norton 360.LNK -> C:\Documents and Settings\All Users\Desktop\Norton 360.LNK -> [2012/01/31 21:03:19 | 000,001,900 | ---- | M] ()
 Cat.DB -> C:\WINDOWS\System32\drivers\N360\0502000.00D\Cat.DB -> [2012/01/31 21:02:09 | 000,606,244 | ---- | M] ()
 {230FBFC8-8E24-42EC-B569-80DFA2D09DBD} -> C:\{230FBFC8-8E24-42EC-B569-80DFA2D09DBD} -> [2012/01/28 20:04:02 | 000,000,272 | ---- | M] ()
 {15E8D9A5-D645-4A64-ADD8-20468BB63AFC} -> C:\{15E8D9A5-D645-4A64-ADD8-20468BB63AFC} -> [2012/01/28 19:48:03 | 000,000,272 | ---- | M] ()
 {3EA10FBA-D459-438B-9E0E-A3734BDCD216} -> C:\{3EA10FBA-D459-438B-9E0E-A3734BDCD216} -> [2012/01/28 19:35:28 | 000,000,280 | ---- | M] ()
 {A8CECC30-598F-49BF-8F82-4B69937BA10C} -> C:\{A8CECC30-598F-49BF-8F82-4B69937BA10C} -> [2012/01/28 19:32:17 | 000,000,272 | ---- | M] ()
 {9A5A1CF7-26D2-4D72-ACF1-B6830993DE37} -> C:\{9A5A1CF7-26D2-4D72-ACF1-B6830993DE37} -> [2012/01/28 19:17:21 | 000,009,480 | ---- | M] ()
 {9BF4ED24-39D5-4353-8978-47B89197BB0D} -> C:\{9BF4ED24-39D5-4353-8978-47B89197BB0D} -> [2012/01/28 19:17:21 | 000,000,272 | ---- | M] ()
 {52E15747-1EED-432B-B234-5A97F7E6AF38} -> C:\{52E15747-1EED-432B-B234-5A97F7E6AF38} -> [2012/01/28 19:11:45 | 000,001,384 | ---- | M] ()
 {82FEEEF8-7412-451F-856E-5243AFCEBEC4} -> C:\{82FEEEF8-7412-451F-856E-5243AFCEBEC4} -> [2012/01/28 19:07:11 | 000,014,344 | ---- | M] ()
 {15EEADC7-C7FF-49A1-A040-28F829FA7DD0} -> C:\{15EEADC7-C7FF-49A1-A040-28F829FA7DD0} -> [2012/01/28 19:07:11 | 000,000,280 | ---- | M] ()
 {648BC635-833C-403F-A1B0-FC89846BDAF3} -> C:\{648BC635-833C-403F-A1B0-FC89846BDAF3} -> [2012/01/28 19:02:11 | 000,014,344 | ---- | M] ()
 {F0DD04C1-04F4-4842-9D7C-69186A721467} -> C:\{F0DD04C1-04F4-4842-9D7C-69186A721467} -> [2012/01/28 19:02:11 | 000,000,272 | ---- | M] ()
 {8D2D5FAA-D2E9-4C71-A1CE-D794C7C1C162} -> C:\{8D2D5FAA-D2E9-4C71-A1CE-D794C7C1C162} -> [2012/01/28 18:56:27 | 000,014,344 | ---- | M] ()
 {CE0275C7-53FE-42DA-B8C7-A102EC1196BF} -> C:\{CE0275C7-53FE-42DA-B8C7-A102EC1196BF} -> [2012/01/28 18:50:46 | 000,010,024 | ---- | M] ()
 {0CD8A799-2079-49CB-BEF1-B43C7ECB68E8} -> C:\{0CD8A799-2079-49CB-BEF1-B43C7ECB68E8} -> [2012/01/28 18:50:46 | 000,000,280 | ---- | M] ()
 {AD72EC0A-D7A3-4950-B326-662815C17A8B} -> C:\{AD72EC0A-D7A3-4950-B326-662815C17A8B} -> [2012/01/28 18:44:57 | 000,000,272 | ---- | M] ()
 isolate.ini -> C:\WINDOWS\System32\drivers\N360\0502000.00D\isolate.ini -> [2012/01/28 05:27:32 | 000,000,172 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2012/01/26 08:59:42 | 000,002,255 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\User\Desktop\Google Chrome.lnk -> [2012/01/26 08:59:40 | 000,002,277 | ---- | M] ()
 Soluto.sys -> C:\WINDOWS\System32\drivers\Soluto.sys -> [2012/01/25 18:56:46 | 000,051,144 | ---- | M] (Soluto LTD.)
 tmp.reg -> C:\WINDOWS\System32\tmp.reg -> [2012/01/25 18:25:54 | 000,004,790 | ---- | M] ()
 Play games (GameXN).lnk -> C:\Documents and Settings\User\Desktop\Play games (GameXN).lnk -> [2012/01/21 10:27:13 | 000,001,792 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2012/01/21 08:54:17 | 000,059,392 | ---- | M] ()
 .lck -> C:\WINDOWS\System32\.lck -> [2012/01/19 21:46:53 | 000,003,520 | ---- | M] ()
 .rsp -> C:\WINDOWS\System32\.rsp -> [2012/01/19 21:46:52 | 000,004,124 | ---- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2012/01/17 16:58:05 | 000,000,664 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/01/16 17:50:38 | 000,375,264 | ---- | M] ()
 Stellarium.lnk -> C:\Documents and Settings\All Users\Desktop\Stellarium.lnk -> [2012/01/13 19:00:33 | 000,001,590 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/01/12 09:09:41 | 000,001,374 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2012/01/10 23:30:53 | 000,769,746 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2012/01/10 23:30:53 | 000,169,540 | ---- | M] ()
 SYMEVENT.SYS -> C:\WINDOWS\System32\drivers\SYMEVENT.SYS -> [2012/01/10 17:49:55 | 000,126,584 | ---- | M] (Symantec Corporation)
 S32EVNT1.DLL -> C:\WINDOWS\System32\S32EVNT1.DLL -> [2012/01/10 17:49:55 | 000,060,872 | ---- | M] (Symantec Corporation)
 SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2012/01/10 17:49:55 | 000,007,468 | ---- | M] ()
 SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2012/01/10 17:49:55 | 000,000,806 | ---- | M] ()
 Norton Installation Files.lnk -> C:\Documents and Settings\User\Desktop\Norton Installation Files.lnk -> [2012/01/10 17:05:12 | 000,000,770 | ---- | M] ()
 8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp -> 
 1 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp -> 
 
[Files - No Company Name]
 Shortcut to OTS.exe.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to OTS.exe.lnk -> [2012/02/09 13:08:54 | 000,000,871 | ---- | C] ()
 Cyber-Bullying-blog-title.png -> C:\Documents and Settings\User\Desktop\Cyber-Bullying-blog-title.png -> [2012/02/08 13:24:31 | 000,170,502 | ---- | C] ()
 Shortcut to bwpdoub2.exe.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to bwpdoub2.exe.lnk -> [2012/02/07 18:18:28 | 000,000,902 | ---- | C] ()
 Shortcut to WVCheck.exe.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to WVCheck.exe.lnk -> [2012/02/07 17:52:18 | 000,000,895 | ---- | C] ()
 Shortcut to MGADiag.exe.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to MGADiag.exe.lnk -> [2012/02/07 17:51:23 | 000,000,895 | ---- | C] ()
 Shortcut to 403302_290192857707576_138763606183836_829587_130784844_n.jpg.lnk -> C:\Documents and Settings\User\Desktop\Shortcut to 403302_290192857707576_138763606183836_829587_130784844_n.jpg.lnk -> [2012/02/07 17:31:00 | 000,001,147 | ---- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\User\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2012/02/03 15:49:57 | 000,001,678 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/02/03 15:30:52 | 000,000,784 | ---- | C] ()
 Cat.DB -> C:\WINDOWS\System32\drivers\N360\0502000.00D\Cat.DB -> [2012/01/31 21:01:45 | 000,606,244 | ---- | C] ()
 symnetv.cat -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symnetv.cat -> [2012/01/31 09:00:33 | 000,007,877 | ---- | C] ()
 symnetv.inf -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symnetv.inf -> [2012/01/31 09:00:33 | 000,001,473 | ---- | C] ()
 symnet.cat -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symnet.cat -> [2012/01/31 09:00:32 | 000,007,458 | ---- | C] ()
 symnet.inf -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symnet.inf -> [2012/01/31 09:00:32 | 000,001,445 | ---- | C] ()
 symefa.cat -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symefa.cat -> [2012/01/31 09:00:31 | 000,007,456 | R--- | C] ()
 symefa.inf -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symefa.inf -> [2012/01/31 09:00:31 | 000,003,373 | R--- | C] ()
 symds.inf -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symds.inf -> [2012/01/31 09:00:31 | 000,002,792 | R--- | C] ()
 srtspx.cat -> C:\WINDOWS\System32\drivers\N360\0502000.00D\srtspx.cat -> [2012/01/31 09:00:30 | 000,007,454 | R--- | C] ()
 srtsp.cat -> C:\WINDOWS\System32\drivers\N360\0502000.00D\srtsp.cat -> [2012/01/31 09:00:30 | 000,007,450 | R--- | C] ()
 srtspx.inf -> C:\WINDOWS\System32\drivers\N360\0502000.00D\srtspx.inf -> [2012/01/31 09:00:30 | 000,001,389 | R--- | C] ()
 srtsp.inf -> C:\WINDOWS\System32\drivers\N360\0502000.00D\srtsp.inf -> [2012/01/31 09:00:30 | 000,001,383 | R--- | C] ()
 iron.cat -> C:\WINDOWS\System32\drivers\N360\0502000.00D\iron.cat -> [2012/01/31 09:00:29 | 000,007,528 | R--- | C] ()
 iron.inf -> C:\WINDOWS\System32\drivers\N360\0502000.00D\iron.inf -> [2012/01/31 09:00:29 | 000,000,742 | R--- | C] ()
 symds.cat -> C:\WINDOWS\System32\drivers\N360\0502000.00D\symds.cat -> [2012/01/31 08:59:31 | 000,000,000 | ---- | C] ()
 isolate.ini -> C:\WINDOWS\System32\drivers\N360\0502000.00D\isolate.ini -> [2012/01/31 08:59:27 | 000,000,172 | ---- | C] ()
 HiJackThis.lnk -> C:\Documents and Settings\User\Desktop\HiJackThis.lnk -> [2012/01/28 20:45:58 | 000,002,445 | ---- | C] ()
 {230FBFC8-8E24-42EC-B569-80DFA2D09DBD} -> C:\{230FBFC8-8E24-42EC-B569-80DFA2D09DBD} -> [2012/01/28 20:04:02 | 000,000,272 | ---- | C] ()
 {15E8D9A5-D645-4A64-ADD8-20468BB63AFC} -> C:\{15E8D9A5-D645-4A64-ADD8-20468BB63AFC} -> [2012/01/28 19:48:03 | 000,000,272 | ---- | C] ()
 {3EA10FBA-D459-438B-9E0E-A3734BDCD216} -> C:\{3EA10FBA-D459-438B-9E0E-A3734BDCD216} -> [2012/01/28 19:35:27 | 000,000,280 | ---- | C] ()
 {A8CECC30-598F-49BF-8F82-4B69937BA10C} -> C:\{A8CECC30-598F-49BF-8F82-4B69937BA10C} -> [2012/01/28 19:32:17 | 000,000,272 | ---- | C] ()
 {9A5A1CF7-26D2-4D72-ACF1-B6830993DE37} -> C:\{9A5A1CF7-26D2-4D72-ACF1-B6830993DE37} -> [2012/01/28 19:17:21 | 000,009,480 | ---- | C] ()
 {9BF4ED24-39D5-4353-8978-47B89197BB0D} -> C:\{9BF4ED24-39D5-4353-8978-47B89197BB0D} -> [2012/01/28 19:17:21 | 000,000,272 | ---- | C] ()
 {52E15747-1EED-432B-B234-5A97F7E6AF38} -> C:\{52E15747-1EED-432B-B234-5A97F7E6AF38} -> [2012/01/28 19:11:45 | 000,001,384 | ---- | C] ()
 {82FEEEF8-7412-451F-856E-5243AFCEBEC4} -> C:\{82FEEEF8-7412-451F-856E-5243AFCEBEC4} -> [2012/01/28 19:07:11 | 000,014,344 | ---- | C] ()
 {15EEADC7-C7FF-49A1-A040-28F829FA7DD0} -> C:\{15EEADC7-C7FF-49A1-A040-28F829FA7DD0} -> [2012/01/28 19:07:11 | 000,000,280 | ---- | C] ()
 {648BC635-833C-403F-A1B0-FC89846BDAF3} -> C:\{648BC635-833C-403F-A1B0-FC89846BDAF3} -> [2012/01/28 19:02:10 | 000,014,344 | ---- | C] ()
 {F0DD04C1-04F4-4842-9D7C-69186A721467} -> C:\{F0DD04C1-04F4-4842-9D7C-69186A721467} -> [2012/01/28 19:02:10 | 000,000,272 | ---- | C] ()
 {8D2D5FAA-D2E9-4C71-A1CE-D794C7C1C162} -> C:\{8D2D5FAA-D2E9-4C71-A1CE-D794C7C1C162} -> [2012/01/28 18:56:27 | 000,014,344 | ---- | C] ()
 {CE0275C7-53FE-42DA-B8C7-A102EC1196BF} -> C:\{CE0275C7-53FE-42DA-B8C7-A102EC1196BF} -> [2012/01/28 18:50:45 | 000,010,024 | ---- | C] ()
 {0CD8A799-2079-49CB-BEF1-B43C7ECB68E8} -> C:\{0CD8A799-2079-49CB-BEF1-B43C7ECB68E8} -> [2012/01/28 18:50:45 | 000,000,280 | ---- | C] ()
 {AD72EC0A-D7A3-4950-B326-662815C17A8B} -> C:\{AD72EC0A-D7A3-4950-B326-662815C17A8B} -> [2012/01/28 18:44:57 | 000,000,272 | ---- | C] ()
 tmp.reg -> C:\WINDOWS\System32\tmp.reg -> [2012/01/25 18:19:19 | 000,004,790 | ---- | C] ()
 P1000388.JPG -> C:\Documents and Settings\User\Desktop\P1000388.JPG -> [2012/01/25 15:35:01 | 002,427,644 | ---- | C] ()
 FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2012/01/21 18:43:02 | 000,219,512 | ---- | C] ()
 Play games (GameXN).lnk -> C:\Documents and Settings\User\Start Menu\Programs\Play games (GameXN).lnk -> [2012/01/21 10:27:13 | 000,001,798 | ---- | C] ()
 Play games (GameXN).lnk -> C:\Documents and Settings\User\Desktop\Play games (GameXN).lnk -> [2012/01/21 10:27:12 | 000,001,792 | ---- | C] ()
 Stellarium.lnk -> C:\Documents and Settings\All Users\Desktop\Stellarium.lnk -> [2012/01/13 19:00:33 | 000,001,590 | ---- | C] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/01/12 09:02:27 | 000,001,374 | ---- | C] ()
 SYMEVENT.CAT -> C:\WINDOWS\System32\drivers\SYMEVENT.CAT -> [2012/01/10 17:49:56 | 000,007,468 | ---- | C] ()
 SYMEVENT.INF -> C:\WINDOWS\System32\drivers\SYMEVENT.INF -> [2012/01/10 17:49:56 | 000,000,806 | ---- | C] ()
 Norton 360.LNK -> C:\Documents and Settings\All Users\Desktop\Norton 360.LNK -> [2012/01/10 17:49:49 | 000,001,900 | ---- | C] ()
 Norton Installation Files.lnk -> C:\Documents and Settings\User\Desktop\Norton Installation Files.lnk -> [2012/01/10 17:05:12 | 000,000,770 | ---- | C] ()
 mlfcache.dat -> C:\WINDOWS\System32\mlfcache.dat -> [2011/05/30 07:47:24 | 000,082,404 | -H-- | C] ()
 reimage.ini -> C:\WINDOWS\reimage.ini -> [2011/05/11 08:25:49 | 000,000,286 | ---- | C] ()
 d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2011/02/22 17:43:37 | 000,000,552 | ---- | C] ()
 Microsoft.SqlServer.Compact.351.32.bc -> C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc -> [2011/02/01 12:48:31 | 000,000,193 | ---- | C] ()
 WPFFontCache_v0400-S-1-5-21-1177238915-484763869-839522115-1004-0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-484763869-839522115-1004-0.dat -> [2011/02/01 09:21:53 | 001,023,728 | ---- | C] ()
 WPFFontCache_v0400-System.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat -> [2011/02/01 08:35:27 | 000,336,486 | ---- | C] ()
 EEventManager.INI -> C:\WINDOWS\EEventManager.INI -> [2010/11/01 21:27:21 | 000,000,000 | ---- | C] ()
 ftm31.dat -> C:\WINDOWS\System32\ftm31.dat -> [2010/08/04 09:35:01 | 000,000,090 | ---- | C] ()
 drprofile.dat -> C:\WINDOWS\drprofile.dat -> [2010/06/11 20:51:33 | 000,000,049 | ---- | C] ()
 WebpageIcons.db -> C:\Documents and Settings\User\Local Settings\Application Data\WebpageIcons.db -> [2010/03/10 11:20:18 | 000,017,408 | ---- | C] ()
 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2010/01/29 09:32:31 | 000,000,000 | ---- | C] ()
 VMInstNT.exe -> C:\WINDOWS\VMInstNT.exe -> [2009/11/10 21:01:13 | 000,073,728 | ---- | C] ()
 VM303UninstNT.exe -> C:\WINDOWS\VM303UninstNT.exe -> [2009/11/10 21:01:13 | 000,040,960 | ---- | C] ()
 VMPipe.dll -> C:\WINDOWS\VMPipe.dll -> [2009/11/10 21:01:13 | 000,024,576 | R--- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/08/03 15:07:43 | 000,000,664 | ---- | C] ()
 ati2sgag.exe -> C:\WINDOWS\System32\ati2sgag.exe -> [2009/07/20 16:04:28 | 000,520,192 | ---- | C] ()
 QTW.INI -> C:\WINDOWS\QTW.INI -> [2009/06/08 14:41:12 | 000,000,344 | ---- | C] ()
 downloads.m3u -> C:\Documents and Settings\User\Application Data\downloads.m3u -> [2009/05/16 19:21:09 | 000,000,000 | ---- | C] ()
 bdagent.INI -> C:\WINDOWS\bdagent.INI -> [2009/02/15 23:57:14 | 000,000,121 | ---- | C] ()
 bdod.bin -> C:\WINDOWS\System32\bdod.bin -> [2009/02/15 17:47:47 | 000,081,984 | ---- | C] ()
 zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [2009/02/10 18:32:19 | 000,004,212 | -H-- | C] ()
 ringtonemaker.INI -> C:\WINDOWS\ringtonemaker.INI -> [2009/02/08 14:58:08 | 000,000,000 | ---- | C] ()
 magix.ini -> C:\WINDOWS\magix.ini -> [2009/02/08 14:50:55 | 000,000,024 | ---- | C] ()
 mgxoschk.ini -> C:\WINDOWS\mgxoschk.ini -> [2009/02/08 14:50:53 | 000,000,999 | ---- | C] ()
 wnaspi32.dll -> C:\WINDOWS\System32\wnaspi32.dll -> [2009/02/03 16:48:06 | 000,013,840 | ---- | C] ()
 libmplayer.dll -> C:\WINDOWS\System32\libmplayer.dll -> [2009/01/19 21:50:53 | 000,395,776 | ---- | C] ()
 TomsMoComp_ff.dll -> C:\WINDOWS\System32\TomsMoComp_ff.dll -> [2009/01/19 21:50:53 | 000,262,144 | ---- | C] ()
 libmpeg2_ff.dll -> C:\WINDOWS\System32\libmpeg2_ff.dll -> [2009/01/19 21:50:53 | 000,112,640 | ---- | C] ()
 Easy DVD Creator.INI -> C:\WINDOWS\Easy DVD Creator.INI -> [2009/01/07 12:05:06 | 000,000,067 | ---- | C] ()
 default.rss -> C:\Documents and Settings\User\Application Data\default.rss -> [2009/01/04 21:22:41 | 000,000,136 | ---- | C] ()
 Irremote.ini -> C:\WINDOWS\Irremote.ini -> [2008/12/05 21:05:42 | 000,000,039 | ---- | C] ()
 StarMsgPrivateSettings.ini -> C:\WINDOWS\System32\StarMsgPrivateSettings.ini -> [2008/11/21 21:09:50 | 000,000,260 | ---- | C] ()
 UNWISE.EXE -> C:\WINDOWS\System32\UNWISE.EXE -> [2008/11/21 21:09:45 | 000,109,056 | ---- | C] ()
 RKHit.sys -> C:\WINDOWS\System32\drivers\RKHit.sys -> [2008/11/02 22:56:31 | 000,030,080 | ---- | C] ()
 ezsidmv.dat -> C:\WINDOWS\System32\ezsidmv.dat -> [2008/09/28 19:51:08 | 000,000,056 | -H-- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2008/05/28 09:24:40 | 000,000,164 | ---- | C] ()
 mozver.dat -> C:\WINDOWS\mozver.dat -> [2008/05/28 09:11:36 | 000,002,301 | ---- | C] ()
 SonySNCP5.ini -> C:\WINDOWS\SonySNCP5.ini -> [2008/05/14 22:21:52 | 000,000,027 | ---- | C] ()
 SNVerifyDLL.dll -> C:\WINDOWS\SNVerifyDLL.dll -> [2008/04/23 07:18:01 | 000,028,672 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2008/04/14 05:42:04 | 000,363,520 | ---- | C] ()
 Dcache.bin -> C:\WINDOWS\System32\Dcache.bin -> [2008/04/14 04:55:28 | 000,001,804 | ---- | C] ()
 ezsid.dat -> C:\Documents and Settings\All Users\Application Data\ezsid.dat -> [2008/03/10 18:42:53 | 000,000,032 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008/03/08 16:58:51 | 000,000,376 | ---- | C] ()
 EPPICPrinterDB.dat -> C:\WINDOWS\System32\EPPICPrinterDB.dat -> [2008/03/08 15:10:52 | 000,111,932 | ---- | C] ()
 EPPICPattern131.dat -> C:\WINDOWS\System32\EPPICPattern131.dat -> [2008/03/08 15:10:52 | 000,031,053 | ---- | C] ()
 EPPICPattern121.dat -> C:\WINDOWS\System32\EPPICPattern121.dat -> [2008/03/08 15:10:52 | 000,027,417 | ---- | C] ()
 EPPICPattern1.dat -> C:\WINDOWS\System32\EPPICPattern1.dat -> [2008/03/08 15:10:52 | 000,026,154 | ---- | C] ()
 EPPICPattern3.dat -> C:\WINDOWS\System32\EPPICPattern3.dat -> [2008/03/08 15:10:52 | 000,024,903 | ---- | C] ()
 EPPICPattern5.dat -> C:\WINDOWS\System32\EPPICPattern5.dat -> [2008/03/08 15:10:52 | 000,021,390 | ---- | C] ()
 EPPICPattern2.dat -> C:\WINDOWS\System32\EPPICPattern2.dat -> [2008/03/08 15:10:52 | 000,020,148 | ---- | C] ()
 EPPICPattern4.dat -> C:\WINDOWS\System32\EPPICPattern4.dat -> [2008/03/08 15:10:52 | 000,011,811 | ---- | C] ()
 EPPICPattern6.dat -> C:\WINDOWS\System32\EPPICPattern6.dat -> [2008/03/08 15:10:52 | 000,004,943 | ---- | C] ()
 EPPICPresetData_DU.dat -> C:\WINDOWS\System32\EPPICPresetData_DU.dat -> [2008/03/08 15:10:52 | 000,001,146 | ---- | C] ()
 EPPICPresetData_PT.dat -> C:\WINDOWS\System32\EPPICPresetData_PT.dat -> [2008/03/08 15:10:52 | 000,001,139 | ---- | C] ()
 EPPICPresetData_BP.dat -> C:\WINDOWS\System32\EPPICPresetData_BP.dat -> [2008/03/08 15:10:52 | 000,001,139 | ---- | C] ()
 EPPICPresetData_ES.dat -> C:\WINDOWS\System32\EPPICPresetData_ES.dat -> [2008/03/08 15:10:52 | 000,001,136 | ---- | C] ()
 EPPICPresetData_FR.dat -> C:\WINDOWS\System32\EPPICPresetData_FR.dat -> [2008/03/08 15:10:52 | 000,001,129 | ---- | C] ()
 EPPICPresetData_CF.dat -> C:\WINDOWS\System32\EPPICPresetData_CF.dat -> [2008/03/08 15:10:52 | 000,001,129 | ---- | C] ()
 EPPICPresetData_IT.dat -> C:\WINDOWS\System32\EPPICPresetData_IT.dat -> [2008/03/08 15:10:52 | 000,001,120 | ---- | C] ()
 EPPICPresetData_GE.dat -> C:\WINDOWS\System32\EPPICPresetData_GE.dat -> [2008/03/08 15:10:52 | 000,001,107 | ---- | C] ()
 EPPICPresetData_EN.dat -> C:\WINDOWS\System32\EPPICPresetData_EN.dat -> [2008/03/08 15:10:52 | 000,001,104 | ---- | C] ()
 PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2008/03/08 15:10:52 | 000,000,097 | ---- | C] ()
 unins000.exe -> C:\WINDOWS\unins000.exe -> [2008/03/08 08:54:38 | 000,680,729 | ---- | C] ()
 unins000.dat -> C:\WINDOWS\unins000.dat -> [2008/03/08 08:54:38 | 000,001,953 | ---- | C] ()
 cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2008/03/08 08:53:05 | 000,000,357 | ---- | C] ()
 JAPI2.DLL -> C:\WINDOWS\JAPI2.DLL -> [2008/03/06 17:25:13 | 000,172,032 | ---- | C] ()
 JAPI.DLL -> C:\WINDOWS\JAPI.DLL -> [2008/03/06 17:25:13 | 000,106,496 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/03/06 16:55:20 | 000,059,392 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/03/06 16:50:19 | 000,000,116 | ---- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2008/03/06 13:30:52 | 000,002,048 | --S- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2008/03/06 13:25:05 | 000,022,720 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2008/03/06 13:08:01 | 000,004,161 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2008/03/06 13:06:45 | 000,375,264 | ---- | C] ()
 libcurl.dll -> C:\WINDOWS\System32\libcurl.dll -> [2008/03/04 17:52:34 | 000,286,720 | ---- | C] ()
 zlib1.dll -> C:\WINDOWS\System32\zlib1.dll -> [2007/10/31 08:39:54 | 000,059,904 | ---- | C] ()
 libexpatw.dll -> C:\WINDOWS\System32\libexpatw.dll -> [2007/05/17 12:58:10 | 000,143,360 | ---- | C] ()
 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2006/12/31 06:57:08 | 000,004,569 | ---- | C] ()
 atiicdxx.dat -> C:\WINDOWS\System32\atiicdxx.dat -> [2006/04/28 20:05:14 | 000,127,614 | ---- | C] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2006/02/28 12:00:00 | 000,769,746 | ---- | C] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2006/02/28 12:00:00 | 000,169,540 | ---- | C] ()
 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2006/02/28 12:00:00 | 000,000,741 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat -> [2006/01/26 22:56:28 | 000,000,127 | ---- | C] ()
 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2004/08/04 12:00:00 | 013,107,200 | ---- | C] ()
 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/04 12:00:00 | 000,673,088 | ---- | C] ()
 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/04 12:00:00 | 000,272,128 | ---- | C] ()
 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/04 12:00:00 | 000,218,003 | ---- | C] ()
 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/04 12:00:00 | 000,046,258 | ---- | C] ()
 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/04 12:00:00 | 000,028,626 | ---- | C] ()
 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2004/08/04 12:00:00 | 000,004,461 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF4CC16B
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679ABA25
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >
```


----------



## Martin4Jay (Jan 28, 2012)

I will be out playing bowls till 9.30pm uk time so if I have time I will look in or pop in tomorrow afternoon. Thanks Cookie


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "10" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{043C5167-00BB-4324-AF7E-62013FAEDACF}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\AVG\AVG2012\avgmfapx.exe" -> [C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer]
YN -> "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" -> [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MailWasherPro.lnk -> 
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk -> 
YN -> C:^Documents and Settings^User^Start Menu^Programs^Startup^MailWasherPro.lnk -> 
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> AVG_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> DATAMNGR hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> Epson Stylus SX510W(Network) hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> ManyCam hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> SearchSettings hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> SmartDefrag hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> SpybotSD TeaTimer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> 
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs
YN -> srv64C -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> 
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
YN -> srv64C -> 
[Files/Folders - Created Within 30 Days]
NY ->  8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  azxqosl.job -> C:\WINDOWS\tasks\azxqosl.job
NY ->  tmp.reg -> C:\WINDOWS\System32\tmp.reg
NY ->  8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp
NY ->  1 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp
[Files - No Company Name]
NY ->  tmp.reg -> C:\WINDOWS\System32\tmp.reg
NY ->  RKHit.sys -> C:\WINDOWS\System32\drivers\RKHit.sys
[Alternate Data Streams]
NY -> @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
NY -> @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
NY -> @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
NY -> @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
NY -> @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
NY -> @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF4CC16B
NY -> @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679ABA25
NY -> @Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## Cookiegal (Aug 27, 2003)

Also, is this a folder you created?

C:\WINDOWS\0

If not, can you tell me what files it contains?


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.
> 
> The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.
> 
> ...


I tried this cookie, but it keeps making the computer crashed and I have to switch the computer off to start start it.


----------



## Martin4Jay (Jan 28, 2012)

C:\WINDOWS\0


Adobe Air Application Installer

Adobe Photoshop Elements 4.0 

Adobe Reader

DesignPro

Digiguide

GOM Player

Google Chrome

Greeting Card Factory

Incredible Application

Internet Explorer

Internet Explorer 

ITunes

Megix Viewer

Microsoft office excel

Microsoft Office Picture Manager

Microsoft PowerPoint

Micosoft word

Nero Burning Rom

Nero MediaHob

Nokia Multimedia Factory

NotePad

Paint

Picasa photo viewer

PowerDVD

Quick time player

Realplayer

Windows Live photo gallery

Windows Live photo gallery

Windows Media 

Windows Picture and fax viewer

Wordpad

Zinio Reader


----------



## Cookiegal (Aug 27, 2003)

Did you create that folder? Is that when you download programs?


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.
> 
> The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.
> 
> ...


I tried this, but it kept crashing the computer Cookie


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Did you create that folder? Is that when you download programs?


No! I wrote everyone on here


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\WINDOWS\0\Internet Explorer /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Please download *SystemLook* from one of the links below and save it to your Desktop.
> *Download Mirror #1
> Download Mirror #2*
> Double-click *SystemLook.exe* to run it.
> ...


Tell me Script Required


----------



## Cookiegal (Aug 27, 2003)

It was in my previous instructions. Everything in the code box is the script.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> It was in my previous instructions. Everything in the code box is the script.


Not sure why but it want allow me


----------



## Martin4Jay (Jan 28, 2012)

it's a system error


----------



## Cookiegal (Aug 27, 2003)

What is the exact error please.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> What is the exact error please.


Script Required


----------



## Cookiegal (Aug 27, 2003)

That means you didn't enter the script. You have to copy the text in the code box into SystemLook before clicking on "Look".


----------



## Martin4Jay (Jan 28, 2012)

It's not allowing me to paste this in :dir
C:\WINDOWS\0\Internet Explorer /s 

I press look and it come up with an error :-(


----------



## Cookiegal (Aug 27, 2003)

Try this one then:


```
:dir
C:\WINDOWS\0\Paint
```


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Try this one then:
> 
> 
> ```
> ...


SystemLook 30.07.11 by jpshortstuff
Log created at 21:28 on 11/02/2012 by User
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\0\Paint - Unable to find folder.

-= EOF =-


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Please download *SystemLook* from one of the links below and save it to your Desktop.
> *Download Mirror #1
> Download Mirror #2*
> Double-click *SystemLook.exe* to run it.
> ...


Sorry when I closed the error it allowed me to paste it SystemLook 30.07.11 by jpshortstuff
Log created at 21:29 on 11/02/2012 by User
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\0\Internet Explorer - Unable to find folder.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Well we'll have to do this manually then.

You said this folder exists:

C:\WINDOWS\0\Internet Explorer

Please click on Internet Explorer to open it and let me know what files it contains or if it's just an empty folder.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Well we'll have to do this manually then.
> 
> You said this folder exists:
> 
> ...


The first on looks like a house have an error with short cut"

"the target of this internet shortcut is not valid go to internet shortcut property sheet and make sure the target is correct"

The other on is explorer opened with a web page with c Response Result 
Result code = 0


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.
> 
> The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.
> 
> ...


Thank you Cookie I am going to bed I will try in the morning thanks


----------



## Cookiegal (Aug 27, 2003)

That's fine. Also, as an FYI, it's not necessary to quote my post in your replies.


----------



## Martin4Jay (Jan 28, 2012)

ComboFix 12-02-11.03 - User 12/02/2012 11:31:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.348 [GMT 0:00]
Running from: c:\documents and settings\User\My Documents\Downloads\puppy.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\User\Application Data\PriceGong
c:\documents and settings\User\Application Data\PriceGong\Data\1.txt
c:\documents and settings\User\Application Data\PriceGong\Data\2255.txt
c:\documents and settings\User\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\User\Application Data\PriceGong\Data\450.txt
c:\documents and settings\User\Application Data\PriceGong\Data\7639.txt
c:\documents and settings\User\Application Data\PriceGong\Data\a.txt
c:\documents and settings\User\Application Data\PriceGong\Data\b.txt
c:\documents and settings\User\Application Data\PriceGong\Data\c.txt
c:\documents and settings\User\Application Data\PriceGong\Data\d.txt
c:\documents and settings\User\Application Data\PriceGong\Data\e.txt
c:\documents and settings\User\Application Data\PriceGong\Data\f.txt
c:\documents and settings\User\Application Data\PriceGong\Data\g.txt
c:\documents and settings\User\Application Data\PriceGong\Data\h.txt
c:\documents and settings\User\Application Data\PriceGong\Data\i.txt
c:\documents and settings\User\Application Data\PriceGong\Data\j.txt
c:\documents and settings\User\Application Data\PriceGong\Data\k.txt
c:\documents and settings\User\Application Data\PriceGong\Data\l.txt
c:\documents and settings\User\Application Data\PriceGong\Data\m.txt
c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\User\Application Data\PriceGong\Data\n.txt
c:\documents and settings\User\Application Data\PriceGong\Data\o.txt
c:\documents and settings\User\Application Data\PriceGong\Data\p.txt
c:\documents and settings\User\Application Data\PriceGong\Data\q.txt
c:\documents and settings\User\Application Data\PriceGong\Data\r.txt
c:\documents and settings\User\Application Data\PriceGong\Data\s.txt
c:\documents and settings\User\Application Data\PriceGong\Data\t.txt
c:\documents and settings\User\Application Data\PriceGong\Data\u.txt
c:\documents and settings\User\Application Data\PriceGong\Data\v.txt
c:\documents and settings\User\Application Data\PriceGong\Data\w.txt
c:\documents and settings\User\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\User\Application Data\PriceGong\Data\x.txt
c:\documents and settings\User\Application Data\PriceGong\Data\y.txt
c:\documents and settings\User\Application Data\PriceGong\Data\z.txt
c:\documents and settings\User\Local Settings\Application Data\assembly\tmp
c:\documents and settings\User\Start Menu\Internet Explorer.lnk
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\system
c:\windows\system32\tmp.reg
c:\windows\VM305Cap.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 11:21 . 2012-02-12 11:55	--------	d-----w-	C:\32788R22FWJFW
2012-02-10 16:57 . 2012-02-10 16:57	--------	d-----w-	C:\_OTS
2012-02-07 17:53 . 2012-02-07 17:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-02-03 15:50 . 2012-02-03 15:50	--------	d-----w-	c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2012-02-03 15:49 . 2012-02-03 15:50	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-03 15:49 . 2012-02-03 15:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-03 15:30 . 2012-02-03 16:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-03 15:30 . 2011-12-10 15:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-01 10:11 . 2012-02-01 10:11	--------	d-----w-	c:\program files\Met Office Desktop Widget
2012-01-31 21:06 . 2011-03-31 03:04	44024	----a-r-	c:\windows\system32\drivers\SymIM.sys
2012-01-31 08:59 . 2012-01-31 21:01	--------	d-----w-	c:\windows\system32\drivers\N360\0502000.00D
2012-01-30 10:22 . 2012-01-25 18:56	51144	----a-w-	c:\windows\system32\drivers\Soluto.sys
2012-01-30 10:22 . 2012-01-30 10:22	--------	d-----w-	c:\program files\Soluto
2012-01-28 20:45 . 2012-01-28 20:45	388096	----a-r-	c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-28 18:07 . 2012-01-28 18:07	--------	d-----w-	c:\documents and settings\User\Application Data\DriverCure
2012-01-28 18:07 . 2012-01-28 18:07	--------	d-----w-	c:\documents and settings\User\Application Data\SpeedMaxPc
2012-01-28 18:07 . 2012-01-28 20:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-01-21 10:26 . 2012-01-23 23:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\GameXN
2012-01-16 13:46 . 2012-01-16 13:46	--------	d-----w-	c:\windows\system32\N360_BACKUP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 17:49 . 2012-01-10 17:49	60872	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-01-10 17:49 . 2012-01-10 17:49	126584	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-25 21:57 . 2008-04-14 04:42	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 00:00	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 04:42	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 04:42	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 04:42	152064	----a-w-	c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Oregon"="c:\program files\Oregon Scientific\Weather OS\Weather OS.exe" [2009-10-19 625152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-03 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"BigDog305"="c:\windows\VM305_STI.EXE" [2010-12-18 61440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
DigiGuide TV Guide.lnk - c:\program files\DigiGuide TV Guide\Client.exe [2008-3-7 570416]
EarthDesk.lnk - c:\program files\XericDesign\EarthDesk\EarthDesk.exe [2010-9-8 1658520]
Met Office Desktop Widget.lnk - c:\program files\Met Office Desktop Widget\Met Office Desktop Widget.exe [2012-2-1 142336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv64C]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SystemControl.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SystemControl.lnk
backup=c:\windows\pss\SystemControl.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2010-12-18 00:17	57344	----a-w-	c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
2010-12-18 02:44	61440	------r-	c:\windows\VM305_STI.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX510W(Network)]
2008-11-20 06:00	199680	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\E_FATIFIE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-03 12:37	137536	----atw-	c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\five Media Manager Tray]
2010-12-18 00:53	368640	----a-w-	c:\program files\Entriq\MediaSphere\EntriqMediaTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-17 17:15	133104	----atw-	c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2011-11-16 08:49	366024	----a-w-	c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-10-21 09:26	1032640	----a-w-	c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43	144608	----a-w-	c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2010-07-20 18:18	236816	----a-w-	c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2009-10-20 09:35	144672	----a-w-	c:\program files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42	79112	----a-w-	c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-01-01 18:17	4016816	----a-w-	c:\documents and settings\User\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 13:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-03 16:07	68856	------w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-09-09 14:27	273528	----a-w-	c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" /silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\solutoinstaller (1).exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\solutoinstaller-f1Y0HjDd7s.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*isabledoVoo UDP port 443
"37674:TCP"= 37674:TCP:*isabledoVoo TCP port 37674
"37674:UDP"= 37674:UDP:*isabledoVoo UDP port 37674
"37675:UDP"= 37675:UDP:*isabledoVoo UDP port 37675
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"67:UDP"= 67:UDPHCP Server
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [30/01/2012 10:22 51144]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [31/01/2012 09:00 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [31/01/2012 09:00 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [09/02/2012 08:48 820344]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [06/03/2008 13:54 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [06/03/2008 16:47 5120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [31/01/2012 09:00 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/02/2012 15:30 652360]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [23/04/2010 00:33 25824]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [31/01/2012 08:59 130008]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [29/03/2011 14:33 598312]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [25/09/2009 13:16 93960]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [25/01/2012 19:05 547872]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [04/02/2012 08:29 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSXpx86.sys [11/02/2012 09:08 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2012 15:30 20464]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [10/11/2009 21:01 391688]
S1 MpKsl2dee8031;MpKsl2dee8031;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{443087EB-F2A5-4F3F-9036-9F65B1AF2F39}\MpKsl2dee8031.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{443087EB-F2A5-4F3F-9036-9F65B1AF2F39}\MpKsl2dee8031.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 srv64C;srv64C;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 04:42 14336]
S3 cpuz134;cpuz134;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdate1c9d2e3ae18ab52;Google Update Service (gupdate1c9d2e3ae18ab52);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2009 09:25 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2009 09:25 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 10:06 21632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [01/06/2011 16:42 14088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv64C
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2012-02-11 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]
.
2012-02-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-03 12:37]
.
2012-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-03 12:37]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 09:25]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 09:25]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-17 17:15]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-17 17:15]
.
2012-02-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-484763869-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 14:22]
.
2012-02-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-484763869-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 14:22]
.
2012-02-12 c:\windows\Tasks\User_Feed_Synchronization-{A43C8D48-871D-40B2-B899-E4CD30373D4F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/?a=NUYh597mIU
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} - hxxp://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-DATAMNGR - c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
MSConfigStartUp-ManyCam - c:\program files\ManyCam\Bin\ManyCam.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-SmartDefrag - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-77662069.skyplayer.sky.com - c:\program files\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)[email protected]?????????????? 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Oregon = c:\program files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized?3 ???????P?P???Data in BYTE: 01 0C 01 1A 08 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv64C]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\User\LOCALS~1\Temp\srv64C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-484763869-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1356)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-02-12 12:02:11
ComboFix-quarantined-files.txt 2012-02-12 12:02
.
Pre-Run: 677,005,418,496 bytes free
Post-Run: 677,356,535,808 bytes free
.
- - End Of File - - A860AF8C0BAC5830B24CEA7D4BF2DB8B


----------



## Cookiegal (Aug 27, 2003)

The instructions were to save it to the desktop so please move it there.

Why didn't you install the Recovery Console?


----------



## Martin4Jay (Jan 28, 2012)

I have had a warning have you an email I saved so I can tell you not sure what I had to do I save a picture if you like I will send it to you


----------



## Martin4Jay (Jan 28, 2012)

I have saved with the name puppy.exe on the desk top


----------



## Cookiegal (Aug 27, 2003)

Martin4Jay said:


> I have had a warning have you an email I saved so I can tell you not sure what I had to do I save a picture if you like I will send it to you


Please upload the screenshot here.


----------



## Martin4Jay (Jan 28, 2012)

We tried Cookie earlier but can't do it sorry


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Driver::
srv64C

NetSvc::
srv64C

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv64C]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv64C]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\srv64C]
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## Martin4Jay (Jan 28, 2012)

This is the message just cant get my head around it.

This machine does not have the Microsoft windows Recovery console installed.

Alternately, an existing instillation of the recovery console, maybe present but requires updating.

Without it ComboFix shall not attempt the fixing of some serious infections.

Click yes to have Combofix Downloaded/install it.


----------



## Cookiegal (Aug 27, 2003)

Yes, at that point you should click Yes and allow ComboFix to install the Recovery Console.


----------



## Martin4Jay (Jan 28, 2012)

ComboFix 12-02-11.03 - User 12/02/2012 16:05:03.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.408 [GMT 0:00]
Running from: c:\documents and settings\User\My Documents\Downloads\puppy.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 11:22 . 2012-02-12 12:02	--------	d-----w-	C:\puppy
2012-02-12 11:21 . 2012-02-12 15:58	--------	d-----w-	C:\32788R22FWJFW
2012-02-10 16:57 . 2012-02-10 16:57	--------	d-----w-	C:\_OTS
2012-02-07 17:53 . 2012-02-07 17:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-02-03 15:50 . 2012-02-03 15:50	--------	d-----w-	c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2012-02-03 15:49 . 2012-02-03 15:50	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-03 15:49 . 2012-02-03 15:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-03 15:30 . 2012-02-03 16:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-03 15:30 . 2011-12-10 15:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-01 10:11 . 2012-02-01 10:11	--------	d-----w-	c:\program files\Met Office Desktop Widget
2012-01-31 21:06 . 2011-03-31 03:04	44024	----a-r-	c:\windows\system32\drivers\SymIM.sys
2012-01-31 08:59 . 2012-01-31 21:01	--------	d-----w-	c:\windows\system32\drivers\N360\0502000.00D
2012-01-30 10:22 . 2012-01-25 18:56	51144	----a-w-	c:\windows\system32\drivers\Soluto.sys
2012-01-30 10:22 . 2012-01-30 10:22	--------	d-----w-	c:\program files\Soluto
2012-01-28 20:45 . 2012-01-28 20:45	388096	----a-r-	c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-28 18:07 . 2012-01-28 18:07	--------	d-----w-	c:\documents and settings\User\Application Data\DriverCure
2012-01-28 18:07 . 2012-01-28 18:07	--------	d-----w-	c:\documents and settings\User\Application Data\SpeedMaxPc
2012-01-28 18:07 . 2012-01-28 20:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-01-21 10:26 . 2012-01-23 23:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\GameXN
2012-01-16 13:46 . 2012-01-16 13:46	--------	d-----w-	c:\windows\system32\N360_BACKUP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 17:49 . 2012-01-10 17:49	60872	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-01-10 17:49 . 2012-01-10 17:49	126584	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-25 21:57 . 2008-04-14 04:42	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 00:00	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 04:42	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 04:42	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 04:42	152064	----a-w-	c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Oregon"="c:\program files\Oregon Scientific\Weather OS\Weather OS.exe" [2009-10-19 625152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-03 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"BigDog305"="c:\windows\VM305_STI.EXE" [2010-12-18 61440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
DigiGuide TV Guide.lnk - c:\program files\DigiGuide TV Guide\Client.exe [2008-3-7 570416]
EarthDesk.lnk - c:\program files\XericDesign\EarthDesk\EarthDesk.exe [2010-9-8 1658520]
Met Office Desktop Widget.lnk - c:\program files\Met Office Desktop Widget\Met Office Desktop Widget.exe [2012-2-1 142336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv64C]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SystemControl.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SystemControl.lnk
backup=c:\windows\pss\SystemControl.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2010-12-18 00:17	57344	----a-w-	c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
2010-12-18 02:44	61440	------r-	c:\windows\VM305_STI.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX510W(Network)]
2008-11-20 06:00	199680	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\E_FATIFIE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-03 12:37	137536	----atw-	c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\five Media Manager Tray]
2010-12-18 00:53	368640	----a-w-	c:\program files\Entriq\MediaSphere\EntriqMediaTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-17 17:15	133104	----atw-	c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2011-11-16 08:49	366024	----a-w-	c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-10-21 09:26	1032640	----a-w-	c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43	144608	----a-w-	c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2010-07-20 18:18	236816	----a-w-	c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2009-10-20 09:35	144672	----a-w-	c:\program files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42	79112	----a-w-	c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-01-01 18:17	4016816	----a-w-	c:\documents and settings\User\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 13:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-03 16:07	68856	------w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-09-09 14:27	273528	----a-w-	c:\program files\Real\realplayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\solutoinstaller (1).exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\solutoinstaller-f1Y0HjDd7s.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*isabledoVoo UDP port 443
"37674:TCP"= 37674:TCP:*isabledoVoo TCP port 37674
"37674:UDP"= 37674:UDP:*isabledoVoo UDP port 37674
"37675:UDP"= 37675:UDP:*isabledoVoo UDP port 37675
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"67:UDP"= 67:UDPHCP Server
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [30/01/2012 10:22 51144]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [31/01/2012 09:00 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [31/01/2012 09:00 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [09/02/2012 08:48 820344]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [06/03/2008 13:54 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [06/03/2008 16:47 5120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [31/01/2012 09:00 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/02/2012 15:30 652360]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [23/04/2010 00:33 25824]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [31/01/2012 08:59 130008]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [29/03/2011 14:33 598312]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [25/09/2009 13:16 93960]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [25/01/2012 19:05 547872]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [04/02/2012 08:29 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSXpx86.sys [11/02/2012 09:08 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2012 15:30 20464]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [10/11/2009 21:01 391688]
S1 MpKsl2dee8031;MpKsl2dee8031;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{443087EB-F2A5-4F3F-9036-9F65B1AF2F39}\MpKsl2dee8031.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{443087EB-F2A5-4F3F-9036-9F65B1AF2F39}\MpKsl2dee8031.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 srv64C;srv64C;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 04:42 14336]
S3 cpuz134;cpuz134;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdate1c9d2e3ae18ab52;Google Update Service (gupdate1c9d2e3ae18ab52);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2009 09:25 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2009 09:25 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 10:06 21632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [01/06/2011 16:42 14088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
NETSVCS REQUIRES REPAIRS - current entries shown
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/?a=NUYh597mIU
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 16:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)[email protected]?????????????? 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Oregon = c:\program files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized?3 ???????P?P???Data in BYTE: 01 0C 01 1A 08 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv64C]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\User\LOCALS~1\Temp\srv64C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-484763869-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1356)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Completion time: 2012-02-12 16:34:14
ComboFix-quarantined-files.txt 2012-02-12 16:34
ComboFix2.txt 2012-02-12 12:02
.
Pre-Run: 677,308,166,144 bytes free
Post-Run: 677,275,238,400 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 813995DB924934DB0F4D1920D71B71B1


----------



## Martin4Jay (Jan 28, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:06:08, on 12/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Cumulus\cumulus.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=NUYh597mIU
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKCU\..\Run: [Oregon] C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Met Office Desktop Widget.lnk = C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe (User 'Default user')
O4 - .DEFAULT Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe (User 'Default user')
O4 - .DEFAULT Startup: Met Office Desktop Widget.lnk = C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe (User 'Default user')
O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe
O4 - Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
O4 - Startup: Met Office Desktop Widget.lnk = C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} (Sony SNC-P5 Control) - http://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204929890000
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c9d2e3ae18ab52) (gupdate1c9d2e3ae18ab52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

--
End of file - 15006 bytes


----------



## Cookiegal (Aug 27, 2003)

Now please run ComboFix again with the script I gave you per post no. 108.


----------



## Martin4Jay (Jan 28, 2012)

I will but going to church, so try when I get back thank for the time your helping me


----------



## Cookiegal (Aug 27, 2003)

OK. Thanks.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Open Notepad and copy and paste the text in the code box below into it:
> 
> 
> ```
> ...


Do you drag the CFScript.txt folder on the blue screen while it running if not! it does not give me that option not with the pictures your showing


----------



## Cookiegal (Aug 27, 2003)

ComboFix will not be running until after you drop the script. In this case, you drop the CFScript onto the puppy.exe file which you should have moved to your desktop.


----------



## Martin4Jay (Jan 28, 2012)

ok thanks I will do this now but the rest I will do in the morning thanks


----------



## Cookiegal (Aug 27, 2003)

That's all there is to do.


----------



## Martin4Jay (Jan 28, 2012)

ComboFix 12-02-11.03 - User 12/02/2012 23:16:15.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.96 [GMT 0:00]
Running from: c:\documents and settings\User\My Documents\Downloads\puppy.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRV64C
-------\Service_srv64C
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 11:22 . 2012-02-12 12:02	--------	d-----w-	C:\puppy
2012-02-10 16:57 . 2012-02-10 16:57	--------	d-----w-	C:\_OTS
2012-02-07 17:53 . 2012-02-07 17:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-02-03 15:50 . 2012-02-03 15:50	--------	d-----w-	c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2012-02-03 15:49 . 2012-02-03 15:50	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-02-03 15:49 . 2012-02-03 15:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-03 15:30 . 2012-02-03 16:48	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-03 15:30 . 2011-12-10 15:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-01 10:11 . 2012-02-01 10:11	--------	d-----w-	c:\program files\Met Office Desktop Widget
2012-01-31 21:06 . 2011-03-31 03:04	44024	----a-r-	c:\windows\system32\drivers\SymIM.sys
2012-01-31 08:59 . 2012-01-31 21:01	--------	d-----w-	c:\windows\system32\drivers\N360\0502000.00D
2012-01-30 10:22 . 2012-01-25 18:56	51144	----a-w-	c:\windows\system32\drivers\Soluto.sys
2012-01-30 10:22 . 2012-01-30 10:22	--------	d-----w-	c:\program files\Soluto
2012-01-28 20:45 . 2012-01-28 20:45	388096	----a-r-	c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-28 18:07 . 2012-01-28 18:07	--------	d-----w-	c:\documents and settings\User\Application Data\DriverCure
2012-01-28 18:07 . 2012-01-28 18:07	--------	d-----w-	c:\documents and settings\User\Application Data\SpeedMaxPc
2012-01-28 18:07 . 2012-01-28 20:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-01-21 10:26 . 2012-01-23 23:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\GameXN
2012-01-16 13:46 . 2012-01-16 13:46	--------	d-----w-	c:\windows\system32\N360_BACKUP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 17:49 . 2012-01-10 17:49	60872	----a-w-	c:\windows\system32\S32EVNT1.DLL
2012-01-10 17:49 . 2012-01-10 17:49	126584	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-25 21:57 . 2008-04-14 04:42	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 00:00	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 04:42	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 04:42	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 04:42	152064	----a-w-	c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Oregon"="c:\program files\Oregon Scientific\Weather OS\Weather OS.exe" [2009-10-19 625152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-03 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"BigDog305"="c:\windows\VM305_STI.EXE" [2010-12-18 61440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Soluto"="c:\program files\Soluto\soluto.exe" [2012-01-25 1712176]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
DigiGuide TV Guide.lnk - c:\program files\DigiGuide TV Guide\Client.exe [2008-3-7 570416]
EarthDesk.lnk - c:\program files\XericDesign\EarthDesk\EarthDesk.exe [2010-9-8 1658520]
Met Office Desktop Widget.lnk - c:\program files\Met Office Desktop Widget\Met Office Desktop Widget.exe [2012-2-1 142336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SystemControl.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SystemControl.lnk
backup=c:\windows\pss\SystemControl.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MailWasherPro.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\MailWasherPro.lnk
backup=c:\windows\pss\MailWasherPro.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2010-12-18 00:17	57344	----a-w-	c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
2010-12-18 02:44	61440	------r-	c:\windows\VM305_STI.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX510W(Network)]
2008-11-20 06:00	199680	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\E_FATIFIE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-03 12:37	137536	----atw-	c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\five Media Manager Tray]
2010-12-18 00:53	368640	----a-w-	c:\program files\Entriq\MediaSphere\EntriqMediaTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-17 17:15	133104	----atw-	c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2011-11-16 08:49	366024	----a-w-	c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-10-21 09:26	1032640	----a-w-	c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43	144608	----a-w-	c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2010-07-20 18:18	236816	----a-w-	c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2009-10-20 09:35	144672	----a-w-	c:\program files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42	79112	----a-w-	c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-01-01 18:17	4016816	----a-w-	c:\documents and settings\User\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 13:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-03 16:07	68856	------w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-09-09 14:27	273528	----a-w-	c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" /silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\solutoinstaller (1).exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\solutoinstaller-f1Y0HjDd7s.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*isabledoVoo UDP port 443
"37674:TCP"= 37674:TCP:*isabledoVoo TCP port 37674
"37674:UDP"= 37674:UDP:*isabledoVoo UDP port 37674
"37675:UDP"= 37675:UDP:*isabledoVoo UDP port 37675
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [30/01/2012 10:22 51144]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [31/01/2012 09:00 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [31/01/2012 09:00 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [09/02/2012 08:48 820344]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [06/03/2008 13:54 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [06/03/2008 16:47 5120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [31/01/2012 09:00 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [04/02/2012 08:29 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSXpx86.sys [11/02/2012 09:08 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/02/2012 15:30 20464]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [10/11/2009 21:01 391688]
S1 MpKsl2dee8031;MpKsl2dee8031;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{443087EB-F2A5-4F3F-9036-9F65B1AF2F39}\MpKsl2dee8031.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{443087EB-F2A5-4F3F-9036-9F65B1AF2F39}\MpKsl2dee8031.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdate1c9d2e3ae18ab52;Google Update Service (gupdate1c9d2e3ae18ab52);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2009 09:25 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2009 09:25 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 10:06 21632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2012-02-11 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]
.
2012-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-03 12:37]
.
2012-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-09-03 12:37]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 09:25]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 09:25]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-17 17:15]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484763869-839522115-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-17 17:15]
.
2012-02-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-484763869-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 14:22]
.
2012-02-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-484763869-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 14:22]
.
2012-02-12 c:\windows\Tasks\User_Feed_Synchronization-{A43C8D48-871D-40B2-B899-E4CD30373D4F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/?a=NUYh597mIU
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.0.1
DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} - hxxp://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)[email protected]?????????????? 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Oregon = c:\program files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized?3 ???????P?P???Data in BYTE: 01 0C 01 1A 08 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-484763869-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1312)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(444)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Kontiki\KService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe
c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
c:\program files\Nero\Update\NASvc.exe
c:\program files\Sling Media\SlingAgent\SlingAgentService.exe
c:\program files\Soluto\SolutoService.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
c:\program files\DigiGuide TV Guide\digiguide.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\program files\Memeo\AutoBackup\MemeoUpdater.exe
.
**************************************************************************
.
Completion time: 2012-02-13 00:01:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-13 00:01
ComboFix2.txt 2012-02-12 22:46
ComboFix3.txt 2012-02-12 16:34
ComboFix4.txt 2012-02-12 12:02
.
Pre-Run: 677,261,176,832 bytes free
Post-Run: 677,155,639,296 bytes free
.
- - End Of File - - 02DB58F8BE00AF48596303B49B72BD4E

Night night mate


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log and let me know how things are with the system now.


----------



## Martin4Jay (Jan 28, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:49:09, on 14/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Soluto\soluto.exe
C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
C:\Program Files\DigiGuide TV Guide\digiguide.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=NUYh597mIU
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Soluto] C:\Program Files\Soluto\soluto.exe /init
O4 - HKCU\..\Run: [Oregon] C:\Program Files\Oregon Scientific\Weather OS\Weather OS.exe --force_start_minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe
O4 - Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
O4 - Startup: Met Office Desktop Widget.lnk = C:\Program Files\Met Office Desktop Widget\Met Office Desktop Widget.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} (Sony SNC-P5 Control) - http://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204929890000
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c9d2e3ae18ab52) (gupdate1c9d2e3ae18ab52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

--
End of file - 14729 bytes


----------



## Martin4Jay (Jan 28, 2012)

System is fine with shutdown, Does occasionally runs slowly when opening a program ie: incredimail ect. but does not freeze.


----------



## Martin4Jay (Jan 28, 2012)

Just decided to freeze on shutdown but I had the Seagate Dashboard extra memory for my backup plugged in tower and it was opening ok before this and shutdown ok, is it safe for this to be plugged in all the time, never did this before thanks


----------



## Cookiegal (Aug 27, 2003)

That depends. Does it perfom a backup automatically on shutdown?


----------



## Martin4Jay (Jan 28, 2012)

Not sure Cookie, as it tells me after start up it's backup

But not sure you wanted this but just done the Microsoft update



Successful Updates 
Microsoft Office 2003
Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2597968)
Microsoft Windows XP
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2633880)
Security Update for Windows XP (KB2661637)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2633870)
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2647516)
Windows Malicious Software Removal Tool - February 2012 (KB890830)
Security Update for Windows XP (KB2660465)
________________________________________

Failed Updates
For help installing an update successfully, see the solution under each problem description.






Problem: Please check your update history for a description.
Microsoft Silverlight
Security Update for Microsoft Silverlight (KB2668562)


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## Martin4Jay (Jan 28, 2012)

Cookie did not give me a chance to save log it went in to shutdown mode strait away:-(


----------



## Cookiegal (Aug 27, 2003)

What do you mean shutdown mode? The computer shutdown?

Can you possible grab a screenshot of it if you run it again?


----------



## Martin4Jay (Jan 28, 2012)

It just shutdown or restarts can't do a screen shot it dose it by it's self, I will try again later.


----------



## Cookiegal (Aug 27, 2003)

OK, please do.


----------



## Martin4Jay (Jan 28, 2012)

Well got it saved just in time before it the computer restarted

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-17 17:01:14
-----------------------------
17:01:14.671 OS Version: Windows 5.1.2600 Service Pack 3
17:01:14.671 Number of processors: 1 586 0x801
17:01:14.671 ComputerName: USER-5C75D7BEDB UserName: User
17:01:18.500 Initialize success
17:01:32.093 AVAST engine defs: 12021601
17:02:03.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
17:02:03.390 Disk 0 Vendor: Hitachi_ GK8O Size: 715404MB BusType: 1
17:02:03.390 Device \Driver\viamraid -> DriverStartIo SCSIPORT.SYS f73c940e
17:02:03.406 Disk 0 MBR read successfully
17:02:03.406 Disk 0 MBR scan
17:02:03.453 Disk 0 Windows XP default MBR code
17:02:03.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 63
17:02:03.453 Disk 0 scanning sectors +1465144065
17:02:03.531 Disk 0 scanning C:\WINDOWS\system32\drivers
17:02:16.796 Service scanning
17:02:18.187 Modules scanning
17:02:23.343 Disk 0 trace - called modules:
17:02:23.359 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys 
17:02:23.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b90ab8]
17:02:23.359 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x86afea38]
17:02:24.343 AVAST engine scan C:\WINDOWS
17:02:38.015 AVAST engine scan C:\WINDOWS\system32
17:07:50.843 AVAST engine scan C:\WINDOWS\system32\drivers
17:08:56.750 AVAST engine scan C:\Documents and Settings\User
17:09:30.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
17:09:30.437 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-17 17:01:14
-----------------------------
17:01:14.671 OS Version: Windows 5.1.2600 Service Pack 3
17:01:14.671 Number of processors: 1 586 0x801
17:01:14.671 ComputerName: USER-5C75D7BEDB UserName: User
17:01:18.500 Initialize success
17:01:32.093 AVAST engine defs: 12021601
17:02:03.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
17:02:03.390 Disk 0 Vendor: Hitachi_ GK8O Size: 715404MB BusType: 1
17:02:03.390 Device \Driver\viamraid -> DriverStartIo SCSIPORT.SYS f73c940e
17:02:03.406 Disk 0 MBR read successfully
17:02:03.406 Disk 0 MBR scan
17:02:03.453 Disk 0 Windows XP default MBR code
17:02:03.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 63
17:02:03.453 Disk 0 scanning sectors +1465144065
17:02:03.531 Disk 0 scanning C:\WINDOWS\system32\drivers
17:02:16.796 Service scanning
17:02:18.187 Modules scanning
17:02:23.343 Disk 0 trace - called modules:
17:02:23.359 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys 
17:02:23.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b90ab8]
17:02:23.359 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x86afea38]
17:02:24.343 AVAST engine scan C:\WINDOWS
17:02:38.015 AVAST engine scan C:\WINDOWS\system32
17:07:50.843 AVAST engine scan C:\WINDOWS\system32\drivers
17:08:56.750 AVAST engine scan C:\Documents and Settings\User
17:09:30.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
17:09:30.437 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
17:09:46.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
17:09:46.546 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Are you still having the shutdown problem you described in your initial posts?

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## Martin4Jay (Jan 28, 2012)

I will do this in the morning

Yes to the shutdown problem

Thanks


----------



## Cookiegal (Aug 27, 2003)

OK. Please do this as well:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Martin4Jay (Jan 28, 2012)

Cookie before I do anything do you want me to do the second message first or start from the first one from page 9.


----------



## Cookiegal (Aug 27, 2003)

Martin4Jay said:


> Cookie before I do anything do you want me to do the second message first or start from the first one from page 9.


I'm sorry but I don't understand the question.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Are you still having the shutdown problem you described in your initial posts?
> 
> Please download GMER from: http://gmer.net/index.php
> 
> ...


This one


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> OK. Please do this as well:
> 
> Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.
> 
> Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


Or this one


----------



## Martin4Jay (Jan 28, 2012)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-18 22:57:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0 Hitachi_ rev.GK8O
Running: bwpdoub2.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\awqcqfoc.sys

---- System - GMER 1.0.15 ----

SSDT 86614640 ZwAlertResumeThread
SSDT 86614718 ZwAlertThread
SSDT 861D26A8 ZwAllocateVirtualMemory
SSDT 865ED7E8 ZwAssignProcessToJobObject
SSDT 866B2008 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF11F3710]
SSDT 861B84D0 ZwCreateMutant
SSDT 861B8C80 ZwCreateSymbolicLinkObject
SSDT 865F1A90 ZwCreateThread
SSDT 865ECB10 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteKey [0xF11F3990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF11F3EF0]
SSDT 8613A298 ZwDuplicateObject
SSDT 861B8240 ZwFreeVirtualMemory
SSDT 8660F100 ZwImpersonateAnonymousToken
SSDT 865FE1B0 ZwImpersonateThread
SSDT 8683AE20 ZwLoadDriver
SSDT 865F1788 ZwMapViewOfSection
SSDT 8660B318 ZwOpenEvent
SSDT 868405C8 ZwOpenProcess
SSDT 86619B28 ZwOpenProcessToken
SSDT 865F1D10 ZwOpenSection
SSDT 868542E0 ZwOpenThread
SSDT 861B8D30 ZwProtectVirtualMemory
SSDT 86614E30 ZwResumeThread
SSDT 86605F68 ZwSetContextThread
SSDT 8660D718 ZwSetInformationProcess
SSDT 865ECDF0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF11F4140]
SSDT 865F2940 ZwSuspendProcess
SSDT 86614F08 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEB864640]
SSDT 86609340 ZwTerminateThread
SSDT 86605EB8 ZwUnmapViewOfSection
SSDT 861B82F0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 98 804E2704 4 Bytes [E8, D7, 5E, 86]
.text ntoskrnl.exe!_abnormal_termination + F0 804E275C 1 Byte [10]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF76E0A0C]
? C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Cumulus\cumulus.exe[820] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00881391 C:\Cumulus\cumulus.exe (Sandaysoft)
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenFile + 6  7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1004] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1324] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + B  7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2708] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenProcessTokenEx + B  7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3844] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\User\Application Data\Memeo\AutoBackup\instances\16508C9D-EE28-4B25-A2C6-6F27C3E165B5\16508c9d-ee28-4b25-a2c6-6f27c3e165b5-preinq.db3-journal 0 bytes
File C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new 0 bytes

---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

Both please.


----------



## Martin4Jay (Jan 28, 2012)

Event Type:	Error
Event Source:	Dhcp
Event Category:	None
Event ID:	1002
Date: 18/02/2012
Time: 15:42:55
User: N/A
Computer:	USER-5C75D7BEDB
Description:
The IP address lease 192.168.0.6 for the Network Card with network address 00E04CB19001 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 17/02/2012
Time: 18:35:38
User: N/A
Computer:	USER-5C75D7BEDB
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 8e 00 bc 00 00 00 00 ..¼....
0028: 29 f6 04 00 00 00 00 00 )ö......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 80 01 20 40 . ... @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 40 5d 84 30 c3 13 86 [email protected]]0Ã.
0058: 00 00 00 00 50 93 6b 86 ....Pk
0060: 00 00 00 00 47 00 5e 00 ....G.^.
0068: 2a 00 00 5e 00 47 00 00 *..^.G..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 17/02/2012
Time: 17:53:57
User: N/A
Computer:	USER-5C75D7BEDB
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 7e 00 bc 00 00 00 00 .~.¼....
0028: f0 84 02 00 00 00 00 00 ð......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 80 01 20 40 . ... @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 c0 48 84 18 52 5c 86 .ÀH.R\
0058: 00 00 00 00 b8 8a 9d 86 ....¸
0060: 00 00 00 00 3f 00 5e 00 ....?.^.
0068: 2a 00 00 5e 00 3f 00 00 *..^.?..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 17/02/2012
Time: 17:31:10
User: N/A
Computer:	USER-5C75D7BEDB
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 9e 01 c0 00 00 00 00 ..À....
0028: 46 2f 01 00 00 00 00 00 F/......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @......
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 18 52 5c 86 .....R\
0058: 00 00 00 00 b8 8a 9d 86 ....¸
0060: 00 00 00 00 cf 00 60 00 ....Ï.`.
0068: 28 00 00 60 00 cf 00 00 (..`.Ï..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........


----------



## Martin4Jay (Jan 28, 2012)

The GMER took 6 hours to do is that right


----------



## Cookiegal (Aug 27, 2003)

Click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll
down to "Winlogon" and double-click on it to open it up. This is the log
created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## Cookiegal (Aug 27, 2003)

Martin4Jay said:


> The GMER took 6 hours to do is that right


It can take a long time, it depends on what's on your computer.


----------



## Martin4Jay (Jan 28, 2012)

It's late cookie I will do this in the morning
Thanks


----------



## Cookiegal (Aug 27, 2003)

That's fine.


----------



## Martin4Jay (Jan 28, 2012)

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1002
Date: 12/02/2012
Time: 23:57:33
User: N/A
Computer:	USER-5C75D7BEDB
Description:
The shell stopped unexpectedly and Explorer.exe was restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

There was times when the computer froze from shutdown I had to turn it off from the mains


----------



## Cookiegal (Aug 27, 2003)

Do you mean the computer is shutting down randomly now? At the beginning you said the problem was only that it freezes when you're shutting down. Are you not able to run chkdsk without the computer shutting down?


----------



## Martin4Jay (Jan 28, 2012)

no it's freezes when it close to shutdown

and just done chkdsk with no problem


----------



## Cookiegal (Aug 27, 2003)

Then please post the log from the chkdsk run.


----------



## Martin4Jay (Jan 28, 2012)

It did not give me an option just closed by his self


----------



## Cookiegal (Aug 27, 2003)

There will not be an option. You have to retrieve the log as instructed in post 144.


----------



## Martin4Jay (Jan 28, 2012)

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 20/02/2012
Time: 17:40:51
User: N/A
Computer:	USER-5C75D7BEDB
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 929 unused index entries from index $SII of file 0x9.
Cleaning up 929 unused index entries from index $SDH of file 0x9.
Cleaning up 929 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

732572000 KB total disk space.
71781692 KB in 148015 files.
68160 KB in 19934 indexes.
0 KB in bad sectors.
371508 KB in use by the system.
65536 KB occupied by the log file.
660350640 KB available on disk.

4096 bytes in each allocation unit.
183143000 total allocation units on disk.
165087660 allocation units available on disk.

Internal Info:
b0 21 03 00 19 90 02 00 4b de 03 00 00 00 00 00 .!......K.......
07 54 00 00 03 00 00 00 23 06 00 00 00 00 00 00 .T......#.......
4a 12 ca 06 00 00 00 00 e4 ff 63 53 00 00 00 00 J.........cS....
18 37 04 16 00 00 00 00 92 f6 23 95 04 00 00 00  .7........#.....
18 9c d1 33 00 00 00 00 ca 0f 1b 42 05 00 00 00 ...3.......B....
99 9e 36 00 00 00 00 00 08 39 07 00 2f 42 02 00 ..6......9../B..
00 00 00 00 00 f0 34 1d 11 00 00 00 de 4d 00 00 ......4......M..

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there and then reboot. Let me know if you still have problems on shutdown.


----------



## Martin4Jay (Jan 28, 2012)

Ok I did as you said an had a "system Configuration message " 

"An access denied error was returned while attempting to change services.
You may need to log on using an administrator account to make the specified changes"

I clicked ok now I am going to do a restart.


----------



## Martin4Jay (Jan 28, 2012)

It froze again last night :-(


----------



## Cookiegal (Aug 27, 2003)

Go to *Start * *Run *- type *msconfig*  click OK and click on the the "services" tab and check hide Microsoft Services. Take note of which services are checked so you can put it back the way it was.

Then try unchecking all the NON Microsoft services except those related to your anti-virus programs and reboot. Let me know if you still have problems after doing that.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> Go to *Start *- *Run *- type *msconfig* - click OK and click on the the "services" tab and check hide Microsoft Services. Take note of which services are checked so you can put it back the way it was.
> 
> Then try unchecking all the NON Microsoft services except those related to your anti-virus programs and reboot. Let me know if you still have problems after doing that.


 "system Configuration message "

"An access denied error was returned while attempting to change services.
You may need to log on using an administrator account to make the specified changes"

It still allowed me to a restart which I did and it did it ok.


----------



## Cookiegal (Aug 27, 2003)

How is it when shutting down now?


----------



## Martin4Jay (Jan 28, 2012)

It did it ok just now, I am going to bed in 10 minutes I will let you know in the morning how it went


----------



## Cookiegal (Aug 27, 2003)

OK, sounds good.


----------



## Martin4Jay (Jan 28, 2012)

Yes so far so good and it shutdown quick too


----------



## Cookiegal (Aug 27, 2003)

OK so it sounds like there's a conflict with a service. Try checking only one of the services that was checked before and run it like that for a bit and see if you are still free of shutdown issues. Continue doing that (checking another and then another) until you encounter the problem again and report back which one triggered it.


----------



## Martin4Jay (Jan 28, 2012)

Well I ticked everyone and it shutdown with no problems, this is driving me nuts, thanks for the help your giving


----------



## Cookiegal (Aug 27, 2003)

Let me know when it does it again.


----------



## Martin4Jay (Jan 28, 2012)

How long should I give you before you mark it solved.

I have also a another question unrelated to this should I start a new post?


----------



## Cookiegal (Aug 27, 2003)

Martin4Jay said:


> How long should I give you before you mark it solved.


As long as it takes and you're the one who will mark it solved when you feel it is. Have you had no problems with shutdowns? Judging by how often it was happening before, does it seem to resolved? 

If you're sure that your question is unrelated to this issue we're addressing here then you should start a new thread.


----------



## Martin4Jay (Jan 28, 2012)

No, it is behaving with the shutdown i will ask the new question later
Thanks


----------



## Cookiegal (Aug 27, 2003)

OK then, please post a new HijackThis log in this thread so I can be sure there's nothing left to address there.


----------



## Martin4Jay (Jan 28, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:02:49, on 23/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/?a=NUYh597mIU
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: EarthDesk.lnk = C:\Program Files\XericDesign\EarthDesk\EarthDesk.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CB430A9-CAAC-4C91-AF61-6D410EEE1221} (Sony SNC-P5 Control) - http://cam1.saltash.cornwall.sch.uk/program/SonySncP5View.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204929890000
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c9d2e3ae18ab52) (gupdate1c9d2e3ae18ab52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

--
End of file - 13410 bytes


----------



## Cookiegal (Aug 27, 2003)

That looks fine.


----------



## Martin4Jay (Jan 28, 2012)

Ok good I started to the startup list one at a time and started with Earth Desk and the first thing it did it froze, so I have taken it off and start with a different one see what happen. I will report back if I have the same problem


----------



## Cookiegal (Aug 27, 2003)

Sounds good.


----------



## Martin4Jay (Jan 28, 2012)

so far now, I have put two programs on the start up so just see what happens I will try over the weekend and I will report back on Monday unless unless the problem comes back


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.


----------



## Martin4Jay (Jan 28, 2012)

Well turned on every thing on startup except Earthdesk worked with no problems so I have added it to start up to see what happens.

I will say thanks for you time and trying to get this issue sorted cookie and flav.

"I will mark this as solved"


----------



## Cookiegal (Aug 27, 2003)

You're welcome. 

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## Martin4Jay (Jan 28, 2012)

Cookiegal said:


> You're welcome.
> 
> Here are some final instructions for you.
> 
> ...


*I tried this in search and I got a message and I did it correctly*

"ComboFix" message

Window cannot find "comboFix" Make sure you typed the name correctly and then try again. To search for a file click the start button and then click search


----------



## Cookiegal (Aug 27, 2003)

What od you mean that you tried it in search? Did you not run the command as instructed from the Run box?


----------



## Martin4Jay (Jan 28, 2012)

Sorry I meant "run" not search but I got that message cookie ComboFix /uninstall

I tried this in search and I got a message and I did it correctly

"ComboFix" message

Window cannot find "comboFix" Make sure you typed the name correctly and then try again. To search for a file click the start button and then click search


----------

