# defragment won't defrag all the files in windows XP



## kwatts (Jan 8, 2013)

I Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 4 Stepping 1
Processor Count: 1
RAM: 1021 Mb
Graphics Card: Intel(R) 82865G Graphics Controller, 96 Mb
Hard Drives: C: Total - 72221 MB, Free - 21592 MB;
Motherboard: Dell Computer Corp., 0TC667
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enable


----------



## Cookiegal (Aug 27, 2003)

It's normal that sometimes not all files can be defragmented.

Those are old system restore points that may have been infected and renamed by someone or a security program.

Are you having any problems with your machine?


----------



## flavallee (May 12, 2002)

kwatts:

As Cookiegal already advised, it's normal for some files not to be defragged, especially if they're in use.

Don't forget to answer her question. We're here to help you if we can.

---------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> It's normal that sometimes not all files can be degragmented.
> 
> Those are old system restore points that may have been infected and renamed by someone or a security program.
> 
> Are you having any problems with your machine?


That is the only problem I am having right now. All the other problems have been fixed. Can you suggest anything?


----------



## Cookiegal (Aug 27, 2003)

The restore points can be flushed but I hestitate to do that without knowing what the other problems were and perhaps running further diagnostics.

The restore points are not causing any problem and cannot do anything unless you restore to one that's infected.


----------



## kwatts (Jan 8, 2013)

ok. I don't know what else to do.

Thanks


----------



## Cookiegal (Aug 27, 2003)

Well it would help to know what the problems were that you had before on the computer that you said you fixed.


----------



## flavallee (May 12, 2002)

kwatts:

You previously advised us *"all the other problems had been fixed"*.

You only seemed to be concerned about the defragging process.

When you say *"I don't know what else to do"*, we don't know what you're referring to.

-------------------------------------------------------


----------



## Triple6 (Dec 26, 2002)

To expand, not only is it normal for some files to be skipped, but defraging has little real world value anyway, you're absolutely not suffering any problems from not being able to defrag a few files especially System Restore files that will likely never even be accessed except during virus scans.


----------



## kwatts (Jan 8, 2013)

when I defrag I get message "paused for volume shadow copy".
"Windows forms parking window", "shellcon hidden window", dsagnt.exe., windows installer for photo gallery were all fixed. I still get "net-broadcast event window 2.0.0", I am unable to get rid of this one.


----------



## flavallee (May 12, 2002)

We need to get a better picture of your computer, so do the following:

Go here and click the green "Download latest version" link to download and save *HiJackThis 2.0.4*

After it's been downloaded and saved, close all open windows first, then double-click it to install it.

Allow it to install in its default location - C:\Program Files.

After it's been installed, start it and allow its main window to load.

Uncheck "Do not show this window when I start HiJackThis".

Click "Do a system scan and save a log file".

When the scan is finished in 30 - 60 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the ENTIRE log file here.

-------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:17 AM, on 2/19/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/120
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: MyBHO Class - {3DB0C335-73C5-466c-A622-BD20A1A5B925} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll
O2 - BHO: CleanPageBHO Class - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
O3 - Toolbar: ReadonwebToolbar - {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [Livedrive] "C:\Program Files\CloudZow\Livedrive.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [50C4F87EF1BA04A7C0112EDF6426B804BEF53108._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: CleanPage - {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.psapoll.com/CopyGuardIE.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v54/wwspades/wwspades.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CloudZow VSS Service (CloudZowVSSService) - Unknown owner - C:\Program Files\CloudZow\VSSService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

--
End of file - 15317 bytes


----------



## flavallee (May 12, 2002)

Your HiJackThis log shows 2 very obvious issues:

1. An extremely bloated startup load

2. An infestation of malware, spyware, etc.

----------------------------------------------------------

Let's see what needs to be uninstalled, updated, added, or replaced in that computer.

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the ENTIRE file here. 

----------------------------------------------------------

Which optional external devices do you connect to and use with that computer?

----------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Media Card Companion
AVG Security Toolbar
Banctec Service Agreement
Bing Bar
Bonjour
BookScan&Whiteboard Suite
Brother MFL-Pro Suite MFC-J615W
CDBurnerXP
CloudZow
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CouponBar
Database Conversion Wizard
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
DellSupport
Digital Content Portal
Digital Locker Assistant
Encompass NetBranch Installation Manager
Express Burn
Express Rip
FaceFilter Studio Brother Edition
GdiplusUpgrade
Google Chrome
Google Talk Plugin
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954708)
Humorous Greeting Card Factory
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Infoaxe Toolbar
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 39
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Word Viewer 2003
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
OLYMPUS CAMEDIA Master 4.2
overland
PaperPort Image Printer
Pdf995
PdfEdit995
Personal Ancestral File 5
Personal License Update Wizard for Windows Media Player
Photo Click
Picasa 3
playful_elephants ScreenSaver
Plus! MP3 Audio Converter LE
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Rapport
Readonweb CleanPage
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB974392)
Shockwave
Signature995
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTap
Spelling Dictionaries Support For Adobe Reader 9
Switch
User Profile Hive Cleanup Service
Viewpoint Media Player
Wallery
WavePad Uninstall
WebCyberCoach 3.2 Dell
WebIQ Client Software
WildTangent Web Driver
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Media Player 9 Series 
WiseFixer 4.0


external devices, mouse, speakers and printer


----------



## Cookiegal (Aug 27, 2003)

Have you ever run a registry cleaner type program? I'm not suggesting you do, in fact, the contrary, but that might explain why you don't have all of your Windows updates showing. Or are you having problems with Windows Updates?

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## flavallee (May 12, 2002)

Go to Control Panel - Add Or Remove Programs.

Uninstall/remove all the old Java versions in the order that I've listed them.

*Java 2 Runtime Environment, SE v1.4.2_03

J2SE Runtime Environment 5.0 Update 5

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

Java(TM) SE Runtime Environment 6 Update 1

Java(TM) 6 Update 2

Java(TM) 6 Update 3

Java(TM) 6 Update 5

Java(TM) 6 Update 7

Java(TM) 6 Update 22*

After you're done, restart the computer.

------------------------------------------------------

Go to the *C:\Program Files\Java* folder.

Advise what the names are of the folders inside the *Java* folder.

Do not delete any of them yet!

------------------------------------------------------

Go here, then accept the license agreement, then download and save the "Windows x86 Offline" *jre-6u41-windows-i586.exe* file, then close all open windows first, then install it.

It'll overwrite and update *Java(TM) 6 Update 39* that's currently installed.

------------------------------------------------------

I'm going to hold off on any further instructions until you reply to post #15 and then Cookiegal replies back.

------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

j2re1.4.2_03
jre1.5.0_06
jre1.5.0_10
jre1.6.0_01
jre1.6.0_03
jre1.6.0_07
jre6

jre1.5.0_05
jre1.5.0_09
jre1.5.0_11
jre1.6.0_02
jre1.6.0_05
jre1.6.0_22


----------



## flavallee (May 12, 2002)

kwatts said:


> j2re1.4.2_03
> jre1.5.0_06
> jre1.5.0_10
> jre1.6.0_01
> ...


What are you referring to by this information? 
Are these the names of the folders currently inside the *Java* folder?

Have you installed *Java(TM) 6 Update 41*?

-----------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

Yes these are in the java folder. Yes I have installed the new Java.

KWatts


----------



## flavallee (May 12, 2002)

Okay, I just wanted to be sure.

You can delete all of those folders, except for the *JRE6* folder.

After you're done, restart the computer.

Go to Control Panel and make sure the *Java* applet is still present.

Click the "About" button and make sure version 6 Update 41 is listed.

-----------------------------------------------------------

Don't forget to reply to post #15.

-----------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

I can't find the "about" button for java to make sure version 6 update 41 is listed.


----------



## kwatts (Jan 8, 2013)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {0490C2E3-44AD-43AD-B361-323E2535B053}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Word 2002 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0490C2E3-44AD-43AD-B361-323E2535B053}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-2343432931-39797470-1917149517</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 3000 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="3"/><Date>20041108000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>043C30E70184606C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Dimension DIM3000</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.18.5"/><File Name="WgaLogon.dll" Version="1.7.18.5"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{911B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>62A4EAC3B9ACA0A</Val><Hash>oYFJkmRdgrdNVD6wKZKJMnTn5To=</Hash><Pid>54189-OEM-1650002-00005</Pid><PidType>16</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1B2BEell Inc|1B2BE:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A


----------



## Cookiegal (Aug 27, 2003)

kwatts said:


> I can't find the "about" button for java to make sure version 6 update 41 is listed.


When you open Java in the Control Panel you will see the About button at the top under the General tab.

The system appears to be genuine so either you've run some utility that removes the uninstall strings of the MS updates or there's a problem with Windows Updates. Have you experienced any problems with installing Windows Updates? Are you set to download and install them automatically?


----------



## kwatts (Jan 8, 2013)

I found the "about" button" in Java. I am set to download and install the windows updates. I have no
problem installing them automatically as far as I know.

KWatts


----------



## Cookiegal (Aug 27, 2003)

Using Internet Explorer, please click on *Tools *- *Windows Updates* and let us know if it prompts you to download any updates.

Also, please click on your update history on the left side and let us know if you see any failed updates there.

I suspect all will be fine and it's just the result of running registry cleaners, which you should never do, but best to check to be sure.


----------



## flavallee (May 12, 2002)

You already have *Malwarebytes Anti-Malware 1.70.0.1100* installed, so do the following in the order that they're listed.

------------------------------------------------------

Download and save and then install the free version of

*SUPERAntiSpyware 5.6.0.1014*

Make sure to update its definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, it may offer.

Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

-------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Updates(tab) - Check for Updates".

When the definition files have updated, click "OK".

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------

Start SUPERAntiSpyware.

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-------------------------------------------------------


----------



## flavallee (May 12, 2002)

Get rid of *WiseFixer 4.0*.

To add to what Cookiegal said, do NOT use any cleaner/optimizer/booster/tuneup type program that claims to clean and speed up your computer.

They can damage Windows and break programs and generate error/warning messages and wreak havoc with your computer.

If the damage done is bad enough, reinstalling Windows and getting a fresh start is the only viable option.

---------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Using Internet Explorer, please click on *Tools *- *Windows Updates* and let us know if it prompts you to download any updates.
> 
> Also, please click on your update history on the left side and let us know if you see any failed updates there.
> 
> I suspect all will be fine and it's just the result of running registry cleaners, which you should never do, but best to check to be sure.


I had one update to do for microsoft security essentials. I updated it.


----------



## Cookiegal (Aug 27, 2003)

OK. Thanks. I'm sure flavallee will have more for you to do.


----------



## kwatts (Jan 8, 2013)

flavallee said:


> You already have *Malwarebytes Anti-Malware 1.70.0.1100* installed, so do the following in the order that they're listed.
> 
> ------------------------------------------------------
> 
> ...


 SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/20/2013 at 06:09 PM
Application Version : 5.6.1014
Core Rules Database Version : 10033
Trace Rules Database Version: 7845
Scan type : Quick Scan
Total Scan Time : 00:17:14
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 32359
Registry threats detected : 14
File items scanned : 8825
File threats detected : 542
Adware.HBHelper
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
Registry Cleaner Trial
HKU\S-1-5-21-2343432931-39797470-1917149517-1006\Software\SoftwareOnline.com
PUP.MyWebSearch/FunWebProducts
HKU\S-1-5-21-2343432931-39797470-1917149517-1006\SOFTWARE\FunWebProducts
Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
PUP.PC MightyMax
C:\Documents and Settings\Karen Watts\Application Data\PCMM2009\diagnostic\last-scan
C:\Documents and Settings\Karen Watts\Application Data\PCMM2009\diagnostic
C:\Documents and Settings\Karen Watts\Application Data\PCMM2009\pcmm2009-configuration
C:\Documents and Settings\Karen Watts\Application Data\PCMM2009
Adware.Tracking Cookie
C:\Documents and Settings\Karen Watts\Cookies\[email protected][2].txt [ /accounts.google ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][1].txt [ /accounts.youtube ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][1].txt [ /atdmt ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][2].txt [ /c.atdmt ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][2].txt [ /doubleclick ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][1].txt [ /invitemedia ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][2].txt [ /microsoftwlsearchcrm.112.2o7 ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][2].txt [ /mm.chitika ]
C:\Documents and Settings\Karen Watts\Cookies\[email protected][2].txt [ /msnportal.112.2o7 ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accountonline.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.everyscreenmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fls.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.mlnadvertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.afe.specificclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ees.rotator.hadj1.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.fdma-media.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mshakers.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mshakers.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zionsbank.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.loreal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ees.rotator.hadj1.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
asopctrack.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doctorsassociatesrx.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
asopctrack.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.csc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads3.americasjobexchange.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwlcashback.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight.torbit.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.countryoutfitter.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adjump.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adjump.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
freshtrackz.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
freshtrackz.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clickztrax.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clickztrax.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accountonline.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
consumercenter.gogecapital.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gemoneysusmb2.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gemoneysusgogecapitalcc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tmobile.db.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tabs.buddymedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.webmdhealthservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insights.webmdhealthservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insights.webmdhealthservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.coregmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.reservediscounthotels.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.reservediscounthotels.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.reservediscounthotels.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hotels.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ihg2.db.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ihg.db.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.z.sitescoutadserver.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.biglots.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accountonline.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.applytracking.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oracle.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cms.ad.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
survey.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.px.steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KAREN WATTS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Adware.ShopAtHomeSelect
HKU\S-1-5-21-2343432931-39797470-1917149517-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Rogue.Agent/Gen-Nullo[EXE]
C:\WINDOWS\AVUPDATES061.EXE

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.20.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Karen Watts :: WATTSBK [administrator]
2/20/2013 3:33:56 PM
mbam-log-2013-02-20 (15-33-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207135
Time elapsed: 1 hour(s), 18 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## flavallee (May 12, 2002)

The Malwarebytes Anti-Malware scan was clean.

Did you select and remove everything the SUPERAntiSpyware scan found?

------------------------------------------------------------

Let's see a new "uninstall_list.txt" log.

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

-------------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

Yes, I removed everything the SUPERAntiSpyware scan found.


----------



## flavallee (May 12, 2002)

Okay, good. :up:

I'm waiting for the new log.

---------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Media Card Companion
AVG Security Toolbar
Banctec Service Agreement
Bing Bar
Bonjour
BookScan&Whiteboard Suite
Brother MFL-Pro Suite MFC-J615W
CDBurnerXP
CloudZow
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CouponBar
Database Conversion Wizard
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
DellSupport
Digital Content Portal
Digital Locker Assistant
Encompass NetBranch Installation Manager
Express Burn
Express Rip
FaceFilter Studio Brother Edition
GdiplusUpgrade
Google Chrome
Google Talk Plugin
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954708)
Humorous Greeting Card Factory
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Infoaxe Toolbar
Java(TM) 6 Update 41
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Word Viewer 2003
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
OLYMPUS CAMEDIA Master 4.2
overland
PaperPort Image Printer
Pdf995
PdfEdit995
Personal Ancestral File 5
Personal License Update Wizard for Windows Media Player
Photo Click
Picasa 3
playful_elephants ScreenSaver
Plus! MP3 Audio Converter LE
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Rapport
Readonweb CleanPage
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB974392)
Shockwave
Signature995
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTap
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
User Profile Hive Cleanup Service
Viewpoint Media Player
Wallery
WavePad Uninstall
WebCyberCoach 3.2 Dell
WebIQ Client Software
WildTangent Web Driver
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Media Player 9 Series


----------



## flavallee (May 12, 2002)

*Adobe Reader 10.1.6* needs to be updated to *Adobe Reader 11.0.2*

*Adobe Shockwave Player 11.5* needs to be updated to *Adobe Shockwave Player 12.0.0.112*

*AVG Security Toolbar* needs to be uninstalled/removed.

*Bing Bar* needs to be uninstalled/removed, unless you actually need and use it.

*CouponBar* needs to be uninstalled/removed.

*Macromedia Flash Player* needs to be uninstall/removed(if it's actually present in the list).

*Microsoft Encarta Encyclopedia Standard 2005* is very outdated. Unless you actually need and use it, uninstall/remove it.

*Microsoft Money 2005* is very outdated. Unless you actually need and use it, uninstall/remove it.

*Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE* 
is some of the "bloatware" that came with old computers. Unless you actually need and use it, uninstall/remove it.

Unless you're using anything that's associated with AOL(America Online), *Viewpoint Media Player* can be uninstalled/removed.

--------------------------------------------------


----------



## kwatts (Jan 8, 2013)

I removed all the files you asked me to. Anything else can I do?

KWatts


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste the entire log here.

---------------------------------------------------------

How is the computer running?

---------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:10:28 PM, on 2/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Google\Update\Install\{7E7478E9-B86E-432A-B171-85BDB1C7B00C}\25.0.1364.97_24.0.1312.57_chrome_updater.exe
C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_18D83.tmp\setup.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: MyBHO Class - {3DB0C335-73C5-466c-A622-BD20A1A5B925} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll
O2 - BHO: CleanPageBHO Class - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)
O3 - Toolbar: ReadonwebToolbar - {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [Livedrive] "C:\Program Files\CloudZow\Livedrive.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [50C4F87EF1BA04A7C0112EDF6426B804BEF53108._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: CleanPage - {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.psapoll.com/CopyGuardIE.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v54/wwspades/wwspades.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CloudZow VSS Service (CloudZowVSSService) - Unknown owner - C:\Program Files\CloudZow\VSSService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--
End of file - 14780 bytes

The computer is running a little faster.


----------



## flavallee (May 12, 2002)

Let's get to work on trimming down that severely bloated startup load.

Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Write down ONLY the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them EXACTLY as you see them there.

-----------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

flavallee said:


> Let's get to work on trimming down that severely bloated startup load.
> 
> Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.
> 
> ...


smaxpnp C:\Program Files\anal...HKLM\SOFTWARE\Microsoft\Windows\currentVer...
Intelmem C:\ " " \Intel... "
issch "C:\ " " \Com... "
tfswctrl C:\ Windows\system... "
igfxtray " " " " "
hkcmd " " " " "
igfxpers " " " " "
isuspm "C:\Program Files\com... "
Apdproxy "c:\ " " \Ado... "
vVX3000 C:\Windows/vVx3000... "
winampa "C:\Program Files\Win... "
SSBkgdupdate "c:\Program Files\Com... "
pptd40nt "C:\ " " \Sca... "
IndexSearch "C:\ " " \Sca... "
brctrcen C:\ " " \Brot... "
BrSTNonW C:\ " " \Brow... "
realsched "C:\ " " \Com... "
QTTask "C:\ " " \Quic... "
LifeExp "c:\ " " \Micr... "
DVDLaunder "C:\ " " \Cyb... "
sprtcmd "C:\ " " \Com... "
Reader_sl "C:\ " " \Ado...
msseces "c:\ " " \Micr... "
mm_tray "C:\ " " \Musi... "
AOLSOFtware C:\ " " \Com... "
AdobeARM "C:\ " " \Com... "
jusched "C:\ " " \Com... "
GoogleUpdate "C:\Documents and Se... HKCU\SOFTWARE\MICROSOFT\Windows\Current Ver...
J2GDllCMD "C:\Program Files\eFa... "
Livedrive "C:\Program Files\Clou... "
ctfmon C:\WINDOWS\system... "
chrome "C:\Program Files\Goo... "
WMPNSCFG C:\ " " \Wind... "
SUPERAntiSpyware C:\ " " \SUPE... "
Microsoft Office C:\Program(wavy sign)1\MI193... Common Startup 
Monitor C:\Program (wavy sign)1\ArcSof... Common Startup
QuickBooks Update... C:\Program (wavy sign)1\COMM... Common Startup
eFax4.4 C:\Program (wavy sign)1\EFAXM... Startup
TrueAssistant C:\Program Files\True... "

I can't find the sign for the wavy sign above!


----------



## flavallee (May 12, 2002)

You didn't follow my instructions correctly and made more work for yourself.

Do the following in the order that they're listed.

-------------------------------------------------------

Go to Start - Run - *MSCONFIG* - OK - "Startup" tab.

Remove the checkmark in these startup entries:

*issch

igfxtray

hkcmd

igfxpers

isuspm

Apdproxy

winampa

realsched

QTTask

DVDLauncher

Reader_sl

mm_tray

AdobeARM

jusched

GoogleUpdate

SUPERAntiSpyware

Microsoft Office

QuickBooks Update Agent*

After you're done, click Apply - OK/Close - Exit Without Restart.

Go to Start - Run - *SERVICES.MSC* - OK.

Expand the services window so you can see the list more clearly.

Double-click these service entries, one at a time, to open their properties window:

*Adobe Active File Monitor V5

Adobe Flash Player Update Service

DSBrokerService

GameConsoleService

Google Update Service

Google Update Service

Google Software Updater

Java Quick Starter*

Change "Startup Type" to Manual, then click Apply - OK.

After you're done, close the services window and then restart the computer.

When the small "System Configuration Utility" window appears during restart, ignore its message.

Put a checkmark in the "Do not show - - -" box in the lower left of that window BEFORE you click OK to close it.

-------------------------------------------------------

Use the computer for awhile to make sure everything is still working okay and if speed and "snappiness" has improved.

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

-------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:16 AM, on 2/27/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: MyBHO Class - {3DB0C335-73C5-466c-A622-BD20A1A5B925} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll
O2 - BHO: CleanPageBHO Class - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)
O3 - Toolbar: ReadonwebToolbar - {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [Livedrive] "C:\Program Files\CloudZow\Livedrive.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O9 - Extra button: CleanPage - {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.psapoll.com/CopyGuardIE.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v54/wwspades/wwspades.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CloudZow VSS Service (CloudZowVSSService) - Unknown owner - C:\Program Files\CloudZow\VSSService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--
End of file - 11705 bytes

My computer is running faster now. Here is the HiJack This log.

Thank you!


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

*O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)

O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe*

After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

Close HiJackThis.

(Note: This is just some "housecleaning" of the log)

-------------------------------------------------------

Click Start - Run, then type in

*%temp%* (% is the percentage symbol on the number 5 key)

and then click OK.

Click Start - Run, then type in

*c:\windows\temp*

and then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

If a massive number of files are being deleted, the computer may appear to "hang". Be patient and wait for the deletion process to finish.

After it's done, empty the Recycle Bin and then restart the computer.

-------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

flavallee said:


> Start HiJackThis, then click "Do a system scan only".
> 
> When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:
> 
> ...


I finished what you asked me to do. Anything else?

Thank you!


----------



## flavallee (May 12, 2002)

If you're happy with the way the computer is running now, we're done. :up:

---------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

Yes, I am happy about the way the computer is running, it hasn't run like this for a long, long, long time. Thank you!
I have only one problem that I have tried to fix, and I am out of options now....When I shut down my computer
every night this "end" pops up...Net-broadcast event window 2.0.0... Do you know anything about this problem,
if so what can I do to eliminate this?


----------



## flavallee (May 12, 2002)

> Yes, I am happy about the way the computer is running, it hasn't run like this for a long, long, long time. Thank you!


You're welcome. 



> I have only one problem that I have tried to fix, and I am out of options now....When I shut down my computer
> every night this "end" pops up...Net-broadcast event window 2.0.0... Do you know anything about this problem,
> if so what can I do to eliminate this?


I sure don't. 

It's possibly associated with one of the numerous apps that you're using that I'm not familiar with .

------------------------------------------------------


----------



## kwatts (Jan 8, 2013)

flavallee said:


> You're welcome.
> 
> I sure don't.
> 
> ...


ok, Thank you!


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


Double-click *VEW.exe*

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*


Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:
> 
> 
> Double-click *VEW.exe*
> ...


Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/02/2013 5:14:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/02/2013 9:31:09 AM
Type: error Category: 0
Event: 1013 Source: MsiInstaller
Product: Google Chrome -- This computer already has a more recent version of Google Chrome. If the software is not working, please uninstall Google Chrome and try again.

Log: 'Application' Date/Time: 21/02/2013 9:31:02 AM
Type: error Category: 0
Event: 11722 Source: MsiInstaller
Product: Google Chrome -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action DoInstall, location: C:\WINDOWS\Installer\MSI68.tmp, command: /silent /install "appguid={8A69D345-D564-463c-AFF1-A69D9E530F96}&appname=Google Chrome&needsAdmin=True&brand=GGRV" /installsource enterprisemsi /appargs "appguid={8A69D345-D564-463c-AFF1-A69D9E530F96}&installerdata=%7B%22distribution%22%3A%7B%22msi%22%3Atrue%2C%22system_level%22%3Atrue%2C%22verbose_logging%22%3Atrue%7D%7D"

Log: 'Application' Date/Time: 16/02/2013 8:52:41 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Log: 'Application' Date/Time: 11/02/2013 8:10:03 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 11/02/2013 8:06:49 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 10/02/2013 12:22:20 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application wisefixer.exe, version 1.0.0.1, faulting module registercleandll.dll, version 0.0.0.0, fault address 0x0000fc79.

Log: 'Application' Date/Time: 10/02/2013 10:41:09 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 10/02/2013 10:41:07 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 10/02/2013 10:39:05 AM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 2058850643.

Log: 'Application' Date/Time: 10/02/2013 10:38:37 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/02/2013 5:31:20 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.90.4.21 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 28/02/2013 5:01:18 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.90.4.21 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 26/02/2013 8:10:25 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.90.4.12 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 26/02/2013 7:40:23 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.90.4.12 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 26/02/2013 7:10:21 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.90.4.12 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 25/02/2013 10:36:56 AM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 25/02/2013 10:36:56 AM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 25/02/2013 6:40:42 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.90.4.15 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 25/02/2013 6:10:40 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 10.90.4.16 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 25/02/2013 5:53:49 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.


----------



## Cookiegal (Aug 27, 2003)

Are there other user accounts on the computer besides yourself?

Have you recently tried to uninstall Chrome?


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Are there other user accounts on the computer besides yourself?
> 
> Have you recently tried to uninstall Chrome?


Yes, I am the only user on this computer. I have uninstall chrome and re-installed it.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Sart *- *Run *- type in *dxdiag *and click OK. It will open a screen called DirectX Diagnostic Tool which will run for a minute to collect information from the system. Once it's finished, to the bottom right you will see a button called "Save All Information". Please click on that and save it to Notepad and then copy and paste the contents here.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Please go to *Sart *- *Run *- type in *dxdiag *and click OK. It will open a screen called DirectX Diagnostic Tool which will run for a minute to collect information from the system. Once it's finished, to the bottom right you will see a button called "Save All Information". Please click on that and save it to Notepad and then copy and paste the contents here.


------------------
System Information
------------------
Time of this report: 3/1/2013, 19:22:40
Machine name: WATTSBK
Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 3 (2600.xpsp.080320-1628)
Language: English (Regional Setting: English)
System Manufacturer: Dell Computer Corporation
System Model: Dimension 3000 
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A02
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Memory: 1022MB RAM
Page File: 815MB used, 1642MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5508 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Sound Tab 2: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: Intel(R) 82865G Graphics Controller
Manufacturer: Intel Corporation
Chip type: Intel(R) 82865G Graphics Controller
DAC type: Internal
Device Key: Enum\PCI\VEN_8086&DEV_2572&SUBSYS_019D1028&REV_02
Display Memory: 96.0 MB
Current Mode: 1152 x 864 (32 bit) (72Hz)
Monitor: Dell E173FP
Monitor Max Res: 1280,1024
Driver Name: ialmrnt5.dll
Driver Version: 6.14.0010.4396 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 9/20/2005 09:52:38, 36990 bytes
WHQL Logo'd: n/a
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: ialmnt5.sys
Mini VDD Date: 9/20/2005 10:00:54, 1302332 bytes
Device Identifier: {D7B78E66-6632-11CF-B462-9721A3C2CB35}
Vendor ID: 0x8086
Device ID: 0x2572
SubSys ID: 0x019D1028
Revision ID: 0x0002
Revision ID: 0x0002
Video Accel: 
Deinterlace Caps: n/a
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Not Available
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: SoundMAX Digital Audio
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: PCI\VEN_8086&DEV_24D5&SUBSYS_019D1028&REV_02
Manufacturer ID: 65535
Product ID: 65535
Type: WDM
Driver Name: smwdm.sys
Driver Version: 5.12.0001.5246 (English)
Driver Attributes: Final Retail
WHQL Logo'd: n/a
Date and Size: 1/27/2005 20:31:06, 260352 bytes
Other Files: 
Driver Provider: Analog Devices
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: Yes
EAX(tm) 2.0 Listen/Src: Yes, Yes
I3DL2(tm) Listen/Src: Yes, Yes
Sensaura(tm) ZoomFX(tm): Yes
Registry: OK
Sound Test Result: Not run

Description: SoundTap Recorder
Default Sound Playback: No
Default Voice Playback: No
Hardware ID: *nchssvad
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: nchssvad.sys
Driver Version: 1.00.0000.0000 (English)
Driver Attributes: Final Retail
WHQL Logo'd: n/a
Date and Size: 12/11/2007 16:36:19, 23616 bytes
Other Files: 
Driver Provider: NCH Swift Sound
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: SoundMAX Digital Audio
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: smwdm.sys
Driver Version: 5.12.0001.5246 (English)
Driver Attributes: Final Retail
Date and Size: 1/27/2005 20:31:06, 260352 bytes
Cap Flags: 0x0
Format Flags: 0x0

Description: SoundTap Recorder
Default Sound Capture: No
Default Voice Capture: No
Driver Name: nchssvad.sys
Driver Version: 1.00.0000.0000 (English)
Driver Attributes: Final Retail
Date and Size: 12/11/2007 16:36:19, 23616 bytes
Cap Flags: 0x0
Format Flags: 0x0

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
SoundMAX Digital Audio, Software (Kernel Mode), Output, DLS, Internal
SoundTap Recorder, Software (Kernel Mode), Output, DLS, Internal
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x24D2
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 3/20/2008 07:09:02, 59520 bytes
| Driver: usbd.sys, 8/4/2004 04:00:00, 4736 bytes
| 
+-+ USB Human Interface Device
| | Vendor/Product ID: 0x413C, 0x2005
| | Location: DELL USB Keyboard
| | Matching Device ID: usb\class_03&subclass_01
| | Service: HidUsb
| | Driver: hidusb.sys, 3/20/2008 07:08:52, 10368 bytes
| | Driver: hidclass.sys, 3/20/2008 07:08:51, 36864 bytes
| | Driver: hidparse.sys, 3/20/2008 07:08:48, 24960 bytes
| | Driver: hid.dll, 3/20/2008 13:06:00, 20992 bytes
| | 
| +-+ HID Keyboard Device
| | | Vendor/Product ID: 0x413C, 0x2005
| | | Matching Device ID: hid_device_system_keyboard
| | | Service: kbdhid
| | | Driver: kbdhid.sys, 3/20/2008 07:02:13, 14592 bytes
| | | Driver: kbdclass.sys, 3/20/2008 07:02:11, 24576 bytes
| | 
+-+ USB Human Interface Device
| | Vendor/Product ID: 0x413C, 0x3200
| | Location: Dell USB Mouse
| | Matching Device ID: usb\class_03&subclass_01
| | Service: HidUsb
| | Driver: hidusb.sys, 3/20/2008 07:08:52, 10368 bytes
| | Driver: hidclass.sys, 3/20/2008 07:08:51, 36864 bytes
| | Driver: hidparse.sys, 3/20/2008 07:08:48, 24960 bytes
| | Driver: hid.dll, 3/20/2008 13:06:00, 20992 bytes
| | 
| +-+ HID-compliant mouse
| | | Vendor/Product ID: 0x413C, 0x3200
| | | Matching Device ID: hid_device_system_mouse
| | | Service: mouhid
| | | Driver: mouclass.sys, 3/20/2008 07:02:12, 23040 bytes
| | | Driver: mouhid.sys, 8/17/2001 13:48:00, 12160 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 3/20/2008 13:07:35, 40840 bytes
| Driver: kbdclass.sys, 3/20/2008 07:02:11, 24576 bytes
| 
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 3/20/2008 13:07:35, 40840 bytes
| Driver: mouclass.sys, 3/20/2008 07:02:12, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5508)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5508)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5508)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5508)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5508)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5508)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5508)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5508)

DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Modem Service Provider: Intel(R) 537EP V9x DF PCI Modem
DirectPlay8 Serial Service Provider: COM1
DirectPlay8 Serial Service Provider: COM3
DirectPlay8 Serial Service Provider: COM4
DirectPlay8 TCP/IP Service Provider: Local Area Connection - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 22.9 GB
Total Space: 72.2 GB
File System: NTFS
Model: Maxtor 6Y080L0

Drive: D:
Model: SONY DVD-ROM DDU1615
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5508 (English), 3/20/2008 07:03:22, 62976 bytes

Drive: E:
Model: SONY CD-RW CRX217E
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5508 (English), 3/20/2008 07:03:22, 62976 bytes

--------------
System Devices
--------------
Name: Intel(R) 82865G Graphics Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_019D1028&REV_02\3&172E68DD&0&10
Driver: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys, 6.14.0010.4396 (English), 9/20/2005 10:00:54, 1302332 bytes
Driver: C:\WINDOWS\system32\ialmrnt5.dll, 6.14.0010.4396 (English), 9/20/2005 09:52:38, 36990 bytes
Driver: C:\WINDOWS\system32\ialmdnt5.dll, 6.14.0010.4396 (English), 9/20/2005 09:52:32, 118395 bytes
Driver: C:\WINDOWS\system32\ialmdev5.dll, 6.14.0010.4396 (English), 9/20/2005 09:52:22, 213274 bytes
Driver: C:\WINDOWS\system32\ialmdd5.dll, 6.14.0010.4396 (English), 9/20/2005 09:59:56, 900218 bytes
Driver: C:\WINDOWS\system32\igxpxa32.cpa, 9/20/2005 09:26:40, 524850 bytes
Driver: C:\WINDOWS\system32\igxpxa32.vp, 9/20/2005 09:26:40, 929 bytes
Driver: C:\WINDOWS\system32\igxpxk32.vp, 9/20/2005 09:26:40, 58704 bytes
Driver: C:\WINDOWS\system32\igxpxs32.vp, 9/20/2005 10:14:26, 24736 bytes
Driver: C:\WINDOWS\system32\hccutils.dll, 3.00.0000.4396 (English), 9/20/2005 09:31:12, 73728 bytes
Driver: C:\WINDOWS\system32\igfxsrvc.dll, 3.00.0000.4396 (English), 9/20/2005 09:32:16, 57344 bytes
Driver: C:\WINDOWS\system32\igfxsrvc.exe, 3.00.0000.4396 (English), 9/20/2005 09:32:16, 159744 bytes
Driver: C:\WINDOWS\system32\igfxpph.dll, 3.00.0000.4396 (English), 9/20/2005 09:35:24, 147456 bytes
Driver: C:\WINDOWS\system32\igfxcpl.cpl, 3.00.0000.4396 (English), 9/20/2005 09:35:12, 77824 bytes
Driver: C:\WINDOWS\system32\igfxcfg.exe, 3.00.0000.4396 (English), 9/20/2005 09:35:02, 446464 bytes
Driver: C:\WINDOWS\system32\igfxdev.dll, 3.00.0000.4396 (English), 9/20/2005 09:31:28, 135168 bytes
Driver: C:\WINDOWS\system32\igfxdo.dll, 3.00.0000.4396 (English), 9/20/2005 09:32:30, 86016 bytes
Driver: C:\WINDOWS\system32\igfxtray.exe, 3.00.0000.4396 (English), 9/20/2005 09:35:40, 94208 bytes
Driver: C:\WINDOWS\system32\igfxzoom.exe, 3.00.0000.4396 (English), 9/20/2005 09:36:08, 114688 bytes
Driver: C:\WINDOWS\system32\hkcmd.exe, 3.00.0000.4396 (English), 9/20/2005 09:32:24, 77824 bytes
Driver: C:\WINDOWS\system32\igfxress.dll, 3.00.0000.4396 (English), 9/20/2005 09:35:28, 1503232 bytes
Driver: C:\WINDOWS\system32\igfxpers.exe, 3.00.0000.4396 (English), 9/20/2005 09:36:20, 114688 bytes
Driver: C:\WINDOWS\system32\igfxrara.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:36, 122880 bytes
Driver: C:\WINDOWS\system32\igfxrchs.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:36, 81920 bytes
Driver: C:\WINDOWS\system32\igfxrcht.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:36, 81920 bytes
Driver: C:\WINDOWS\system32\igfxrdan.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:38, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrdeu.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:38, 155648 bytes
Driver: C:\WINDOWS\system32\igfxrenu.lrc, 3.00.0000.4396 (English), 9/20/2005 09:31:32, 135168 bytes
Driver: C:\WINDOWS\system32\igfxresp.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:40, 151552 bytes
Driver: C:\WINDOWS\system32\igfxrfin.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:40, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrfra.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:40, 147456 bytes
Driver: C:\WINDOWS\system32\igfxrheb.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:40, 122880 bytes
Driver: C:\WINDOWS\system32\igfxrita.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:42, 151552 bytes
Driver: C:\WINDOWS\system32\igfxrjpn.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:42, 98304 bytes
Driver: C:\WINDOWS\system32\igfxrkor.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:42, 98304 bytes
Driver: C:\WINDOWS\system32\igfxrnld.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:42, 151552 bytes
Driver: C:\WINDOWS\system32\igfxrnor.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:44, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrplk.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:44, 143360 bytes
Driver: C:\WINDOWS\system32\igfxrptb.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:44, 143360 bytes
Driver: C:\WINDOWS\system32\igfxrptg.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:44, 143360 bytes
Driver: C:\WINDOWS\system32\igfxrrus.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:46, 143360 bytes
Driver: C:\WINDOWS\system32\igfxrsve.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:46, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrtha.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:46, 126976 bytes
Driver: C:\WINDOWS\system32\igfxrcsy.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:38, 139264 bytes
Driver: C:\WINDOWS\system32\igfxrell.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:38, 155648 bytes
Driver: C:\WINDOWS\system32\igfxrhun.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:42, 147456 bytes
Driver: C:\WINDOWS\system32\igfxrtrk.lrc, 3.00.0000.4396 (English), 9/20/2005 09:36:46, 139264 bytes
Driver: C:\WINDOWS\system32\igfxext.exe, 3.00.0000.4396 (English), 9/20/2005 09:36:14, 94208 bytes
Driver: C:\WINDOWS\system32\igfxexps.dll, 3.00.0000.4396 (English), 9/20/2005 09:36:14, 40960 bytes
Driver: C:\WINDOWS\system32\ialmrem.dll, 6.14.0010.4396 (English), 9/20/2005 09:52:36, 49152 bytes
Driver: C:\WINDOWS\system32\iglicd32.dll, 6.14.0010.4396 (English), 9/20/2005 09:43:00, 2310144 bytes
Driver: C:\WINDOWS\system32\igldev32.dll, 6.14.0010.4396 (English), 9/20/2005 09:44:50, 524288 bytes
Driver: C:\WINDOWS\system32\ialmudlg.exe, 0.00.0000.0000 (English), 9/20/2005 09:37:00, 114688 bytes
Driver: C:\WINDOWS\system32\ialmuARA.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:00, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuARB.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:02, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuCHS.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:02, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuCHT.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:02, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuCSY.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuDAN.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:02, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuDEU.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:02, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuELL.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuENG.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:02, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuESP.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:02, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuFIN.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:02, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuFRA.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuFRC.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuHEB.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuHUN.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuITA.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuJPN.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuKOR.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuNLD.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuNOR.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuPLK.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:04, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuPTB.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuPTG.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuRUS.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuSVE.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuTHA.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\ialmuTRK.dll, 0.00.0000.0000 (English), 9/20/2005 09:37:06, 40960 bytes
Driver: C:\WINDOWS\system32\iAlmCoIn_v4396.dll, 1.00.1000.0001 (English), 9/20/2005 09:52:34, 61440 bytes

Name: Intel(R) 82865G\PE\P Processor to I/O Controller - 2570
Device ID: PCI\VEN_8086&DEV_2570&SUBSYS_00000000&REV_02\3&172E68DD&0&00
Driver: n/a

Name: Intel(R) 82801EB USB Universal Host Controller - 24DE
Device ID: PCI\VEN_8086&DEV_24DE&SUBSYS_019D1028&REV_02\3&172E68DD&0&EB
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:00, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:02, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5508 (English), 3/20/2008 13:06:14, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:02, 59520 bytes

Name: Intel(R) 82801EB USB2 Enhanced Host Controller - 24DD
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_019D1028&REV_02\3&172E68DD&0&EF
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:00, 30208 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:02, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5508 (English), 3/20/2008 13:06:14, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:02, 59520 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5508 (English), 3/20/2008 13:06:00, 7168 bytes

Name: Intel(R) 82801EB Ultra ATA Storage Controllers
Device ID: PCI\VEN_8086&DEV_24DB&SUBSYS_019D1028&REV_02\3&172E68DD&0&F9
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/17/2001 12:51:52, 3328 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.5508 (English), 3/20/2008 07:03:04, 24960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.5508 (English), 3/20/2008 07:03:06, 96512 bytes

Name: SoundMAX Integrated Digital Audio
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_019D1028&REV_02\3&172E68DD&0&FD
Driver: n/a

Name: Intel(R) 82801EB USB Universal Host Controller - 24D4
Device ID: PCI\VEN_8086&DEV_24D4&SUBSYS_019D1028&REV_02\3&172E68DD&0&E9
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:00, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:02, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5508 (English), 3/20/2008 13:06:14, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:02, 59520 bytes

Name: Intel(R) 82801EB SMBus Controller - 24D3
Device ID: PCI\VEN_8086&DEV_24D3&SUBSYS_019D1028&REV_02\3&172E68DD&0&FB
Driver: n/a

Name: Intel(R) 82801EB USB Universal Host Controller - 24D2
Device ID: PCI\VEN_8086&DEV_24D2&SUBSYS_019D1028&REV_02\3&172E68DD&0&E8
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:00, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:02, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5508 (English), 3/20/2008 13:06:14, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5508 (English), 3/20/2008 07:09:02, 59520 bytes

Name: Intel(R) 82801EB LPC Interface Controller - 24D0
Device ID: PCI\VEN_8086&DEV_24D0&SUBSYS_00000000&REV_02\3&172E68DD&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5508 (English), 3/20/2008 07:00:13, 37248 bytes

Name: Intel(R) 82801EB PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_C2\3&172E68DD&0&F0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5508 (English), 3/20/2008 07:00:19, 68224 bytes

Name: Intel(R) 537EP V9x DF PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Driver: C:\WINDOWS\system32\DRIVERS\IntelC51.sys, 2.15.0036.0000 (English), 3/6/2004 03:14:42, 1233525 bytes
Driver: C:\WINDOWS\system32\DRIVERS\IntelC52.sys, 4.58.0005.0000 (English), 3/6/2004 03:15:34, 647929 bytes
Driver: C:\WINDOWS\system32\DRIVERS\IntelC53.sys, 2.15.0036.0002 (English), 6/16/2004 02:52:40, 61157 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mohfilt.sys, 7.11.0000.0000 (English), 3/6/2004 03:13:38, 37048 bytes
Driver: C:\WINDOWS\system32\intelmoh.dll, 1.00.0000.0000 (English), 3/6/2004 03:13:26, 172032 bytes
Driver: C:\WINDOWS\system32\mhwt.dll, 1.00.0000.0000 (English), 3/6/2004 03:13:12, 53248 bytes
Driver: C:\WINDOWS\system32\IntelCci.dll, 5.00.0000.0000 (English), 3/6/2004 03:12:56, 34293 bytes

Name: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Driver: C:\WINDOWS\system32\DRIVERS\e100b325.sys, 7.01.0012.0000 (English), 2/10/2004 20:49:14, 154112 bytes
Driver: C:\WINDOWS\system32\Prounstl.exe, 7.00.0006.0000 (English), 11/21/2003 20:26:42, 118784 bytes
Driver: C:\WINDOWS\system32\e100b325.din, 6/27/2002 10:53:38, 5110 bytes
Driver: C:\WINDOWS\system32\IntelNic.dll, 2.05.0001.0000 (English), 7/28/2003 10:55:40, 24064 bytes
Driver: C:\WINDOWS\system32\e100bmsg.dll, 2/18/2004 22:40:00, 12288 bytes

------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:54 279552 bytes
ddrawex.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:54 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 10496 bytes
d3d8.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:54 1179648 bytes
d3d8thk.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:54 8192 bytes
d3d9.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:54 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 436224 bytes
d3dim700.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:54 824320 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 8/4/2004 04:00:00 33040 bytes
dplayx.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 229888 bytes
dpmodemx.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 8/4/2004 04:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 57344 bytes
dplaysvr.exe: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:26 29696 bytes
dpnsvr.exe: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:26 17920 bytes
dpnet.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 375296 bytes
dpnlobby.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:03:03 3072 bytes
dpnaddr.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:03:03 3072 bytes
dpvoice.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 212480 bytes
dpvsetup.exe: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:26 83456 bytes
dpvvox.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 116736 bytes
dpvacm.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 21504 bytes
dpnhpast.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 35328 bytes
dpnhupnp.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 8/4/2004 04:00:00 53520 bytes
dinput.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 158720 bytes
dinput8.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 394240 bytes
joy.cpl: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:57 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/4/2004 04:00:00 76800 bytes
pid.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:10 35328 bytes
dsound.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:56 367616 bytes
dsound3d.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:56 1293824 bytes
dswave.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:56 19456 bytes
dsdmo.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:56 181248 bytes
dsdmoprp.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:56 71680 bytes
dmusic.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 104448 bytes
dmband.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 28672 bytes
dmcompos.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 61440 bytes
dmime.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 181248 bytes
dmloader.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 35840 bytes
dmstyle.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 105984 bytes
dmsynth.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 103424 bytes
dmscript.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:55 82432 bytes
system.dll: 1.01.4322.2407 English Final Retail 7/12/2007 02:06:21 1232896 bytes
Microsoft.DirectX.Direct3D.dll: 9.05.0132.0000 English Final Retail 12/17/2007 12:46:12 473600 bytes
Microsoft.DirectX.Direct3DX.dll: 5.04.0000.3900 English Final Retail 12/17/2007 12:46:04 2676224 bytes
Microsoft.DirectX.Direct3DX.dll: 9.04.0091.0000 English Final Retail 12/17/2007 12:46:05 2846720 bytes
Microsoft.DirectX.Direct3DX.dll: 9.05.0132.0000 English Final Retail 12/17/2007 12:46:06 563712 bytes
Microsoft.DirectX.Direct3DX.dll: 9.06.0168.0000 English Final Retail 12/17/2007 12:46:07 567296 bytes
Microsoft.DirectX.Direct3DX.dll: 9.07.0239.0000 English Final Retail 12/17/2007 12:46:07 576000 bytes
Microsoft.DirectX.Direct3DX.dll: 9.08.0299.0000 English Final Retail 12/17/2007 12:46:08 577024 bytes
Microsoft.DirectX.Direct3DX.dll: 9.09.0376.0000 English Final Retail 12/17/2007 12:46:08 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.10.0455.0000 English Final Retail 12/17/2007 12:46:09 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.11.0519.0000 English Final Retail 12/17/2007 12:46:09 578560 bytes
Microsoft.DirectX.Direct3DX.dll: 9.12.0589.0000 English Final Retail 12/17/2007 12:46:13 578560 bytes
Microsoft.DirectX.DirectDraw.dll: 5.04.0000.2904 English Final Retail 12/17/2007 12:46:13 145920 bytes
Microsoft.DirectX.DirectInput.dll: 5.04.0000.2904 English Final Retail 12/17/2007 12:46:13 159232 bytes
Microsoft.DirectX.DirectPlay.dll: 5.04.0000.2904 English Final Retail 12/17/2007 12:46:14 364544 bytes
Microsoft.DirectX.DirectSound.dll: 5.04.0000.2904 English Final Retail 12/17/2007 12:46:14 178176 bytes
Microsoft.DirectX.AudioVideoPlayback.dll: 5.04.0000.2904 English Final Retail 12/17/2007 12:46:11 53248 bytes
Microsoft.DirectX.Diagnostics.dll: 5.04.0000.2904 English Final Retail 12/17/2007 12:46:12 12800 bytes
Microsoft.DirectX.dll: 5.04.0000.2904 English Final Retail 12/17/2007 12:46:10 223232 bytes
dx7vb.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:56 619008 bytes
dx8vb.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:56 1227264 bytes
dxdiagn.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:56 2113536 bytes
mfc40.dll: 4.01.0000.6140 English Final Retail 8/4/2004 04:00:00 924432 bytes
mfc42.dll: 6.02.4131.0000 English Final Retail 3/20/2008 13:06:03 1028096 bytes
wsock32.dll: 5.01.2600.5508 English Final Retail 3/20/2008 13:06:15 22528 bytes
amstream.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:05:51 70656 bytes
devenum.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:05:54 59904 bytes
dxmasf.dll: 6.04.0009.1133 English Final Retail 3/20/2008 13:05:56 498742 bytes
mciqtz32.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:03 35328 bytes
mpg2splt.ax: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:58 148992 bytes
msdmo.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:06 14336 bytes
encapi.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:05:57 20480 bytes
qasf.dll: 11.00.5721.5262 English Final Retail 1/30/2009 19:34:02 211456 bytes
qcap.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:10 192512 bytes
qdv.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:10 279040 bytes
qdvd.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:10 386048 bytes
qedit.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:10 562176 bytes
qedwipes.dll: 6.05.2600.5508 English Final Retail 3/20/2008 05:41:42 733696 bytes
quartz.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:10 1288192 bytes
strmdll.dll: 4.01.0000.3936 English Final Retail 3/20/2008 13:06:13 246814 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 3/20/2008 13:06:57 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 3/20/2008 13:06:58 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 3/20/2008 13:06:01 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 3/20/2008 13:06:02 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 3/20/2008 13:06:02 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 3/20/2008 13:06:02 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 3/20/2008 13:06:02 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 3/20/2008 13:06:58 154624 bytes
mswebdvd.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:08 203776 bytes
ks.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:38:34 141056 bytes
ksproxy.ax: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:58 129536 bytes
ksuser.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:02 4096 bytes
stream.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:08:40 49280 bytes
mspclock.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:02:21 5376 bytes
mspqm.sys: 5.01.2600.5508 English Final Retail 3/20/2008 07:02:22 4992 bytes
mskssrv.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:02:22 7552 bytes
swenum.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:02:23 4352 bytes
mstee.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:02:22 5504 bytes
ipsink.ax: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:57 16384 bytes
mpeg2data.ax: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:58 118272 bytes
ndisip.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:09:52 10880 bytes
streamip.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:09:51 15232 bytes
msvidctl.dll: 6.05.2600.5508 English Final Retail 3/20/2008 13:06:08 1428992 bytes
slip.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:09:55 11136 bytes
nabtsfec.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:10:05 85248 bytes
ccdecode.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:09:56 17024 bytes
vbisurf.ax: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:58 30208 bytes
msyuv.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:08 16896 bytes
kstvtune.ax: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:58 61952 bytes
ksxbar.ax: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:58 43008 bytes
kswdmcap.ax: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:58 91136 bytes
vfwwdm32.dll: 5.01.2600.5508 English Final Retail 3/20/2008 13:06:14 53760 bytes
wstcodec.sys: 5.03.2600.5508 English Final Retail 3/20/2008 07:09:59 19200 bytes
wstdecod.dll: 5.03.2600.5508 English Final Retail 3/20/2008 13:06:15 50688 bytes

------------------
DirectShow Filters
------------------

WDM Streaming VBI Codecs:
NABTS/FEC VBI Codec,0x00200000,2,1,,5.03.2600.5508
CC Decoder,0x00200000,2,1,,5.03.2600.5508
WST Codec,0x00200000,1,1,,5.03.2600.5508

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMA Voice Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
G2M Session Decoder,0x00600000,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.5508
RealPlayer Video Filter,0x00200000,1,1,rdsf3260.dll,15.00.0004.0053
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.5508
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.5508
WM ASF Reader,0x00400000,0,0,qasf.dll,11.00.5721.5262
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,11.00.5721.5262
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.5508
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.5508
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2600.5508
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2600.5508
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5508
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.5508
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.5508
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.05.0000.0050
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2600.5508
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5508
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.5508
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,11.00.5721.5262
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.5508
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Track2Filter,0x00200000,0,0,Track2Filter.dll,
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ASX file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5262
NSC file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.5508
Windows Media source filter,0x00600000,0,2,wmpasf.dll,11.00.5721.5262
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5508
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2600.5508
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.5508
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.5508
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.5508
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.5508
WM ASF Writer,0x00400000,0,0,qasf.dll,11.00.5721.5262
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.5508
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4487
File writer,0x00200000,1,0,qcap.dll,6.05.2600.5508
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.5508
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.5508
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.5508
.RAM file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5262
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2600.5508
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.5508
RealPlayer Transcode Filter,0x00600000,0,0,rdsf3260.dll,15.00.0004.0053
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,11.00.5721.5262
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ASF URL Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5262
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.5508
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.5508
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,mpeg2data.ax,
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2600.5508
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.5508
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.5508
RealPlayer Audio Filter,0x00200000,1,1,rdsf3260.dll,15.00.0004.0053
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5508
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.5508
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.5508
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.5508
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.5508
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.5508
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.5508
XML Playlist,0x00400000,1,0,wmpasf.dll,11.00.5721.5262
CyberLink Line21 Decoder Filter,0x00200000,0,2,CLLine21.ax,4.00.0000.4418
CyberLink Video/SP Decoder DELL 5.3,0x00600000,2,3,CLVSD.ax,6.00.0000.0818
CyberLink AudioCD Filter,0x00600000,0,1,CLAudioCD.ax,5.00.0000.1305
CyberLink TimeStretch Filter,0x00200000,1,1,clauts.ax,1.00.0000.2519
CyberLink DVD Navigator,0x00600000,0,3,CLNavX.ax,5.03.0000.1209
CyberLink Audio Decoder,0x00601000,1,1,claud.ax,6.00.0000.1423
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.5508
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.5508
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.5508
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.5508
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Track1Filter,0x00200000,0,0,Track1Filter.dll,
WMplug,0x009001f4,1,1,wtwmplug.ax,
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Sonic Cinemaster® DS VCD Navigator,0x00200000,0,3,CinemasterVCDNav.dll,1.00.0000.0170
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.5508
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5508
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.5508
Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003

WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5508

WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00000000,0,0,,
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,,5.03.2600.5508
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,,5.03.2600.5508
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,,5.03.2600.5508

Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,,
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.5508
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.5508
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.5508
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.5508
Intel Indeo(R) Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.5508
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.5508
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.5508
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.5508
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5508
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5508
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.5508
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.5508

Audio Compressors:
WMA Voice Encoder DMO,0x00600800,1,1,,
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.5508
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5508
PCM,0x00200000,1,1,quartz.dll,6.05.2600.5508
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5508
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.5508
DSP Group TrueSpeech(TM),0x00200000,1,1,quartz.dll,6.05.2600.5508
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.5508
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.5508
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.5508
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.5508
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.5508
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.5508
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.5508

Audio Capture Sources:
SoundMAX Digital Audio,0x00200000,0,0,qcap.dll,6.05.2600.5508
SoundTap Recorder,0x00200000,0,0,qcap.dll,6.05.2600.5508

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.5508
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.05.2600.5508

WDM Streaming Capture Devices:
SoundMAX Digital Audio,0x00000000,0,0,,
,0x00000000,0,0,,

WDM Streaming Rendering Devices:
SoundMAX Digital Audio,0x00000000,0,0,,
SoundTap Recorder,0x00200000,2,2,,5.03.2600.5508

BDA Rendering Filters:
BDA IP Sink,0x00200000,1,1,,5.03.2600.5508

BDA Transport Information Renderers:
MPEG-2 Sections and Tables,0x00600000,1,0,mpeg2data.ax,

WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2600.5508
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2600.5508
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2600.5508

WDM Streaming Communication Transforms:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5508

Audio Renderers:
SoundMAX Digital Audio,0x00200000,1,0,quartz.dll,6.05.2600.5508
CyberLink Audio Renderer,0x00200000,1,0,cladr.ax,6.00.0000.1319
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.5508
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.5508
DirectSound: SoundMAX Digital Audio,0x00200000,1,0,quartz.dll,6.05.2600.5508
DirectSound: SoundTap Recorder,0x00200000,1,0,quartz.dll,6.05.2600.5508
SoundTap Recorder,0x00200000,1,0,quartz.dll,6.05.2600.5508

WDM Streaming System Devices:
SoundMAX Digital Audio,0x00200000,11,2,,5.03.2600.5508
SoundTap Recorder,0x00200000,4,2,,5.03.2600.5508

BDA Receiver Component:
BDA Slip De-Framer,0x00600000,1,1,,5.03.2600.5508


----------



## Cookiegal (Aug 27, 2003)

Did you ever try to change the video card to an ATI Radeon one?


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Did you ever try to change the video card to an ATI Radeon one?


No, what is that?


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.

Also, using HIjackThis please do the following:

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Please post a new HijackThis log.
> 
> Also, using HIjackThis please do the following:
> 
> ...


StartupList report, 3/2/2013, 2:06:21 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup]
eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
VX3000 = C:\WINDOWS\vVX3000.exe
SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD = "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
IndexSearch = "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
PPort11reminder = "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
ControlCenter3 = C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
BrStsMon00 = C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
LifeCam = "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
ddoctorv2 = "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HostManager = C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

eFax 4.4 = "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
Livedrive = "C:\Program Files\CloudZow\Livedrive.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{05857044-ce23-4676-9ca3-45c57b0cc629}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[>{b5f15cbd-370a-4244-8f42-14cba2eb4e2c}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

[{8A69D345-D564-463c-AFF1-A69D9E530F96}] *
StubPath = "C:\Program Files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmyst.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
MyBHO Class - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll - {3DB0C335-73C5-466c-A622-BD20A1A5B925}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Java\jre7\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
(no name) - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll - {EDF48A39-1442-463F-9F4E-F376A78D034A}
CleanPageBHO Class - C:\Program Files\Readonweb\CleanPage\CleanPage.dll - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
At1.job
Driver Robot.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006Core.job
GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006UA.job
Microsoft Antimalware Scheduled Scan.job
Microsoft_Hardware_Launch_LifeExp_exe.job
RealUpgradeLogonTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
RealUpgradeScheduledTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
Registry Optimizer_DEFAULT.job
Registry Optimizer_UPDATES.job
User_Feed_Synchronization-{3D799EC0-67C1-4594-8868-87BDE4A2B02F}.job

--------------------------------------------------

Enumerating Download Program Files:

[ZenGems Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\zengems.ocx
CODEBASE = http://www.worldwinner.com/games/v54/zengems/zengems.cab

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab

[FunGamesLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FunGamesLoader.dll
CODEBASE = http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab

[SolitaireRush Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SOLITA~1.OCX
CODEBASE = http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab

[CopyGuardCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CopyGuardIE.dll
CODEBASE = http://www.psapoll.com/CopyGuardIE.cab

[BJA Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\bja.ocx
CODEBASE = http://www.worldwinner.com/games/v63/bjattack/bja.cab

[Bejeweled Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BEJEWE~1.OCX
CODEBASE = http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390

[Wwlaunch Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wwlaunch.ocx
CODEBASE = http://www.worldwinner.com/games/shared/wwlaunch.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

[BejeweledTwist Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BEJEWE~2.OCX
CODEBASE = http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

[ActiveFormX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\print3.ocx
CODEBASE = https://widow1.factualdata.com/ocx/print3.ocx

[WoF Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wof.ocx
CODEBASE = http://www.worldwinner.com/games/v57/wof/wof.cab

[CBSTIEPrint Class]
InProcServer32 = C:\WINDOWS\system32\BSTIEPrintCtl1.dll
CODEBASE = http://offers.e-centives.com/cif/download/bin/actxcab.cab

[SwapIt Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\swapit.ocx
CODEBASE = http://www.worldwinner.com/games/v67/swapit/swapit.cab

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

[WWSpades Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wwspades.ocx
CODEBASE = http://www.worldwinner.com/games/v54/wwspades/wwspades.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
NameSpace #5: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\rsvpsp.dll
Protocol #13: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

SAS Core Service: "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" (autostart)
abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe Active File Monitor V5: C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (manual start)
Adobe Flash Player Update Service: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (manual start)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Brother USB Still Image driver: system32\DRIVERS\BrScnUsb.sys (manual start)
Brother Serial Interface Driver(WDM): system32\DRIVERS\BrSerIb.sys (manual start)
Brother Serial USB Driver(WDM): system32\DRIVERS\BrUsbSIb.sys (manual start)
BrYNSvc: "C:\Program Files\Browny02\BrYNSvc.exe" (manual start)
CbFs: \??\C:\WINDOWS\system32\drivers\cbfs.sys (system)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CloudZow VSS Service: "C:\Program Files\CloudZow\VSSService.exe" (autostart)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\drivers\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
DSBrokerService: "C:\Program Files\DellSupport\brkrsvc.exe" (manual start)
DSproct: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (manual start)
DellSupport UniDriver: system32\DRIVERS\dsunidrv.sys (autostart)
Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GameConsoleService: "C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe" (manual start)
GEAR ASPI Filter Driver: system32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Update Service (gupdate): "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (manual start)
Google Update Service (gupdatem): "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelC51: system32\DRIVERS\IntelC51.sys (manual start)
IntelC52: system32\DRIVERS\IntelC52.sys (manual start)
IntelC53: system32\DRIVERS\IntelC53.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
mohfilt: system32\DRIVERS\mohfilt.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
Microsoft Malware Protection Driver: system32\DRIVERS\MpFilter.sys (system)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
MSCamSvc: "c:\Program Files\Microsoft LifeCam\MSCamS32.exe" (autostart)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Antimalware Service: "c:\Program Files\Microsoft Security Client\MsMpEng.exe" (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Media Technology Kernel Driver: System32\Drivers\fide.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SoundTap Recorder: system32\drivers\nchssvad.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Nielsen USB GFX: system32\drivers\nielgfx.sys (manual start)
Nielsen Patch Service: system32\DRIVERS\nielprt.sys (system)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMSAccessU: C:\Program Files\CDBurnerXP\NMSAccessU.exe (autostart)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
RapportCerberus_43926: \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys (system)
RapportEI: \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (system)
RapportKELL: System32\Drivers\RapportKELL.sys (system)
Rapport Management Service: "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" (autostart)
RapportPG: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
senfilt: system32\drivers\senfilt.sys (manual start)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
High-Capacity Floppy Disk Drive: system32\DRIVERS\sfloppy.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
ssrtln: system32\drivers\ssrtln.sys (system)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
SWDUMon: system32\DRIVERS\SWDUMon.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
User Profile Hive Cleanup: C:\Program Files\UPHClean\uphclean.exe (autostart)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
VX-3000: system32\DRIVERS\VX3000.sys (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Kernel Mode Driver Frameworks service: System32\Drivers\wdf01000.sys (system)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (autostart)
Windows Presentation Foundation Font Cache 4.0.0.0: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\Karen Watts\Local Settings\Temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll||C:\Documents and Settings\Karen Watts\Local Settings\Temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 45,885 bytes
Report generated in 0.515 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.
> 
> The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.
> 
> ...


ComboFix 13-03-02.01 - Karen Watts 03/02/2013 20:22:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.515 [GMT -7:00]
Running from: c:\documents and settings\Karen Watts\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\KARENW~1\LOCALS~1\Temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Karen Watts\Application Data\Toolbar4
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0533ddea046b79382344642507f45004
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0753dc69e4d9bd29ba5a4f0b2ed6449b
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\09243a7e0d5263f96fccb70e16bb0476
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0b9a7a3e0c1c165779dd33b229048b21
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0c74e33c6b89503129478a0eae095b4d
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0e1466e34ff25e57fa813d21ebfe7cf6
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\24234224fe547fa5f61335a325f858b5
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\2612ed9846214cbf7e954476bb044b3b
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\323af8f156d5bb22bb38cd2ce83959de
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\36402215e280142e9fec69a27ce97d32
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\3739298d2bc9d6b94dadd7b19b48ecb3
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\476905aa92e1c9a617bd41ce5318660f
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4c667e8e6ec412f944dcb9352b851013
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4d2e45ddaef75a6d2c9afdbc763c3752
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4e2d5ba12b0ed08ba8960c3e874a01cb
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\560ff84a7533e0f37b61b702a5403538
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\59a443f04bf13d1170b3dfc61f51b928
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5bc8ebf64906d196c815a3f28ee7be81
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5dcc33988f89c01e09411de1fadabde2
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5e4a0304a53d72265f5f470649d2f616
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5fceefa5d8207202cd84891c2e491f65
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\753df778c49000ceb420710ab27250f3
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\7aab54a686f169a739561ca08b97d70b
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\829a174ff56578e2e86c6ea74ceac599
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8c192effd1339f8e52b7695d8409b038
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\97be6f9cdebaa8074491269ce024994b
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9ac01b227ded0862f1cacbfb3aa57c30
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a03f31127270e5ec9c753d5978824827
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a0c60a9410bfbe84abdf5e97d0c4c25b
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\aa65030026dd406f81e1d2f100fe7920
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b4129101a6dd1056cc66cb8ee0ed07cb
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b576b7d306b9484794e87c4894171e9c
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b672745e0fa0b3d70622c3426bdb0fe6
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b8cb931520574f1fbe2d6a417ab188a3
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cadd36508a4b8f2e96e6251f59441e6d
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cf00f968a680ae7de4f426758f29e399
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d210e926e7fc2fc8277b03dcf0f51bf7
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\dd63f857ccdda3776635728c6e9c9da5
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\df93d78ff74b9089b7e56bad7abf8d54
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e0274c4eebf32d7d1bf0e38726e4ea71
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e676561c84d9a41ec2ac1b9379b89748
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fdcfc40763b6755ae687e945adb4dba4
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe98d58b0232c74e3b47d141e87aaa18
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\merchant_notification
c:\documents and settings\Karen Watts\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\include_files\879ecc39d0be00e1ba71e4872c078138
c:\documents and settings\Karen Watts\g2mdlhlpx.exe
c:\documents and settings\Karen Watts\Local Settings\Temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll
c:\documents and settings\Karen Watts\My Documents\~WRL0005.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\Cache
c:\windows\system32\Cache\18fcbd17b37bb379.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\999670b78d3eadba.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b64b26b4b9c44e52.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0c847ad9f977f1b.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))
.
.
2013-02-22 00:06 . 2013-02-22 00:06	--------	d-----w-	c:\documents and settings\Karen Watts\Local Settings\Application Data\Sun
2013-02-21 23:41 . 2013-02-21 23:40	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-02-21 23:41 . 2013-02-21 23:40	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-21 00:48 . 2013-02-21 00:48	--------	d-----w-	c:\documents and settings\Karen Watts\Application Data\SUPERAntiSpyware.com
2013-02-21 00:48 . 2013-02-21 00:48	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-02-21 00:48 . 2013-02-21 00:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-02-19 14:39 . 2013-02-19 14:39	388096	----a-r-	c:\documents and settings\Karen Watts\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-19 14:38 . 2013-02-19 14:38	--------	d-----w-	c:\program files\Trend Micro
2013-02-17 16:00 . 2013-02-17 16:04	--------	dc-h--w-	c:\windows\ie8
2013-02-15 22:04 . 2013-02-15 22:04	208448	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-07 13:32 . 2013-02-15 13:17	465280	----a-r-	c:\windows\system32\cpnprt2win32.cid
2013-02-07 13:32 . 2013-02-07 13:32	--------	d-----w-	c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 00:07 . 2012-04-12 11:24	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-27 00:07 . 2011-06-10 10:49	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 23:40 . 2012-06-17 00:01	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-21 23:40 . 2010-05-03 11:37	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2009-10-03 01:01	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-25 23:49 . 2008-01-10 20:16	1671168	----a-w-	c:\windows\system32\pdfmona.dll
2013-01-25 23:49 . 2008-01-10 20:16	36864	----a-w-	c:\windows\system32\pdf995mon.dll
2013-01-23 16:48 . 2013-01-23 16:48	25992	----a-w-	c:\windows\system32\pgdfgsvc.exe
2013-01-22 13:22 . 2013-01-22 13:22	74703	----a-w-	c:\windows\system32\mfc45.dll
2013-01-08 17:16 . 2013-01-08 17:16	3584	----a-r-	c:\documents and settings\Karen Watts\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2013-01-07 14:41 . 2013-01-07 14:44	4728200	----a-w-	c:\windows\uninst.exe
2012-12-14 23:49 . 2008-12-19 22:26	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2006-10-26 17:29 . 2006-10-26 17:30	774144	-c--a-w-	c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"Livedrive"="c:\program files\CloudZow\Livedrive.exe" [2012-09-17 3280384]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"HostManager"="c:\program files\Common Files\AOL\1145981300\ee\AOLSoftware.exe" [2006-04-20 50792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Karen Watts\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
TrueAssistant.lnk - c:\program files\TrueSwitchComcast\TrueWizard.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2006-2-7 110592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 14:55	61440	----a-w-	c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19	53248	-c----w-	c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-15 16:16	133104	----atw-	c:\documents and settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32	77824	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36	114688	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35	94208	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44	249856	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44	81920	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-09-18 20:46	110592	-c--a-w-	c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-01 19:45	4763008	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Documents and Settings\\Karen Watts\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145981300\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145981300\\ee\\aolsoftware.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [7/29/2012 7:52 PM 65848]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [4/12/2012 12:25 PM 146904]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/30/2012 5:23 AM 272216]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [7/29/2012 7:52 PM 71480]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/29/2012 7:52 PM 166840]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 11:54 AM 116608]
R2 CloudZowVSSService;CloudZow VSS Service;c:\program files\CloudZow\VSSService.exe [9/17/2012 3:12 PM 156288]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/29/2012 7:52 PM 976728]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [10/26/2011 1:35 PM 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [10/26/2011 1:35 PM 11520]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [10/26/2011 1:34 PM 245760]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [11/30/2007 12:41 PM 14601]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [10/19/2012 9:25 AM 13024]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-21 22:10	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 00:07]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-17 16:25]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-17 16:25]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006Core.job
- c:\documents and settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-15 16:16]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006UA.job
- c:\documents and settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-15 16:16]
.
2007-12-17 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
2013-03-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 00:21]
.
2013-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 00:21]
.
2013-03-03 c:\windows\Tasks\User_Feed_Synchronization-{3D799EC0-67C1-4594-8868-87BDE4A2B02F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{6C8F2C29-0F94-49ff-8262-E12226CA34B0} - {4AD7B62C-7CDF-442a-9615-E16551AC5EC7} - c:\program files\Readonweb\CleanPage\CleanPage.dll
TCP: DhcpNameServer = 69.169.190.211 208.72.160.67
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\Coupons.com CouponBar\tbcore3.dll
HKLM-Run-ddoctorv2 - c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-Shockwave - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-02 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3312)
c:\program files\CloudZow\LivedriveExtensions.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2013-03-02 20:49:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-03 03:49
.
Pre-Run: 23,653,253,120 bytes free
Post-Run: 24,120,733,696 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 047E3656609A8BB22F41C7FB96D72F4F


----------



## Cookiegal (Aug 27, 2003)

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Please download AdwCleaner from here to your desktop
> 
> Run AdwCleaner and select "Search" (do not select "Delete" at this time)
> 
> Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


# AdwCleaner v2.113 - Logfile created 03/03/2013 at 10:15:26
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Karen Watts - WATTSBK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Karen Watts\My Documents\Downloads\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\TBSB07898
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-2343432931-39797470-1917149517-1006\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-2343432931-39797470-1917149517-1006\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKU\S-1-5-21-2343432931-39797470-1917149517-1006\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9478 octets] - [03/03/2013 10:15:26]

########## EOF - C:\AdwCleaner[R1].txt - [9538 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run AdwCleaner again and this time select the "delete" option and then post the resulting log.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Please run AdwCleaner again and this time select the "delete" option and then post the resulting log.


# AdwCleaner v2.113 - Logfile created 03/03/2013 at 17:36:20
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Karen Watts - WATTSBK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Karen Watts\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\TBSB07898
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9607 octets] - [03/03/2013 10:15:26]
AdwCleaner[S1].txt - [9281 octets] - [03/03/2013 17:36:20]

########## EOF - C:\AdwCleaner[S1].txt - [9341 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please do the following again because I want to see if some entries have now been removed that I noticed there.

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Please do the following again because I want to see if some entries have now been removed that I noticed there.
> 
> Please open HijackThis.
> Click on *Open Misc Tools Section*
> ...


StartupList report, 3/5/2013, 7:49:19 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup]
eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
VX3000 = C:\WINDOWS\vVX3000.exe
SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD = "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
IndexSearch = "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
PPort11reminder = "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
ControlCenter3 = C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
BrStsMon00 = C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
LifeCam = "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
HostManager = C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

eFax 4.4 = "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
Livedrive = "C:\Program Files\CloudZow\Livedrive.exe"
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{05857044-ce23-4676-9ca3-45c57b0cc629}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[>{b5f15cbd-370a-4244-8f42-14cba2eb4e2c}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

[{8A69D345-D564-463c-AFF1-A69D9E530F96}] *
StubPath = "C:\Program Files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmyst.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
MyBHO Class - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll - {3DB0C335-73C5-466c-A622-BD20A1A5B925}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Java\jre7\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
(no name) - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll - {EDF48A39-1442-463F-9F4E-F376A78D034A}
CleanPageBHO Class - C:\Program Files\Readonweb\CleanPage\CleanPage.dll - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006Core.job
GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006UA.job
Microsoft_Hardware_Launch_LifeExp_exe.job
RealUpgradeLogonTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
RealUpgradeScheduledTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
User_Feed_Synchronization-{3D799EC0-67C1-4594-8868-87BDE4A2B02F}.job

--------------------------------------------------

Enumerating Download Program Files:

[ZenGems Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\zengems.ocx
CODEBASE = http://www.worldwinner.com/games/v54/zengems/zengems.cab

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab

[FunGamesLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FunGamesLoader.dll
CODEBASE = http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab

[SolitaireRush Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SOLITA~1.OCX
CODEBASE = http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab

[CopyGuardCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CopyGuardIE.dll
CODEBASE = http://www.psapoll.com/CopyGuardIE.cab

[BJA Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\bja.ocx
CODEBASE = http://www.worldwinner.com/games/v63/bjattack/bja.cab

[Bejeweled Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BEJEWE~1.OCX
CODEBASE = http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390

[Wwlaunch Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wwlaunch.ocx
CODEBASE = http://www.worldwinner.com/games/shared/wwlaunch.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

[BejeweledTwist Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BEJEWE~2.OCX
CODEBASE = http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

[ActiveFormX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\print3.ocx
CODEBASE = https://widow1.factualdata.com/ocx/print3.ocx

[WoF Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wof.ocx
CODEBASE = http://www.worldwinner.com/games/v57/wof/wof.cab

[CBSTIEPrint Class]
InProcServer32 = C:\WINDOWS\system32\BSTIEPrintCtl1.dll
CODEBASE = http://offers.e-centives.com/cif/download/bin/actxcab.cab

[SwapIt Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\swapit.ocx
CODEBASE = http://www.worldwinner.com/games/v67/swapit/swapit.cab

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

[WWSpades Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wwspades.ocx
CODEBASE = http://www.worldwinner.com/games/v54/wwspades/wwspades.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
NameSpace #5: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\rsvpsp.dll
Protocol #13: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

SAS Core Service: "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" (autostart)
abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Adobe Active File Monitor V5: C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (manual start)
Adobe Flash Player Update Service: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (manual start)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
BITS: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Brother USB Still Image driver: system32\DRIVERS\BrScnUsb.sys (manual start)
Brother Serial Interface Driver(WDM): system32\DRIVERS\BrSerIb.sys (manual start)
Brother Serial USB Driver(WDM): system32\DRIVERS\BrUsbSIb.sys (manual start)
BrYNSvc: "C:\Program Files\Browny02\BrYNSvc.exe" (manual start)
catchme: \??\C:\ComboFix\catchme.sys (manual start)
CbFs: \??\C:\WINDOWS\system32\drivers\cbfs.sys (system)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
CloudZow VSS Service: "C:\Program Files\CloudZow\VSSService.exe" (autostart)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\drivers\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
DSBrokerService: "C:\Program Files\DellSupport\brkrsvc.exe" (manual start)
DSproct: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (manual start)
DellSupport UniDriver: system32\DRIVERS\dsunidrv.sys (autostart)
Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GameConsoleService: "C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe" (manual start)
GEAR ASPI Filter Driver: system32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Update Service (gupdate): "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (manual start)
Google Update Service (gupdatem): "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelC51: system32\DRIVERS\IntelC51.sys (manual start)
IntelC52: system32\DRIVERS\IntelC52.sys (manual start)
IntelC53: system32\DRIVERS\IntelC53.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
mohfilt: system32\DRIVERS\mohfilt.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
MSCamSvc: "c:\Program Files\Microsoft LifeCam\MSCamS32.exe" (autostart)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Media Technology Kernel Driver: System32\Drivers\fide.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SoundTap Recorder: system32\drivers\nchssvad.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Nielsen USB GFX: system32\drivers\nielgfx.sys (manual start)
Nielsen Patch Service: system32\DRIVERS\nielprt.sys (system)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMSAccessU: C:\Program Files\CDBurnerXP\NMSAccessU.exe (autostart)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
RapportCerberus_43926: \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys (system)
RapportEI: \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (system)
RapportKELL: System32\Drivers\RapportKELL.sys (system)
Rapport Management Service: "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" (autostart)
RapportPG: \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
senfilt: system32\drivers\senfilt.sys (manual start)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
High-Capacity Floppy Disk Drive: system32\DRIVERS\sfloppy.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
ssrtln: system32\drivers\ssrtln.sys (system)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
SWDUMon: system32\DRIVERS\SWDUMon.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k DComLaunch (manual start)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
User Profile Hive Cleanup: C:\Program Files\UPHClean\uphclean.exe (autostart)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
VX-3000: system32\DRIVERS\VX3000.sys (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Kernel Mode Driver Frameworks service: System32\Drivers\wdf01000.sys (system)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (autostart)
Windows Presentation Foundation Font Cache 4.0.0.0: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\shell32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 45,279 bytes
Report generated in 0.297 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Cookiegal (Aug 27, 2003)

OK, they are gone so that's good.

Can you give a summary of exactly what problems remain please?


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> OK, they are gone so that's good.
> 
> Can you give a summary of exactly what problems remain please?


I still get 'end' the 'net-broadcast event window 2.0.0" when I shut down the computer at night. When I did the Adwcleaner they asked me to remove 'microsoft security essentials', I did that. Yesterday I put it back on and the computer was
running slow again so I deleted it. It runs faster now.


----------



## Cookiegal (Aug 27, 2003)

Who asked you to remove MSE?

Is that the only error message you're getting now? I ask because you mentioned two other errors in addition to this one earlier on so I assume those other ones have been resolved?


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Who asked you to remove MSE?
> 
> Is that the only error message you're getting now? I ask because you mentioned two other errors in addition to this one earlier on so I assume those other ones have been resolved?


The Adwcleaner asked me to remove MSE. That is the only error message I am getting. All the others
have been resolved.


----------



## Cookiegal (Aug 27, 2003)

I've never heard of AdwCleaner doing that before.

Please go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> I've never heard of AdwCleaner doing that before.
> 
> Please go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.


It doesn't appear this time. But the system configuration utility popped up saying it is currently in
diagnostic or selective startup mode.


----------



## Cookiegal (Aug 27, 2003)

kwatts said:


> It doesn't appear this time. But the system configuration utility popped up saying it is currently in
> diagnostic or selective startup mode.


Yes, that's normal. You just have to put a tick in the box that says something to the effect of "don't ask me again".

So this means that one of those programs that you unchecked in msconfig is responsible for that error message.

You need to use the process of elimination now to find out which one. To avoid doing them one at a time and then rebooting you could go back and check 3 of those items and reboot. If the message doesn't appear then you can eliminate those as being the culprit. Be sure to note the ones you've eliminated so you don't have to do it again. Once you enable a group of 3 and the error gets generated again then you'll have to uncheck them one by one to see which one is causing it. Please report back with the program or application that's causing the messages.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Yes, that's normal. You just have to put a tick in the box that says something to the effect of "don't ask me again".
> 
> So this means that one of those programs that you unchecked in msconfig is responsible for that error message.
> 
> You need to use the process of elimination now to find out which one. To avoid doing them one at a time and then rebooting you could go back and check 3 of those items and reboot. If the message doesn't appear then you can eliminate those as being the culprit. Be sure to note the ones you've eliminated so you don't have to do it again. Once you enable a group of 3 and the error gets generated again then you'll have to uncheck them one by one to see which one is causing it. Please report back with the program or application that's causing the messages.


I finished msconfig-startup and it did not come up at all when I did a startup on all the items. I don't know what was causing that message.


----------



## Cookiegal (Aug 27, 2003)

Maybe just taking it out of startup and putting it back was all that was needed to solve the problem.

Would you please put a new HijackThis log (just the regular default scan) so I can see what is still running on startup.


----------



## kwatts (Jan 8, 2013)

Cookiegal said:


> Maybe just taking it out of startup and putting it back was all that was needed to solve the problem.
> 
> Would you please put a new HijackThis log (just the regular default scan) so I can see what is still running on startup.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:12:23 PM, on 3/5/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: MyBHO Class - {3DB0C335-73C5-466c-A622-BD20A1A5B925} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll
O2 - BHO: CleanPageBHO Class - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O3 - Toolbar: ReadonwebToolbar - {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145981300\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [Livedrive] "C:\Program Files\CloudZow\Livedrive.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: CleanPage - {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.psapoll.com/CopyGuardIE.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v54/wwspades/wwspades.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CloudZow VSS Service (CloudZowVSSService) - Unknown owner - C:\Program Files\CloudZow\VSSService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--
End of file - 12490 bytes


----------



## Cookiegal (Aug 27, 2003)

It's really not necessary to quote my posts every time you reply and it only adds more clutter to the thread. 

Please go back to msconfig and uncheck the following items then click "Apply" and OK.

PPort11reminder
ControlCenter3
BrStsMon00
apdproxy
Adobe Arm
DVDLauncher
hkcmd
HostManager (AOLSoftware.exe)
IndexSearch (IndexSearch.exe)
igfxtray (igfxtray.exe)
igfxpers (igfxpers.exe)
mmtray (mm_tray.exe)
SSBkgdupdate (SSBkgdupdate.exe)
PaperPort PTD (pptd40nt.exe)
WinAmp (winampa.exe)
WMPNSCFG (WMPNSCFG.exe)

You can also the following out of Global Startup: 

C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

The global startup folder is located here:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Please reboot after doing that and post a new HijackThis log.


----------



## kwatts (Jan 8, 2013)

PPort11reminder
ControlCenter 3
BrStsMon00 did not show up in the msconfig in the startup.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:49:06 PM, on 3/5/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: MyBHO Class - {3DB0C335-73C5-466c-A622-BD20A1A5B925} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll
O2 - BHO: CleanPageBHO Class - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O3 - Toolbar: ReadonwebToolbar - {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [Livedrive] "C:\Program Files\CloudZow\Livedrive.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O9 - Extra button: CleanPage - {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} (ZenGems Control) - http://www.worldwinner.com/games/v54/zengems/zengems.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} (CopyGuardCtrl Class) - http://www.psapoll.com/CopyGuardIE.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} (ActiveFormX Control) - https://widow1.factualdata.com/ocx/print3.ocx
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v54/wwspades/wwspades.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CloudZow VSS Service (CloudZowVSSService) - Unknown owner - C:\Program Files\CloudZow\VSSService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

--
End of file - 10693 bytes


----------



## Cookiegal (Aug 27, 2003)

This is how the three that you couldn't find would appear so please go back and uncheck them:

pptd40nt
brctrcen
BrSTNonW

You can also uncheck SuperAntiSpyware as that doesn't have to run at startup.

There's no need to post a new log.

How's the computer running now?


----------



## kwatts (Jan 8, 2013)

The computer is running great. Thanks for all your help! Except this time when I restarted the computer the 'net-broadcast event window' popped up again. It only stays on for a few seconds and disappears. We have tried everything to fix that! Maybe one of these days we will find out what to do! Thanks again!


----------



## Cookiegal (Aug 27, 2003)

Wasn't it on shutdown before? Now it's on startup?


----------



## kwatts (Jan 8, 2013)

No, it showed up again on shut down, not start up.


----------



## Cookiegal (Aug 27, 2003)

Have you left all of those items unchecked in msconfig?

Does it happen on every shutdown or only sometimes?


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## kwatts (Jan 8, 2013)

OTL logfile created on: 3/5/2013 7:59:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Karen Watts\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 630.16 Mb Available Physical Memory | 61.66% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.58% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.53 Gb Total Space | 21.90 Gb Free Space | 31.05% Space Free | Partition Type: NTFS

Computer Name: WATTSBK | User Name: Karen Watts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/05 19:55:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen Watts\My Documents\Downloads\OTL (1).exe
PRC - [2013/03/05 11:59:31 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/14 17:02:47 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/09/17 15:12:58 | 000,156,288 | ---- | M] () -- C:\Program Files\CloudZow\VSSService.exe
PRC - [2012/09/17 15:11:28 | 003,280,384 | ---- | M] (Livedrive Internet Ltd) -- C:\Program Files\CloudZow\Livedrive.exe
PRC - [2012/07/29 19:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/11 11:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/10/07 13:30:26 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2008/10/07 13:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008/03/20 13:06:28 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/17 14:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 14:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/01/17 16:08:48 | 000,110,592 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/05 19:55:32 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Local Settings\temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll
MOD - [2013/01/25 16:49:41 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2012/09/17 15:12:58 | 000,156,288 | ---- | M] () -- C:\Program Files\CloudZow\VSSService.exe
MOD - [2012/09/17 15:10:40 | 010,137,088 | ---- | M] () -- C:\Program Files\CloudZow\Livedrive.Localisation.dll
MOD - [2012/05/28 13:38:21 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/04/12 13:38:37 | 000,997,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
MOD - [2012/04/12 13:36:28 | 000,140,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
MOD - [2012/04/12 13:36:27 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2012/04/12 13:36:22 | 001,840,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
MOD - [2012/04/12 13:36:18 | 001,116,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
MOD - [2012/04/12 13:36:16 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
MOD - [2012/04/12 13:36:14 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2012/04/12 13:35:39 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2012/04/12 12:19:34 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2012/04/12 12:19:25 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2012/04/12 12:18:58 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2012/04/12 12:18:11 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
MOD - [2012/04/12 12:09:02 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2012/04/12 12:07:49 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2012/04/12 11:52:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/12 11:51:24 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/07/28 16:20:34 | 000,270,336 | ---- | M] () -- C:\Program Files\CloudZow\AlphaFS.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2006/10/06 05:06:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\DLPRMON.DLL
MOD - [2005/01/05 11:08:02 | 000,102,400 | ---- | M] () -- C:\Program Files\ArcSoft\Media Card Companion\ustor.dll
MOD - [2003/10/22 07:45:56 | 000,442,368 | ---- | M] () -- C:\Program Files\ArcSoft\Media Card Companion\FPXLIB.DLL

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/05 11:59:31 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/26 17:07:49 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/17 15:12:58 | 000,156,288 | ---- | M] () [Auto | Running] -- C:\Program Files\CloudZow\VSSService.exe -- (CloudZowVSSService)
SRV - [2012/07/29 19:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/07/11 11:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/05/15 13:14:54 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/17 14:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (KMW_USB)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (KMW_KBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/11/04 08:50:33 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/10/30 05:23:58 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/07/29 19:52:38 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/07/29 19:52:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/07/29 19:52:38 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/16 12:44:18 | 000,146,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)
DRV - [2009/11/02 20:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/02 20:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2007/12/11 16:36:19 | 000,023,616 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2007/11/30 12:41:39 | 000,014,601 | ---- | M] (MediaTek Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FIDE.SYS -- (MTK)
DRV - [2007/04/10 14:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/10 12:39:25 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE8HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {B1A1E493-E597-45A7-9F6E-C8F4A859D524}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=B8DFDF&PC=B8DF&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{4AE31001-0AE4-4403-876C-0FCFB5922099}: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=net&x=12&y=10
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B1A1E493-E597-45A7-9F6E-C8F4A859D524}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKCU\..\SearchScopes\{F52AC13C-6A7C-4C82-BB35-13158D75370A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F5501F8A-303A-4D94-95E4-44FD615B7D03}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/18 04:41:14 | 000,000,000 | ---D | M]

[2011/03/05 14:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/28 14:38:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/03 04:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 04:25:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/14 08:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 17:48:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/04 04:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/26 10:29:58 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npgcplug.dll
[2005/04/27 13:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2008/12/01 09:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ShopAtHome.com extension = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.0.1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/02 20:35:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (MyBHO Class) - {3DB0C335-73C5-466c-A622-BD20A1A5B925} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll (Readonweb, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (CleanPageBHO Class) - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll (Readonweb, LLC)
O3 - HKLM\..\Toolbar: (ReadonwebToolbar) - {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll (Readonweb, LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [LifeCam] c:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [Livedrive] C:\Program Files\CloudZow\Livedrive.exe (Livedrive Internet Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup\TrueAssistant.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: CleanPage - {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll (Readonweb, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab (SolitaireRush Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} https://widow1.factualdata.com/ocx/print3.ocx (ActiveFormX Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.169.190.211 208.72.160.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0604BBD-97AF-4FE2-95EA-77B1817D7B01}: DhcpNameServer = 69.169.190.211 208.72.160.67
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/05 14:38:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/05 12:00:29 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/05 12:00:27 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/05 12:00:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/05 12:00:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/05 12:00:15 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/02 20:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/03/02 20:14:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/02 20:10:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/02 20:10:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/02 20:10:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/02 20:10:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/02 20:04:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/02 20:03:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/21 17:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Sun
[2013/02/20 17:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Watts\Application Data\SUPERAntiSpyware.com
[2013/02/20 17:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/02/20 17:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/02/20 17:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/20 17:40:16 | 023,909,328 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Karen Watts\Desktop\SUPERAntiSpyware.exe
[2013/02/19 07:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\HiJackThis
[2013/02/19 07:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/02/17 09:00:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/17 08:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/02/10 13:09:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\Administrative Tools
[2013/02/07 06:32:46 | 000,465,280 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/02/07 06:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2013/02/07 06:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2006/10/26 10:30:07 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Karen Watts\My Documents\9.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\8.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\7.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\6.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\5.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\4.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\3.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\2.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\15.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\14.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\11.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\10.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\1.
[2013/03/05 19:52:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/05 19:51:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
[2013/03/05 19:51:02 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/05 19:50:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/05 19:50:51 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/05 19:42:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006UA.job
[2013/03/05 19:38:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/05 19:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/05 17:47:23 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/05 17:23:00 | 005,390,842 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #146038 Front.JPG
[2013/03/05 17:23:00 | 005,087,786 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Bond #146038.JPG
[2013/03/05 17:23:00 | 004,807,156 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Front Coupon #146038.JPG
[2013/03/05 17:23:00 | 003,988,280 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Coupon #146038.JPG
[2013/03/05 17:18:00 | 005,092,514 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #332631 Front.JPG
[2013/03/05 17:18:00 | 005,057,840 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Coupons #332631.JPG
[2013/03/05 17:18:00 | 004,694,574 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond back side #332631.JPG
[2013/03/05 17:18:00 | 004,500,811 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Back of Coupon #332631.JPG
[2013/03/05 17:15:00 | 004,919,439 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Bond #476793.JPG
[2013/03/05 17:15:00 | 004,680,607 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #476793 Front.JPG
[2013/03/05 17:15:00 | 004,634,281 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Coupon #476793.JPG
[2013/03/05 17:15:00 | 004,343,021 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond back coupon #476793.JPG
[2013/03/05 17:12:00 | 004,369,346 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Passco Report #146038.pdf
[2013/03/05 17:12:00 | 004,227,334 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Pass-C0 Report #332631.pdf
[2013/03/05 17:12:00 | 004,082,558 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Pass-Co Report #476793.pdf
[2013/03/05 14:49:03 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\HiJackThis.lnk
[2013/03/05 12:55:34 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D799EC0-67C1-4594-8868-87BDE4A2B02F}.job
[2013/03/05 11:59:34 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/05 11:59:29 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/05 11:59:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/05 11:59:29 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/05 11:59:29 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/05 11:59:28 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/03/05 11:59:27 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/05 07:12:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006Core.job
[2013/03/05 06:44:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/04 18:15:18 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/02 20:58:30 | 000,031,537 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\puppy.exe
[2013/03/02 20:35:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/01 05:44:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
[2013/02/26 17:07:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/26 17:07:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/22 18:45:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/02/21 11:03:46 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/02/21 10:43:54 | 001,568,768 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Williams PAF File April 8 2012.paf
[2013/02/20 19:10:10 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/20 17:48:33 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/20 17:40:23 | 023,909,328 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Karen Watts\Desktop\SUPERAntiSpyware.exe
[2013/02/17 09:06:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/17 08:52:28 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/16 06:42:23 | 1607,442,432 | -HS- | M] () -- C:\WINDOWS\0
[2013/02/15 10:31:49 | 000,058,194 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Application Data\wklnhst.dat
[2013/02/15 06:17:34 | 000,465,280 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/02/11 08:07:06 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\Karen Watts\My Documents\9.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\8.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\7.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\6.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\5.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\4.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\3.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\2.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\15.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\14.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\11.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\10.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\1.
[2013/03/05 17:26:02 | 004,807,156 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Front Coupon #146038.JPG
[2013/03/05 17:25:58 | 005,390,842 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #146038 Front.JPG
[2013/03/05 17:25:58 | 005,087,786 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Bond #146038.JPG
[2013/03/05 17:25:58 | 003,988,280 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Coupon #146038.JPG
[2013/03/05 17:20:01 | 005,057,840 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Coupons #332631.JPG
[2013/03/05 17:19:59 | 005,092,514 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #332631 Front.JPG
[2013/03/05 17:19:59 | 004,694,574 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond back side #332631.JPG
[2013/03/05 17:19:59 | 004,500,811 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Back of Coupon #332631.JPG
[2013/03/05 17:16:22 | 004,634,281 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Coupon #476793.JPG
[2013/03/05 17:16:20 | 004,343,021 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond back coupon #476793.JPG
[2013/03/05 17:16:19 | 004,919,439 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Bond #476793.JPG
[2013/03/05 17:16:19 | 004,680,607 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #476793 Front.JPG
[2013/03/05 17:13:36 | 004,369,346 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Passco Report #146038.pdf
[2013/03/05 17:13:36 | 004,082,558 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Pass-Co Report #476793.pdf
[2013/03/05 17:13:35 | 004,227,334 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Pass-C0 Report #332631.pdf
[2013/03/05 11:42:51 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup\TrueAssistant.lnk
[2013/03/05 11:42:51 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup\eFax 4.4.lnk
[2013/03/05 11:39:47 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
[2013/03/02 20:58:30 | 000,031,537 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\puppy.exe
[2013/03/02 20:14:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/03/02 20:14:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/02 20:10:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/02 20:10:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/02 20:10:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/02 20:10:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/02 20:10:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/21 11:03:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/02/21 11:03:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/20 17:48:33 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/20 17:17:36 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/19 07:39:08 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\HiJackThis.lnk
[2013/02/17 09:06:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\Internet Explorer.lnk
[2013/02/17 08:48:15 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2013/02/17 08:44:58 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2013/02/17 08:40:47 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/02/11 05:43:58 | 1607,442,432 | -HS- | C] () -- C:\WINDOWS\0
[2013/01/22 06:22:15 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/12/31 20:48:05 | 000,362,714 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/19 09:25:18 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/04/12 12:05:15 | 000,201,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/26 14:04:09 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\FFSSET.BIN
[2011/10/26 13:38:26 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/10/26 13:38:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/10/26 13:36:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/10/26 13:36:01 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/26 13:34:38 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/10/26 13:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/10/26 13:29:45 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/01/27 10:46:46 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 16:06:34 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/13 11:45:10 | 000,017,282 | ---- | C] () -- C:\Documents and Settings\Karen Watts\339198158.ser
[2006/03/13 11:44:04 | 000,005,187 | ---- | C] () -- C:\Documents and Settings\Karen Watts\339198158.xml
[2006/03/06 09:46:25 | 000,017,227 | ---- | C] () -- C:\Documents and Settings\Karen Watts\210843112.ser
[2006/03/06 09:45:19 | 000,003,786 | ---- | C] () -- C:\Documents and Settings\Karen Watts\210843112.xml
[2005/11/10 10:42:52 | 000,058,194 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Application Data\wklnhst.dat
[2005/11/10 10:16:02 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/03/20 13:06:12 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/03/20 13:05:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/03/20 13:06:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/02/16 06:42:23 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?????????w) -- C:\WINDOWS\郩䡼郶ｼ&#65535;䇿郶&#56188;&#56687;w
[2013/02/16 06:42:23 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?) -- C:\WINDOWS\ꦤ
[2013/02/11 05:43:58 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?????????w) -- C:\WINDOWS\郩䡼郶ｼ&#65535;䇿郶&#56188;&#56687;w
[2013/02/11 05:43:58 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?) -- C:\WINDOWS\ꦤ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?J) -- C:\WINDOWS\、J
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\???????) -- C:\WINDOWS\콜粐ꊃ粑&#65535;&#65535;ꂈ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?????) -- C:\WINDOWS\橤粔⡇粑ꓠ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\???) -- C:\WINDOWS\ƴȂ粑
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\??) -- C:\WINDOWS\࢘ƴ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?) -- C:\WINDOWS\ƴ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\? ?) -- C:\WINDOWS\ƴ ϛ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\???????) -- C:\WINDOWS\콜粐ꊃ粑&#65535;&#65535;ꂈ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\???) -- C:\WINDOWS\ƴȂ粑
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\??) -- C:\WINDOWS\࢘ƴ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?) -- C:\WINDOWS\ƴ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\? ?) -- C:\WINDOWS\ƴ ϛ
[2012/12/16 10:45:33 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?J) -- C:\WINDOWS\、J
[2012/12/16 10:45:33 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?????) -- C:\WINDOWS\橤粔⡇粑ꓠ

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Karen Watts\My Documents\Karen Watts PAF File.paf.paf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Karen Watts\Desktop\Williams PAF File April 8 2012.paf:SummaryInformation

< End of report >
OTL Extras logfile created on: 3/5/2013 7:59:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Karen Watts\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 630.16 Mb Available Physical Memory | 61.66% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.58% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.53 Gb Total Space | 21.90 Gb Free Space | 31.05% Space Free | Partition Type: NTFS

Computer Name: WATTSBK | User Name: Karen Watts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\1145981300\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1145981300\ee\aim6.exe:*isabled:AIM -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*isabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1145981300\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1145981300\ee\aolsoftware.exe:*isabled:AOL Services -- (America Online, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{02FE1B94-36A8-4DBB-B5B2-6980CB817C36}" = CloudZow
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{15E2C578-C009-4ECA-9FA2-8B254F92DD50}" = Database Conversion Wizard
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{175DEA83-C12A-4325-84B6-540AD0A5A945}" = Readonweb CleanPage
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EB1E1AF-72ED-4B94-81CC-D9C27DC5DEC8}" = Humorous Greeting Card Factory
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BEBD7F0-5544-3B4C-8D15-7154AA35BEA2}" = Google Talk Plugin
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7BE2E2EF-A700-4E0E-BA2E-B2A3AD56D851}" = Encompass NetBranch Installation Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7479043-9550-4418-9C41-7A5263F4C0B3}" = Windows XP Winter Fun Pack for Windows Media Player 9 Series 
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC2A5B9-CE19-4F2E-9C8F-F310C0EAB993}" = ArcSoft Media Card Companion
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{faf0b65c-072b-4f7e-bd05-6a56f28d4233}" = Wallery
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"audcle" = Plus! MP3 Audio Converter LE
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Internet Explorer Infoaxe Toolbar_is1" = Internet Explorer Infoaxe Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Picasa 3" = Picasa 3
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"playful_elephants ScreenSaver" = playful_elephants ScreenSaver
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealArcade 1.2" = RealArcade
"RealPlayer 15.0" = RealPlayer
"Signature995" = Signature995
"SoundTap" = SoundTap
"wa2wmp" = Windows Media Player Skin Importer
"WavePad" = WavePad Uninstall
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebIQ" = WebIQ Client Software
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DSite" = Update for PDF Creator
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 4.0.0.320
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/11/2013 11:10:03 AM | Computer Name = WATTSBK | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6866.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/16/2013 11:52:41 AM | Computer Name = WATTSBK | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

Error - 2/21/2013 12:31:02 PM | Computer Name = WATTSBK | Source = MsiInstaller | ID = 11722
Description = Product: Google Chrome -- Error 1722. There is a problem with this
Windows Installer package. A program run as part of the setup did not finish as
expected. Contact your support personnel or package vendor. Action DoInstall, 
location: C:\WINDOWS\Installer\MSI68.tmp, command: /silent /install "appguid={8A69D345-D564-463c-AFF1-A69D9E530F96}&appname=Google
Chrome&needsAdmin=True&brand=GGRV" /installsource enterprisemsi /appargs "appguid={8A69D345-D564-463c-AFF1-A69D9E530F96}&installerdata=%7B%22distribution%22%3A%7B%22msi%22%3Atrue%2C%22system_level%22%3Atrue%2C%22verbose_logging%22%3Atrue%7D%7D"

Error - 2/21/2013 12:31:09 PM | Computer Name = WATTSBK | Source = MsiInstaller | ID = 1013
Description = Product: Google Chrome -- This computer already has a more recent 
version of Google Chrome. If the software is not working, please uninstall Google
Chrome and try again.

Error - 3/4/2013 7:26:11 PM | Computer Name = WATTSBK | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/4/2013 7:27:09 PM | Computer Name = WATTSBK | Source = Microsoft Security Client | ID = 5000
Description =

Error - 3/4/2013 7:30:18 PM | Computer Name = WATTSBK | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/4/2013 7:37:26 PM | Computer Name = WATTSBK | Source = Microsoft Security Client | ID = 5000
Description =

Error - 3/4/2013 7:40:42 PM | Computer Name = WATTSBK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2013 7:50:10 PM | Computer Name = WATTSBK | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 2/26/2013 10:10:21 AM | Computer Name = WATTSBK | Source = Dhcp | ID = 1002
Description = The IP address lease 10.90.4.12 for the Network Card with network 
address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/26/2013 10:40:23 AM | Computer Name = WATTSBK | Source = Dhcp | ID = 1002
Description = The IP address lease 10.90.4.12 for the Network Card with network 
address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/26/2013 11:10:25 AM | Computer Name = WATTSBK | Source = Dhcp | ID = 1002
Description = The IP address lease 10.90.4.12 for the Network Card with network 
address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/28/2013 8:01:18 AM | Computer Name = WATTSBK | Source = Dhcp | ID = 1002
Description = The IP address lease 10.90.4.21 for the Network Card with network 
address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/28/2013 8:31:20 AM | Computer Name = WATTSBK | Source = Dhcp | ID = 1002
Description = The IP address lease 10.90.4.21 for the Network Card with network 
address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/2/2013 11:12:01 PM | Computer Name = WATTSBK | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 3/2/2013 11:22:31 PM | Computer Name = WATTSBK | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 3/2/2013 11:28:53 PM | Computer Name = WATTSBK | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 3/4/2013 8:08:14 AM | Computer Name = WATTSBK | Source = Dhcp | ID = 1002
Description = The IP address lease 10.90.4.17 for the Network Card with network 
address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/4/2013 8:38:18 AM | Computer Name = WATTSBK | Source = Dhcp | ID = 1002
Description = The IP address lease 10.90.4.20 for the Network Card with network 
address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
CHR - Extension: ShopAtHome.com extension = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.0.1.0_0\
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup\TrueAssistant.lnk = File not found
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Also, please do this:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\WINDOWS\0
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## kwatts (Jan 8, 2013)

OTL logfile created on: 3/6/2013 12:21:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Karen Watts\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 454.81 Mb Available Physical Memory | 44.50% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.53 Gb Total Space | 21.76 Gb Free Space | 30.85% Space Free | Partition Type: NTFS

Computer Name: WATTSBK | User Name: Karen Watts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/06 12:21:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karen Watts\My Documents\Downloads\OTL (3).exe
PRC - [2013/03/05 11:59:31 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/28 16:08:21 | 001,274,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/02/14 17:02:47 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/09/17 15:12:58 | 000,156,288 | ---- | M] () -- C:\Program Files\CloudZow\VSSService.exe
PRC - [2012/09/17 15:11:28 | 003,280,384 | ---- | M] (Livedrive Internet Ltd) -- C:\Program Files\CloudZow\Livedrive.exe
PRC - [2012/07/29 19:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/11 11:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/10/07 13:30:26 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2008/10/07 13:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008/03/20 13:06:28 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/17 14:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 14:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/01/17 16:08:48 | 000,110,592 | ---- | M] (Arcsoft, Inc.) -- C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/06 12:14:15 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Local Settings\temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll
MOD - [2013/02/28 16:08:19 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll
MOD - [2013/02/28 16:08:16 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
MOD - [2013/02/28 16:07:21 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll
MOD - [2013/01/25 16:49:41 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2012/09/17 15:12:58 | 000,156,288 | ---- | M] () -- C:\Program Files\CloudZow\VSSService.exe
MOD - [2012/09/17 15:10:40 | 010,137,088 | ---- | M] () -- C:\Program Files\CloudZow\Livedrive.Localisation.dll
MOD - [2012/05/28 13:38:21 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/04/12 13:38:37 | 000,997,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
MOD - [2012/04/12 13:36:28 | 000,140,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
MOD - [2012/04/12 13:36:27 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2012/04/12 13:36:22 | 001,840,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
MOD - [2012/04/12 13:36:18 | 001,116,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
MOD - [2012/04/12 13:36:16 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
MOD - [2012/04/12 13:36:14 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2012/04/12 13:35:39 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2012/04/12 12:19:34 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2012/04/12 12:19:25 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2012/04/12 12:18:58 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2012/04/12 12:18:11 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
MOD - [2012/04/12 12:09:02 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2012/04/12 12:07:49 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2012/04/12 11:52:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/12 11:51:24 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/07/28 16:20:34 | 000,270,336 | ---- | M] () -- C:\Program Files\CloudZow\AlphaFS.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2006/10/06 05:06:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\DLPRMON.DLL
MOD - [2005/01/05 11:08:02 | 000,102,400 | ---- | M] () -- C:\Program Files\ArcSoft\Media Card Companion\ustor.dll
MOD - [2003/10/22 07:45:56 | 000,442,368 | ---- | M] () -- C:\Program Files\ArcSoft\Media Card Companion\FPXLIB.DLL

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/05 11:59:31 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/26 17:07:49 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/17 15:12:58 | 000,156,288 | ---- | M] () [Auto | Running] -- C:\Program Files\CloudZow\VSSService.exe -- (CloudZowVSSService)
SRV - [2012/07/29 19:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/07/11 11:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/05/15 13:14:54 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/17 14:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (KMW_USB)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (KMW_KBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/11/04 08:50:33 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/10/30 05:23:58 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/07/29 19:52:38 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/07/29 19:52:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/07/29 19:52:38 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/16 12:44:18 | 000,146,904 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)
DRV - [2009/11/02 20:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/02 20:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2007/12/11 16:36:19 | 000,023,616 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2007/11/30 12:41:39 | 000,014,601 | ---- | M] (MediaTek Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FIDE.SYS -- (MTK)
DRV - [2007/04/10 14:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/10 12:39:25 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE8HP&PC=UP68
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {B1A1E493-E597-45A7-9F6E-C8F4A859D524}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=B8DFDF&PC=B8DF&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{4AE31001-0AE4-4403-876C-0FCFB5922099}: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=net&x=12&y=10
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B1A1E493-E597-45A7-9F6E-C8F4A859D524}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKCU\..\SearchScopes\{F52AC13C-6A7C-4C82-BB35-13158D75370A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F5501F8A-303A-4D94-95E4-44FD615B7D03}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/18 04:41:14 | 000,000,000 | ---D | M]

[2011/03/05 14:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/28 14:38:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/03 04:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 04:25:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/14 08:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/02 17:48:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/04 04:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/26 10:29:58 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npgcplug.dll
[2005/04/27 13:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2008/12/01 09:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Karen Watts\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/02 20:35:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (MyBHO Class) - {3DB0C335-73C5-466c-A622-BD20A1A5B925} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll (Readonweb, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\CloudZow\LivedriveExplorerExtensions.dll (Livedrive Internet Ltd)
O2 - BHO: (CleanPageBHO Class) - {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll (Readonweb, LLC)
O3 - HKLM\..\Toolbar: (ReadonwebToolbar) - {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - C:\Program Files\Readonweb\CleanPage\ReadonwebToolbar.dll (Readonweb, LLC)
O4 - HKLM..\Run: [LifeCam] c:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [Livedrive] C:\Program Files\CloudZow\Livedrive.exe (Livedrive Internet Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: CleanPage - {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - C:\Program Files\Readonweb\CleanPage\CleanPage.dll (Readonweb, LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab (SolitaireRush Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358181906390 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} https://widow1.factualdata.com/ocx/print3.ocx (ActiveFormX Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.169.190.211 208.72.160.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0604BBD-97AF-4FE2-95EA-77B1817D7B01}: DhcpNameServer = 69.169.190.211 208.72.160.67
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/06 12:06:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/05 14:38:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/02 20:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/03/02 20:14:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/02 20:10:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/02 20:10:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/02 20:10:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/02 20:10:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/02 20:04:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/02 20:03:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/21 17:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Sun
[2013/02/20 17:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Watts\Application Data\SUPERAntiSpyware.com
[2013/02/20 17:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/02/20 17:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/02/20 17:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/20 17:40:16 | 023,909,328 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Karen Watts\Desktop\SUPERAntiSpyware.exe
[2013/02/19 07:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\HiJackThis
[2013/02/19 07:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/02/17 09:00:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/17 08:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/02/10 13:09:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\Administrative Tools
[2013/02/07 06:32:46 | 000,465,280 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/02/07 06:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2013/02/07 06:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2006/10/26 10:30:07 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Karen Watts\My Documents\9.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\8.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\7.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\6.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\5.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\4.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\3.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\2.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\15.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\14.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\11.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\10.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\1.
[2013/03/06 12:12:03 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006UA.job
[2013/03/06 12:11:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/06 12:10:42 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
[2013/03/06 12:10:41 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/06 12:10:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/06 12:10:29 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 12:08:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 12:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/06 10:02:13 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D799EC0-67C1-4594-8868-87BDE4A2B02F}.job
[2013/03/06 07:12:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006Core.job
[2013/03/05 17:47:23 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/05 17:23:00 | 005,390,842 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #146038 Front.JPG
[2013/03/05 17:23:00 | 005,087,786 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Bond #146038.JPG
[2013/03/05 17:23:00 | 004,807,156 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Front Coupon #146038.JPG
[2013/03/05 17:23:00 | 003,988,280 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Coupon #146038.JPG
[2013/03/05 17:18:00 | 005,092,514 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #332631 Front.JPG
[2013/03/05 17:18:00 | 005,057,840 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Coupons #332631.JPG
[2013/03/05 17:18:00 | 004,694,574 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond back side #332631.JPG
[2013/03/05 17:18:00 | 004,500,811 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Back of Coupon #332631.JPG
[2013/03/05 17:15:00 | 004,919,439 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Bond #476793.JPG
[2013/03/05 17:15:00 | 004,680,607 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #476793 Front.JPG
[2013/03/05 17:15:00 | 004,634,281 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Coupon #476793.JPG
[2013/03/05 17:15:00 | 004,343,021 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond back coupon #476793.JPG
[2013/03/05 17:12:00 | 004,369,346 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Passco Report #146038.pdf
[2013/03/05 17:12:00 | 004,227,334 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Pass-C0 Report #332631.pdf
[2013/03/05 17:12:00 | 004,082,558 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Pass-Co Report #476793.pdf
[2013/03/05 14:49:03 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\HiJackThis.lnk
[2013/03/05 06:44:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/04 18:15:18 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/02 20:58:30 | 000,031,537 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\puppy.exe
[2013/03/02 20:35:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/01 05:44:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
[2013/02/22 18:45:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/02/21 11:03:46 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/02/21 10:43:54 | 001,568,768 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Desktop\Williams PAF File April 8 2012.paf
[2013/02/20 19:10:10 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/20 17:48:33 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/20 17:40:23 | 023,909,328 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Karen Watts\Desktop\SUPERAntiSpyware.exe
[2013/02/17 09:06:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/17 08:52:28 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/16 06:42:23 | 1607,442,432 | -HS- | M] () -- C:\WINDOWS\0
[2013/02/15 10:31:49 | 000,058,194 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Application Data\wklnhst.dat
[2013/02/15 06:17:34 | 000,465,280 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/02/11 08:07:06 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Karen Watts\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\Karen Watts\My Documents\9.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\8.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\7.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\6.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\5.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\4.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\3.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\2.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\15.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\14.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\11.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\10.
File not found -- C:\Documents and Settings\Karen Watts\My Documents\1.
[2013/03/05 17:26:02 | 004,807,156 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Front Coupon #146038.JPG
[2013/03/05 17:25:58 | 005,390,842 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #146038 Front.JPG
[2013/03/05 17:25:58 | 005,087,786 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Bond #146038.JPG
[2013/03/05 17:25:58 | 003,988,280 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Coupon #146038.JPG
[2013/03/05 17:20:01 | 005,057,840 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Coupons #332631.JPG
[2013/03/05 17:19:59 | 005,092,514 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #332631 Front.JPG
[2013/03/05 17:19:59 | 004,694,574 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond back side #332631.JPG
[2013/03/05 17:19:59 | 004,500,811 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Back of Coupon #332631.JPG
[2013/03/05 17:16:22 | 004,634,281 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond Coupon #476793.JPG
[2013/03/05 17:16:20 | 004,343,021 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond back coupon #476793.JPG
[2013/03/05 17:16:19 | 004,919,439 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Back Bond #476793.JPG
[2013/03/05 17:16:19 | 004,680,607 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Chinese Bond #476793 Front.JPG
[2013/03/05 17:13:36 | 004,369,346 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Passco Report #146038.pdf
[2013/03/05 17:13:36 | 004,082,558 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Pass-Co Report #476793.pdf
[2013/03/05 17:13:35 | 004,227,334 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\Pass-C0 Report #332631.pdf
[2013/03/05 11:42:51 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\Startup\eFax 4.4.lnk
[2013/03/05 11:39:47 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
[2013/03/02 20:58:30 | 000,031,537 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\puppy.exe
[2013/03/02 20:14:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/03/02 20:14:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/02 20:10:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/02 20:10:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/02 20:10:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/02 20:10:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/02 20:10:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/21 11:03:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/02/21 11:03:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/20 17:48:33 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/20 17:17:36 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/19 07:39:08 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Desktop\HiJackThis.lnk
[2013/02/17 09:06:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Start Menu\Programs\Internet Explorer.lnk
[2013/02/17 08:48:15 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2013/02/17 08:44:58 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2013/02/17 08:40:47 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/02/11 05:43:58 | 1607,442,432 | -HS- | C] () -- C:\WINDOWS\0
[2013/01/22 06:22:15 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/12/31 20:48:05 | 000,362,714 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/19 09:25:18 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/04/12 12:05:15 | 000,201,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/26 14:04:09 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\FFSSET.BIN
[2011/10/26 13:38:26 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/10/26 13:38:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/10/26 13:36:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/10/26 13:36:01 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/26 13:34:38 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/10/26 13:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/10/26 13:29:45 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/01/27 10:46:46 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 16:06:34 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/13 11:45:10 | 000,017,282 | ---- | C] () -- C:\Documents and Settings\Karen Watts\339198158.ser
[2006/03/13 11:44:04 | 000,005,187 | ---- | C] () -- C:\Documents and Settings\Karen Watts\339198158.xml
[2006/03/06 09:46:25 | 000,017,227 | ---- | C] () -- C:\Documents and Settings\Karen Watts\210843112.ser
[2006/03/06 09:45:19 | 000,003,786 | ---- | C] () -- C:\Documents and Settings\Karen Watts\210843112.xml
[2005/11/10 10:42:52 | 000,058,194 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Application Data\wklnhst.dat
[2005/11/10 10:16:02 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Karen Watts\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/03/20 13:06:12 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/03/20 13:05:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/03/20 13:06:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/10/20 10:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2007/09/25 11:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/08/17 20:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2010/04/21 14:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2007/01/27 15:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/12 08:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2013/01/22 06:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/12/11 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/11/30 12:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2013/01/07 09:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2013/01/28 13:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/02/26 14:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Personal Historian
[2008/02/21 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/02/26 14:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RootsMagic
[2011/11/02 17:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/01/17 12:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/07/19 09:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/09/26 12:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/01/29 17:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/11/30 12:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/27 09:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2011/09/10 10:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/04/25 20:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\acccore
[2009/05/27 11:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\CallingID
[2009/08/13 05:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/24 08:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Comcast
[2009/08/24 08:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\comcasttb
[2013/01/17 11:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\DriverCure
[2013/01/31 09:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\DSite
[2010/04/21 14:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\eFax Messenger
[2009/09/15 08:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Encompass
[2009/09/15 08:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\ePASS
[2007/02/26 14:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Family Atlas
[2008/02/29 14:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\funkitron
[2010/04/21 14:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\j2 Global
[2007/12/05 08:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Kensington
[2005/12/19 11:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Leadertech
[2009/08/24 17:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\licenses
[2013/01/07 09:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\LimeWire
[2008/12/19 10:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\NCH Swift Sound
[2012/12/17 10:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Nico Mak Computing
[2009/10/09 08:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\OpenOffice.org
[2007/01/27 15:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Opera
[2013/01/07 09:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\PC Cleaners
[2012/12/31 06:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\PCCUStubInstaller
[2011/07/19 08:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\PCDr
[2013/01/07 07:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\PCPro
[2008/01/10 13:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\pdf995
[2009/07/11 07:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Readonweb
[2008/01/16 09:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Revolution
[2007/02/26 14:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\RootsMagic
[2007/02/26 14:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\RootsMagic Shared
[2011/07/20 18:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Sammsoft
[2011/10/27 09:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\ScanSoft
[2006/08/09 16:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Simple Star
[2013/01/17 11:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\SpeedyPC Software
[2007/10/10 16:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Template
[2009/02/22 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\TrueSwitch
[2010/09/26 12:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Trusteer
[2006/08/09 16:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Walgreens
[2007/01/29 17:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\WildTangent
[2011/10/27 09:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karen Watts\Application Data\Zeon

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2013/02/16 06:42:23 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?????????w) -- C:\WINDOWS\郩䡼郶ｼ&#65535;䇿郶&#56188;&#56687;w
[2013/02/16 06:42:23 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?) -- C:\WINDOWS\ꦤ
[2013/02/11 05:43:58 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?????????w) -- C:\WINDOWS\郩䡼郶ｼ&#65535;䇿郶&#56188;&#56687;w
[2013/02/11 05:43:58 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?) -- C:\WINDOWS\ꦤ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?J) -- C:\WINDOWS\、J
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\???????) -- C:\WINDOWS\콜粐ꊃ粑&#65535;&#65535;ꂈ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?????) -- C:\WINDOWS\橤粔⡇粑ꓠ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\???) -- C:\WINDOWS\ƴȂ粑
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\??) -- C:\WINDOWS\࢘ƴ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?) -- C:\WINDOWS\ƴ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\? ?) -- C:\WINDOWS\ƴ ϛ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\???????) -- C:\WINDOWS\콜粐ꊃ粑&#65535;&#65535;ꂈ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\???) -- C:\WINDOWS\ƴȂ粑
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\??) -- C:\WINDOWS\࢘ƴ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?) -- C:\WINDOWS\ƴ
[2013/01/22 08:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\? ?) -- C:\WINDOWS\ƴ ϛ
[2012/12/16 10:45:33 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?J) -- C:\WINDOWS\、J
[2012/12/16 10:45:33 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?????) -- C:\WINDOWS\橤粔⡇粑ꓠ

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Karen Watts\My Documents\Karen Watts PAF File.paf.paf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Karen Watts\Desktop\Williams PAF File April 8 2012.paf:SummaryInformation

< End of report >
SystemLook 30.07.11 by jpshortstuff
Log created at 12:36 on 06/03/2013 by Karen Watts
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\0 - Unable to find folder.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## kwatts (Jan 8, 2013)

I attached the notepad in attachments below


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2343432931-39797470-1917149517-1006\] > -> HKEY_USERS\S-1-5-21-2343432931-39797470-1917149517-1006\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
[Files/Folders - Modified Within 30 Days]
NY ->  2 C:\Documents and Settings\Karen Watts\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Karen Watts\Local Settings\temp\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```
Also, please do this:

Go to Start - Run - type in "services.msc" and hit Enter. Then double-click on the following service top open it (it should be the first one at the top because it starts with a dot):

*.NET Runtime Optimization Service*

Change the startup up type from "Disabled" to "manual" beside "Startup Type" and then click "Apply" and "OK". Reboot the computer and let me know if you still get that message on shutdown.


----------



## kwatts (Jan 8, 2013)

See attachment for reply...

When I rebooted this time it did not show up..

Thank You!


----------



## Cookiegal (Aug 27, 2003)

OK, run it for a day or two and reboot a few more times during that period and report back on the status please.

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## kwatts (Jan 8, 2013)

I did everything you asked me to do in the last message. When I did the system store and
restarted the computer I brought up the System Restore and there was no wizard to create
a restore point or a name for the new restore point or create.


----------



## Cookiegal (Aug 27, 2003)

Did you turn system restore back on?


----------



## kwatts (Jan 8, 2013)

Yes I did


----------



## Cookiegal (Aug 27, 2003)

Do you get a box that says Welcome to System Restore?


----------



## kwatts (Jan 8, 2013)

No, nothing like that came up.


----------



## kwatts (Jan 8, 2013)

When I shut down the computer last night the net-broadcast event window 2.0.0 popped up again.


----------



## Cookiegal (Aug 27, 2003)

At what point in the shutdown process does it appear?

Can you abort the shutdown after you see it? Because if you can I'd like you to capture a screenshot of it.


----------



## kwatts (Jan 8, 2013)

I tried shutting computer down again and that end now pops up to quick and disappears. I don't know how to abort the shutdown.after I see it. I shut the computer down again after I rebooted it and nothing came up. Then i started it up again and went to google chrome and my email and then shut it down again and it didn't come up. I started it up again and I started google chrome and gsn.com where I play games and played a game and then shut down gsn and email and shut computer down and it didn't show up. I don't know what else to tell you. I don't know what else to try.


----------



## Cookiegal (Aug 27, 2003)

Once you click on Start and Turn Off Computer you can still click on "Cancel" if you don't want to shut down but I doube that you would be getting this popup before clicking on "Turn Off" the second time so you wouldn't be able to abort the shutdown after that.

So it's not happening every time you shutdown.

I see you have the UPHClean running. Was this installed as an attempt to fix this problem at some point?

I think the only way we're going to pinpoint what is causing it is for you to run OTL and save the log just before you shutdown every time until that occurs again. This and the Event Viewer may give us some clues.


----------



## kwatts (Jan 8, 2013)

I don't know anything about the UPHClean. Ok i will do the OTL every time and save the log. 
I am unable to save OTL on the desk top. When it comes up all it has is run no save.


----------



## Cookiegal (Aug 27, 2003)

You've already used OTL so it's alrady on your desktop. You just have to run it and the log will be created automatically.


----------



## kwatts (Jan 8, 2013)

I never got it on my desk top. There was not anything to say save. It only said run.


----------



## Cookiegal (Aug 27, 2003)

OK, I see you save it in the wrong place. It's in this folder:

C:\Documents and Settings\Karen Watts\My Documents\*Downloads*

You should move it to the desktop. You can just drag it there.


----------



## kwatts (Jan 8, 2013)

Ok...Now I see....I got it on my desk top.


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## kwatts (Jan 8, 2013)

This still shows up when I shut down computer at night. Everything is still ok. Computer runs faster too. You asked me to to OTL every night when I shut down computer and save them. Please check the attached files for them.


----------



## kwatts (Jan 8, 2013)

See attachment for more OTL files....


----------



## Cookiegal (Aug 27, 2003)

I will review the logs later but just to be clear, it happens on every shutdown so all of these logs would have been taken just before shutting down and the error box appeared? There are no logs that were taken when this didn't occur?


----------



## kwatts (Jan 8, 2013)

There was one time that it didn't occur on shutdown.


----------



## Cookiegal (Aug 27, 2003)

Can you tell me which OTL log was run just before the shutdown when the error message didn't appear?


----------



## kwatts (Jan 8, 2013)

If I remember right, I think it was 6.


----------



## Cookiegal (Aug 27, 2003)

It's like looking for a needle in a haystack.

Go to *Start *- *Run *- type *services.msc* and hit Enter.

Locate the following service in the list:

Microsoft .NET Framework NGEN v4.0.30319_X86

Double-click on that service to open it and then change the startup type from "automatic" to "manual" then click "Apply" and "OK".

Then reboot the machine.

After doing the above please do the following:

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## kwatts (Jan 8, 2013)

>Net Framework NGEN v4.0.30319_X86 does not show up under services.msg.


----------



## kwatts (Jan 8, 2013)

dds.scr won't open under bleepingcomputer.com...I can't find it!


----------



## Cookiegal (Aug 27, 2003)

At the top of the list of services you should see:

.NET Runtime Optimization Service

Double-click that service to open it and let me know if it's running and what the startup type is please.


----------



## Cookiegal (Aug 27, 2003)

kwatts said:


> dds.scr won't open under bleepingcomputer.com...I can't find it!


What do you mean it won't open under bleepingcomputer.com? That's is the download site, you don't open it there. You should see a box asking if you want to download the file and save it to your desktop.


----------



## kwatts (Jan 8, 2013)

start up type is manual.


----------



## kwatts (Jan 8, 2013)

I went to bleepingcomputer and I downloaded dds. I tried to save it to desktop from downloads and it said it is read only.


----------



## Cookiegal (Aug 27, 2003)

Right-click the dds.scr file and uncheck the "read only" attribute.


----------



## kwatts (Jan 8, 2013)

I can run it now. Do you want me to run it?


----------



## Cookiegal (Aug 27, 2003)

Yes please.


----------



## kwatts (Jan 8, 2013)

Here are the 2 files attached.


----------



## Cookiegal (Aug 27, 2003)

Do you have an entry like this in the list under services.msc?

clr_optimization_v4.0.30319_32


----------



## kwatts (Jan 8, 2013)

No I don't.


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v4.0.30319_32"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## kwatts (Jan 8, 2013)

Where do I go to find C:\look.txt.


----------



## Cookiegal (Aug 27, 2003)

Click on My Computer - Local Disk (C and it should be in there.


----------



## kwatts (Jan 8, 2013)

I did it twice. It did not show up in the local disk (C.


----------



## Cookiegal (Aug 27, 2003)

It's possible the key doesn't exist then.

Please try again but using this command instead.

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"

This will be a large file so please upload it as an attachment. If it's too big for that then zip it first by right-clicking the file and selecting "send to" and then "Compressed (zipped) Folder" first.


----------



## kwatts (Jan 8, 2013)

Please see attached 'look' file.


----------



## Cookiegal (Aug 27, 2003)

It's not attached.


----------



## kwatts (Jan 8, 2013)

I know, it was too big. When I right click and send to only shows E or F disk.


----------



## kwatts (Jan 8, 2013)

I think I finally did zip this file. See attached.


----------



## Cookiegal (Aug 27, 2003)

I believe there is other text appear in this window. Since you can't take a screenshot of it as it occurs on shutdown is there any way you can take a picture of it with a camera or phone and then post it here?


----------



## kwatts (Jan 8, 2013)

I have no way to do that. It shows End Program - .Net-broadcast event window 2.0.0. It also says that verbage of losing data if I end the program.


----------



## Cookiegal (Aug 27, 2003)

There's nothing else across the top? No reference to a file? 

You don't have a camera?


----------



## kwatts (Jan 8, 2013)

I have a camera phone but no email on the phone. I am going to take a picture and send it to my send and he will
email it back to me, so I can send it to you. While I was trying to do this, I shut the computer down and it did not
show up. I shut it down three more times and it did not show up. I will shut it down tonight and let you know if it shows up or not. If it does I will send it to my son and send it to you.


----------



## Cookiegal (Aug 27, 2003)

OK sounds good. Thanks.


----------



## kwatts (Jan 8, 2013)

It didn't show up last night when I shut the computer down. I will try again tonight and let you know.
Which is better to run on my computer Malwarebytes Anti-Malware or Super Antispyware?


----------



## Cookiegal (Aug 27, 2003)

I would recommend MalwareBytes.


----------



## kwatts (Jan 8, 2013)

Thank You!


----------



## Cookiegal (Aug 27, 2003)

Are there any other problems with the computer?


----------



## kwatts (Jan 8, 2013)

There is only one other problem and that is when I defragment it shows I have about 4 files that won't defragment. Also when I start the process it stops at volume pause. Then I have to go to services.msc click OK to open the services applet and find the volume shadow copy service and change it to manual and then the defrag works when the VSS service is not running.


----------



## kwatts (Jan 8, 2013)

I took a picture of the Net-BroadcastEventWindow when I shut down the computer again. Please see attached.


----------



## Cookiegal (Aug 27, 2003)

Try reinstalling .NET Framework 1.1 from the following link:

http://www.microsoft.com/en-us/download/details.aspx?id=26

Then reboot the computer and let me know if the problem persists.


----------



## kwatts (Jan 8, 2013)

I reboot 3 times and nothing yet. I will try it out for a few days to see if it pops up again.

How about the defrag message I sent?


----------



## Cookiegal (Aug 27, 2003)

I think the problem with defragmenting is related to the CloudZow backp-up program so Volume Shadow Service is running and you'll probably have to continue stopping the service when defragmenting.


----------



## kwatts (Jan 8, 2013)

I defrag just a little while ago and it showed these files that could not defrag. See attached....you still think it
is cloud zow doing it....


----------



## Cookiegal (Aug 27, 2003)

I saw files like those in the logs and thought you had some font software or something like that in another language.

[2013/02/16 07:42:23 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?????????w) -- C:\WINDOWS\郩䡼郶ｼ&#65535;䇿郶&#979311;w
[2013/02/16 07:42:23 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?) -- C:\WINDOWS\ꦤ
[2013/02/11 06:43:58 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?????????w) -- C:\WINDOWS\郩䡼郶ｼ&#65535;䇿郶&#979311;w
[2013/02/11 06:43:58 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?) -- C:\WINDOWS\ꦤ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?J) -- C:\WINDOWS\、J
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\???????) -- C:\WINDOWS\콜粐ꊃ粑&#65535;&#65535;ꂈ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?????) -- C:\WINDOWS\橤粔⡇粑ꓠ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\???) -- C:\WINDOWS\ƴȂ粑
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\??) -- C:\WINDOWS\࢘ƴ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\?) -- C:\WINDOWS\ƴ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | M] ()(C:\WINDOWS\? ?) -- C:\WINDOWS\ƴ ϛ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\???????) -- C:\WINDOWS\콜粐ꊃ粑&#65535;&#65535;ꂈ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\???) -- C:\WINDOWS\ƴȂ粑
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\??) -- C:\WINDOWS\࢘ƴ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?) -- C:\WINDOWS\ƴ
[2013/01/22 09:00:00 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\? ?) -- C:\WINDOWS\ƴ ϛ
[2012/12/16 11:45:33 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?J) -- C:\WINDOWS\、J
[2012/12/16 11:45:33 | 1607,442,432 | -HS- | C] ()(C:\WINDOWS\?????) -- C:\WINDOWS\橤粔⡇粑ꓠ

If you open up C:\Windows do you see any folders or files that start with a ? or any other type of symbol or character other than regular English letters?


----------



## kwatts (Jan 8, 2013)

Where do I go to open up C:\Windows?


----------



## Cookiegal (Aug 27, 2003)

My Computer - Local Disk(C - Windows.


----------



## kwatts (Jan 8, 2013)

It just shows folders and files and nothing like you said before.


----------



## Cookiegal (Aug 27, 2003)

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide extensions for known file types". Now click "Apply to all folders". Click "Apply" then "OK".

Then look in that folder again and let me know if you see anything odd-looking.


----------



## kwatts (Jan 8, 2013)

Still has a lot of folders and files. There is a lot of folders $NTUninstallKB901190$ and a lot of KB files and other folders and files.


----------



## Cookiegal (Aug 27, 2003)

You see nothing that starts with a symbol (other than $ because those are Windows Updates) or character from an Asian language or something like that?


----------



## kwatts (Jan 8, 2013)

No, nothing with characters from Asian language or anything like that.


----------



## Cookiegal (Aug 27, 2003)

Please run SystemLook again with this script:

:dir
C:\WINDOWS

then post the log.


----------



## kwatts (Jan 8, 2013)

Where do I find to to that Systemlook...


----------



## Cookiegal (Aug 27, 2003)

You should still have it on the desktop s we've used it before.


Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\WINDOWS
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## kwatts (Jan 8, 2013)

SystemLook 30.07.11 by jpshortstuff
Log created at 19:08 on 21/03/2013 by Karen Watts
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS - Parameters: "(none)"

---Files---
0	--ahs-- 1607442432 bytes	[12:43 11/02/2013]	[13:42 16/02/2013]
0.log	--a---- 0 bytes	[19:08 10/08/2004]	[17:18 21/03/2013]
1	--ahs-- 1607442432 bytes	[15:00 22/01/2013]	[15:00 22/01/2013]
@	--ahs-- 1607442432 bytes	[17:45 16/12/2012]	[15:00 22/01/2013]
Active Setup Log.txt	--a--c- 1934 bytes	[19:09 13/02/2009]	[19:09 13/02/2009]
atid.ini	--a---- 28 bytes	[16:04 25/04/2006]	[16:04 25/04/2006]
AWMODEM.INF	--a--c- 1071 bytes	[18:59 20/12/2005]	[18:59 20/12/2005]
basecsp.log	--a--c- 7825 bytes	[16:17 31/07/2006]	[16:17 31/07/2006]
Blue Lace 16.bmp	--a--c- 1272 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
bootstat.dat	--a-s-- 2048 bytes	[19:07 10/08/2004]	[17:18 21/03/2013]
brdfxspd.dat	--a---- 0 bytes	[20:34 26/10/2011]	[00:57 29/11/2003]
Brfaxrx.ini	--a---- 86 bytes	[20:34 26/10/2011]	[20:36 26/10/2011]
brpcfx.ini	--a---- 93 bytes	[20:38 26/10/2011]	[20:38 26/10/2011]
Brpfx04a.ini	--a---- 242 bytes	[20:38 26/10/2011]	[20:38 26/10/2011]
BRWMARK.INI	--a---- 419 bytes	[20:36 26/10/2011]	[20:36 26/10/2011]
clock.avi	--a--c- 82944 bytes	[18:51 10/08/2004]	[11:00 04/08/2004]
cmsetacl.log	--a--c- 373 bytes	[19:00 10/08/2004]	[14:14 21/04/2008]
Coffee Bean.bmp	--a--c- 17062 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
COM+.log	--a--c- 1448 bytes	[19:11 10/08/2004]	[19:11 10/08/2004]
Comcast PhotoShow.scr	--a---- 278528 bytes	[23:13 20/12/2005]	[17:10 27/07/2005]
comsetup.log	--a---- 384645 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
control.ini	--a--c- 0 bytes	[19:04 10/08/2004]	[19:04 10/08/2004]
CouponPrinter.ocx	--a---- 440704 bytes	[03:45 14/10/2012]	[22:18 19/10/2012]
cpeins04.dat	--a--c- 100724 bytes	[17:13 14/11/2005]	[17:13 14/11/2005]
dasetup.log	--a--c- 20478 bytes	[21:54 26/09/2007]	[21:55 26/09/2007]
Dell.bmp	--a--c- 787512 bytes	[01:24 03/11/2005]	[21:26 10/06/2002]
desktop.ini	--a---- 2 bytes	[19:02 10/08/2004]	[11:00 04/08/2004]
DirectX.log	--a---- 320396 bytes	[17:43 27/12/2006]	[21:42 03/01/2013]
DJBDRV.LOG	--a--c- 3322 bytes	[01:58 03/11/2005]	[01:58 03/11/2005]
dla.exe	--a---- 98360 bytes	[01:51 03/11/2005]	[12:33 31/05/2005]
DPINST.LOG	--a--c- 26680 bytes	[18:45 28/03/2007]	[16:14 21/04/2008]
drvedit0.exe	--a---- 321 bytes	[20:39 20/12/2005]	[20:39 20/12/2005]
DtcInstall.log	--a--c- 867 bytes	[19:02 10/08/2004]	[15:16 21/04/2008]
epplauncher.mif	--a---- 1945 bytes	[18:34 08/01/2013]	[01:15 05/03/2013]
EventSystem.log	--a---- 51258 bytes	[02:40 03/05/2012]	[22:53 07/03/2013]
explorer.exe	--a---- 1033728 bytes	[18:51 10/08/2004]	[20:06 20/03/2008]
explorer.scf	--a--c- 80 bytes	[18:51 10/08/2004]	[11:00 04/08/2004]
FaxSetup.log	--a---- 1158756 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
FeatherTexture.bmp	--a--c- 16730 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
FFSSET.BIN	-r-hs-- 0 bytes	[21:04 26/10/2011]	[21:04 26/10/2011]
free-slideshow.bmp	--a---- 1440054 bytes	[18:24 28/03/2007]	[19:14 28/01/2012]
GEARInstall.log	--a--c- 500 bytes	[20:13 13/12/2006]	[20:13 13/12/2006]
Gone Fishing.bmp	--a--c- 17336 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
Greenstone.bmp	--a--c- 26582 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
hh.exe	--a---- 10752 bytes	[18:51 10/08/2004]	[20:06 20/03/2008]
HPGdiPlus.ini	--a---- 206 bytes	[14:37 14/06/2006]	[14:37 14/06/2006]
HP_48BitScanUpdatePatch.ini	--a---- 214 bytes	[11:35 22/01/2007]	[11:35 22/01/2007]
htmencrypt.exe	--a---- 323 bytes	[16:34 15/01/2006]	[16:34 15/01/2006]
IDNMitigationAPIs.log	--a--c- 44812 bytes	[15:38 20/10/2006]	[19:22 13/02/2009]
ie7.log	--a--c- 155596 bytes	[15:39 20/10/2006]	[19:23 13/02/2009]
ie7Uninst.log	--a--c- 27608 bytes	[15:48 25/09/2007]	[15:49 25/09/2007]
ie7_main.log	--a--c- 117021 bytes	[15:35 20/10/2006]	[19:36 13/02/2009]
ie8.log	--a--c- 754530 bytes	[23:34 19/12/2008]	[16:04 17/02/2013]
ie8Uninst.log	--a--c- 325308 bytes	[00:09 08/01/2009]	[15:34 17/02/2013]
ie8_main.log	--a--c- 556565 bytes	[23:30 19/12/2008]	[16:04 17/02/2013]
iereseticons.log	--a--c- 2474 bytes	[15:51 25/09/2007]	[15:51 25/09/2007]
iis6.log	--a---- 177192 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
imsins.log	--a---- 1374 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
ipixActivex.ini	--a---- 37 bytes	[00:16 22/11/2005]	[02:04 22/11/2005]
IsUninst.exe	--a---- 306688 bytes	[19:12 10/08/2004]	[23:45 29/10/1998]
KB2799329-IE8.log	--a---- 7744 bytes	[15:02 17/02/2013]	[15:07 17/02/2013]
KB873339.log	--a--c- 4763 bytes	[01:43 03/11/2005]	[01:43 03/11/2005]
KB883939.log	--a--c- 10084 bytes	[01:44 03/11/2005]	[01:44 03/11/2005]
KB885250.log	--a--c- 4633 bytes	[01:41 03/11/2005]	[01:41 03/11/2005]
KB885835.log	--a--c- 5097 bytes	[01:43 03/11/2005]	[01:43 03/11/2005]
KB885836.log	--a--c- 24881 bytes	[00:29 10/11/2005]	[00:47 10/11/2005]
KB885884.log	--a--c- 8476 bytes	[00:43 10/11/2005]	[00:44 10/11/2005]
KB886185.log	--a--c- 11060 bytes	[00:44 10/11/2005]	[00:44 10/11/2005]
KB887472.log	--a--c- 4820 bytes	[01:44 03/11/2005]	[01:44 03/11/2005]
KB887742.log	--a--c- 24001 bytes	[00:29 10/11/2005]	[00:46 10/11/2005]
KB888113.log	--a--c- 4786 bytes	[01:44 03/11/2005]	[01:44 03/11/2005]
KB888302.log	--a--c- 16571 bytes	[00:28 10/11/2005]	[00:44 10/11/2005]
KB888310.log	--a--c- 3661 bytes	[01:41 03/11/2005]	[01:41 03/11/2005]
KB890046.log	--a--c- 20646 bytes	[00:29 10/11/2005]	[00:45 10/11/2005]
KB890175.log	--a--c- 4310 bytes	[01:43 03/11/2005]	[01:43 03/11/2005]
KB890859.log	--a--c- 15759 bytes	[00:28 10/11/2005]	[00:42 10/11/2005]
KB891781.log	--a--c- 4824 bytes	[01:43 03/11/2005]	[01:43 03/11/2005]
KB893066.log	--a--c- 17984 bytes	[00:29 10/11/2005]	[00:44 10/11/2005]
KB893756.log	--a--c- 25755 bytes	[00:29 10/11/2005]	[00:46 10/11/2005]
KB893803v2.log	--a--c- 20539 bytes	[00:13 10/11/2005]	[00:13 10/11/2005]
KB894391.log	--a--c- 15670 bytes	[00:28 10/11/2005]	[00:42 10/11/2005]
KB895316.log	--a--c- 5439 bytes	[20:07 10/02/2006]	[20:08 10/02/2006]
KB896344.log	--a--c- 9244 bytes	[16:16 31/07/2006]	[16:17 31/07/2006]
KB896358.log	--a--c- 24478 bytes	[00:29 10/11/2005]	[00:45 10/11/2005]
KB896422.log	--a--c- 5540 bytes	[01:41 03/11/2005]	[01:41 03/11/2005]
KB896423.log	--a--c- 24029 bytes	[00:28 10/11/2005]	[00:46 10/11/2005]
KB896424.log	--a--c- 26378 bytes	[00:29 10/11/2005]	[00:46 10/11/2005]
KB896428.log	--a--c- 15222 bytes	[00:28 10/11/2005]	[00:43 10/11/2005]
KB896688.log	--a--c- 18296 bytes	[00:44 10/11/2005]	[00:45 10/11/2005]
KB898458.log	--a--c- 16607 bytes	[00:45 10/11/2005]	[00:45 10/11/2005]
KB898461.log	--a--c- 20659 bytes	[00:13 10/11/2005]	[00:14 10/11/2005]
KB899587.log	--a--c- 26665 bytes	[00:29 10/11/2005]	[00:47 10/11/2005]
KB899591.log	--a--c- 26165 bytes	[00:29 10/11/2005]	[00:46 10/11/2005]
KB900485.log	--a--c- 11726 bytes	[13:22 26/04/2006]	[09:00 27/04/2006]
KB900725.log	--a--c- 18326 bytes	[00:28 10/11/2005]	[00:44 10/11/2005]
KB901017.log	--a--c- 25841 bytes	[00:29 10/11/2005]	[00:46 10/11/2005]
KB901190.log	--a--c- 13262 bytes	[04:40 29/10/2007]	[09:01 29/10/2007]
KB901214.log	--a--c- 8539 bytes	[01:44 03/11/2005]	[01:44 03/11/2005]
KB902344.log	--a--c- 5654 bytes	[20:08 10/02/2006]	[20:08 10/02/2006]
KB902400.log	--a--c- 28324 bytes	[00:29 10/11/2005]	[00:45 10/11/2005]
KB904706.log	--a--c- 16120 bytes	[00:28 10/11/2005]	[00:43 10/11/2005]
KB904942.log	--a--c- 15374 bytes	[16:16 31/07/2006]	[16:22 31/07/2006]
KB905414.log	--a--c- 18320 bytes	[00:28 10/11/2005]	[00:44 10/11/2005]
KB905749.log	--a--c- 16420 bytes	[00:28 10/11/2005]	[00:43 10/11/2005]
KB905915.log	--a--c- 18335 bytes	[05:16 17/12/2005]	[10:01 17/12/2005]
KB906569.log	--a--c- 5051 bytes	[23:31 07/12/2006]	[23:32 07/12/2006]
KB908519.log	--a--c- 11404 bytes	[00:24 11/01/2006]	[10:00 11/01/2006]
KB908531.log	--a--c- 16781 bytes	[21:18 18/04/2006]	[09:02 19/04/2006]
KB910437.log	--a--c- 12011 bytes	[10:01 17/12/2005]	[10:01 17/12/2005]
KB910998.log	--a--c- 1102 bytes	[18:12 13/02/2007]	[18:12 13/02/2007]
KB911280.log	--a--c- 14723 bytes	[01:54 16/06/2006]	[02:09 16/06/2006]
KB911562.log	--a--c- 16028 bytes	[21:18 18/04/2006]	[09:02 19/04/2006]
KB911564.log	--a--c- 5591 bytes	[10:01 16/02/2006]	[10:01 16/02/2006]
KB911565.log	--a--c- 12723 bytes	[10:00 16/02/2006]	[09:01 19/04/2006]
KB911567.log	--a--c- 12503 bytes	[21:17 18/04/2006]	[09:00 19/04/2006]
KB911927.log	--a--c- 10568 bytes	[02:53 16/02/2006]	[10:02 16/02/2006]
KB911993-V2.log	--a--c- 12931 bytes	[15:42 13/10/2006]	[15:44 13/10/2006]
KB911993-V2Uninst.log	--a--c- 12692 bytes	[00:46 16/10/2006]	[00:47 16/10/2006]
KB912812.log	--a--c- 17585 bytes	[21:18 18/04/2006]	[09:01 19/04/2006]
KB912919.log	--a--c- 11716 bytes	[13:39 06/01/2006]	[10:00 07/01/2006]
KB913446.log	--a--c- 6573 bytes	[10:00 16/02/2006]	[10:00 16/02/2006]
KB913580.log	--a--c- 12368 bytes	[18:19 12/05/2006]	[18:20 12/05/2006]
KB914388.log	--a--c- 13017 bytes	[04:59 12/07/2006]	[09:02 12/07/2006]
KB914389.log	--a--c- 11506 bytes	[01:54 16/06/2006]	[02:08 16/06/2006]
KB914440.log	--a--c- 8703 bytes	[16:00 31/07/2006]	[17:05 30/01/2007]
KB915865.log	--a--c- 31638 bytes	[15:37 20/10/2006]	[19:21 13/02/2009]
KB916281.log	--a--c- 17757 bytes	[01:54 16/06/2006]	[02:09 16/06/2006]
KB916595.log	--a--c- 11250 bytes	[04:59 12/07/2006]	[09:01 12/07/2006]
KB917159.log	--a--c- 12473 bytes	[05:00 12/07/2006]	[09:02 12/07/2006]
KB917344.log	--a--c- 14980 bytes	[01:54 16/06/2006]	[02:09 16/06/2006]
KB917422.log	--a--c- 11917 bytes	[06:04 13/08/2006]	[09:01 13/08/2006]
KB917734.log	--a--c- 10487 bytes	[02:10 16/06/2006]	[02:11 16/06/2006]
KB917953.log	--a--c- 14743 bytes	[01:54 16/06/2006]	[02:09 16/06/2006]
KB917979.log	--a--c- 13932 bytes	[13:31 03/06/2006]	[13:32 03/06/2006]
KB917979Uninst.log	--a--c- 19517 bytes	[17:00 08/06/2006]	[16:08 26/06/2006]
KB918118.log	--a--c- 15649 bytes	[20:02 16/02/2007]	[10:02 17/02/2007]
KB918439.log	--a--c- 14607 bytes	[01:54 16/06/2006]	[02:10 16/06/2006]
KB918899.log	--a--c- 18948 bytes	[06:04 13/08/2006]	[09:02 13/08/2006]
KB919007.log	--a--c- 11577 bytes	[09:58 14/09/2006]	[15:55 15/09/2006]
KB920213.log	--a--c- 14404 bytes	[05:14 18/11/2006]	[10:01 18/11/2006]
KB920214.log	--a--c- 15459 bytes	[06:05 13/08/2006]	[09:03 13/08/2006]
KB920670.log	--a--c- 11755 bytes	[06:04 13/08/2006]	[09:01 13/08/2006]
KB920683.log	--a--c- 12164 bytes	[06:04 13/08/2006]	[09:01 13/08/2006]
KB920685.log	--a--c- 11404 bytes	[09:58 14/09/2006]	[15:55 15/09/2006]
KB920872.log	--a--c- 13191 bytes	[09:58 14/09/2006]	[15:55 15/09/2006]
KB921398.log	--a--c- 15848 bytes	[06:05 13/08/2006]	[09:02 13/08/2006]
KB921503.log	--a--c- 21903 bytes	[22:40 14/08/2007]	[09:06 15/08/2007]
KB921883.log	--a--c- 11040 bytes	[10:25 09/08/2006]	[09:01 10/08/2006]
KB922582.log	--a--c- 7685 bytes	[15:54 15/09/2006]	[15:54 15/09/2006]
KB922616.log	--a--c- 15451 bytes	[06:05 13/08/2006]	[09:03 13/08/2006]
KB922819.log	--a--c- 12406 bytes	[23:08 11/10/2006]	[09:05 12/10/2006]
KB923191.log	--a--c- 8867 bytes	[23:07 11/10/2006]	[09:01 12/10/2006]
KB923414.log	--a--c- 11586 bytes	[23:08 11/10/2006]	[09:05 12/10/2006]
KB923694.log	--a--c- 12494 bytes	[06:44 16/12/2006]	[10:01 16/12/2006]
KB923723.log	--a--c- 11271 bytes	[10:04 17/02/2007]	[10:04 17/02/2007]
KB923980.log	--a--c- 14529 bytes	[05:14 18/11/2006]	[10:02 18/11/2006]
KB924191.log	--a--c- 12600 bytes	[23:08 11/10/2006]	[09:05 12/10/2006]
KB924270.log	--a--c- 14533 bytes	[05:14 18/11/2006]	[10:02 18/11/2006]
KB924496.log	--a--c- 13344 bytes	[23:07 11/10/2006]	[09:05 12/10/2006]
KB924667.log	--a--c- 17793 bytes	[20:05 16/02/2007]	[10:03 17/02/2007]
KB925398.log	--a--c- 8131 bytes	[10:01 16/12/2006]	[10:01 16/12/2006]
KB925486.log	--a--c- 11683 bytes	[01:20 27/09/2006]	[17:37 27/09/2006]
KB925876.log	--a--c- 9069 bytes	[23:37 01/12/2006]	[23:38 01/12/2006]
KB925902.log	--a--c- 15560 bytes	[08:17 04/04/2007]	[09:01 04/04/2007]
KB926239.log	--a--c- 5210 bytes	[00:36 20/11/2006]	[00:37 20/11/2006]
KB926255.log	--a--c- 11843 bytes	[06:45 16/12/2006]	[10:01 16/12/2006]
KB926436.log	--a--c- 20065 bytes	[20:03 16/02/2007]	[10:02 17/02/2007]
KB927779.log	--a--c- 24532 bytes	[20:07 16/02/2007]	[10:04 17/02/2007]
KB927802.log	--a--c- 21626 bytes	[20:07 16/02/2007]	[10:04 17/02/2007]
KB927891.log	--a--c- 9822 bytes	[09:01 23/05/2007]	[09:01 23/05/2007]
KB928090-IE7.log	--a--c- 12892 bytes	[10:02 17/02/2007]	[10:02 17/02/2007]
KB928255.log	--a--c- 21283 bytes	[20:06 16/02/2007]	[10:04 17/02/2007]
KB928388.log	--a--c- 15760 bytes	[17:05 30/01/2007]	[17:05 30/01/2007]
KB928843.log	--a--c- 15351 bytes	[20:02 16/02/2007]	[10:01 17/02/2007]
KB929123.log	--a--c- 22669 bytes	[01:00 13/06/2007]	[09:03 13/06/2007]
KB929338.log	--a--c- 13455 bytes	[02:29 16/03/2007]	[09:01 16/03/2007]
KB929399.log	--a--c- 7445 bytes	[09:01 16/03/2007]	[09:02 16/03/2007]
KB929969.log	--a--c- 9831 bytes	[10:00 23/01/2007]	[15:58 25/09/2007]
KB930178.log	--a--c- 20130 bytes	[22:48 10/04/2007]	[09:01 11/04/2007]
KB930916.log	--a--c- 13641 bytes	[08:08 09/05/2007]	[09:03 09/05/2007]
KB931261.log	--a--c- 20654 bytes	[22:48 10/04/2007]	[09:01 11/04/2007]
KB931768-IE7.log	--a--c- 18695 bytes	[09:03 09/05/2007]	[09:03 09/05/2007]
KB931784.log	--a--c- 22306 bytes	[22:48 10/04/2007]	[09:01 11/04/2007]
KB931836.log	--a--c- 30591 bytes	[20:05 16/02/2007]	[10:03 17/02/2007]
KB932168.log	--a--c- 22225 bytes	[22:48 10/04/2007]	[09:01 11/04/2007]
KB933360.log	--a--c- 25137 bytes	[13:50 29/08/2007]	[09:01 30/08/2007]
KB933566-IE7.log	--a--c- 26164 bytes	[01:00 13/06/2007]	[09:01 13/06/2007]
KB933729.log	--a--c- 16338 bytes	[09:03 10/10/2007]	[09:03 10/10/2007]
KB935839.log	--a--c- 20890 bytes	[01:00 13/06/2007]	[09:01 13/06/2007]
KB935840.log	--a--c- 21180 bytes	[01:00 13/06/2007]	[09:03 13/06/2007]
KB936021.log	--a--c- 22974 bytes	[22:41 14/08/2007]	[09:06 15/08/2007]
KB936357.log	--a--c- 20161 bytes	[12:44 11/07/2007]	[09:08 12/07/2007]
KB936782.log	--a--c- 10932 bytes	[09:01 15/08/2007]	[09:02 15/08/2007]
KB937143-IE7.log	--a--c- 51448 bytes	[22:40 14/08/2007]	[09:02 04/10/2007]
KB937143.log	--a--c- 38166 bytes	[04:36 26/09/2007]	[09:01 26/09/2007]
KB938127-IE7.log	--a--c- 28913 bytes	[22:40 14/08/2007]	[09:01 04/10/2007]
KB938127.log	--a--c- 20728 bytes	[04:36 26/09/2007]	[09:01 26/09/2007]
KB938828.log	--a--c- 22621 bytes	[22:41 14/08/2007]	[09:06 15/08/2007]
KB938829.log	--a--c- 21701 bytes	[22:40 14/08/2007]	[09:06 15/08/2007]
KB939653-IE7.log	--a--c- 27210 bytes	[06:26 10/10/2007]	[09:02 10/10/2007]
KB939683.log	--a--c- 10160 bytes	[09:00 31/08/2007]	[09:01 31/08/2007]
KB941202.log	--a--c- 15436 bytes	[06:26 10/10/2007]	[09:01 10/10/2007]
KB941568.log	--a--c- 12909 bytes	[23:01 11/12/2007]	[10:01 12/12/2007]
KB941569.log	--a--c- 19503 bytes	[10:02 12/12/2007]	[10:03 12/12/2007]
KB941644.log	--a--c- 12689 bytes	[11:09 09/01/2008]	[10:02 10/01/2008]
KB941693.log	--a--c- 22470 bytes	[04:10 09/04/2008]	[09:05 09/04/2008]
KB942615-IE7.log	--a--c- 25139 bytes	[23:01 11/12/2007]	[10:02 12/12/2007]
KB942763.log	--a--c- 32286 bytes	[23:01 11/12/2007]	[10:03 12/12/2007]
KB943055.log	--a--c- 13019 bytes	[06:09 13/02/2008]	[10:01 13/02/2008]
KB943460.log	--a--c- 7983 bytes	[10:02 21/11/2007]	[10:02 21/11/2007]
KB943485.log	--a--c- 12936 bytes	[11:08 09/01/2008]	[10:02 10/01/2008]
KB944533-IE7.log	--a--c- 35231 bytes	[06:09 13/02/2008]	[10:01 21/02/2008]
KB944653.log	--a--c- 12778 bytes	[23:00 11/12/2007]	[10:01 12/12/2007]
KB945553.log	--a--c- 16020 bytes	[04:09 09/04/2008]	[09:02 09/04/2008]
KB946026.log	--a--c- 19146 bytes	[06:09 13/02/2008]	[10:03 13/02/2008]
KB947864-IE7.log	--a--c- 21502 bytes	[09:05 09/04/2008]	[09:05 09/04/2008]
KB948590.log	--a--c- 15928 bytes	[04:10 09/04/2008]	[09:05 09/04/2008]
KB948881.log	--a--c- 16066 bytes	[09:06 09/04/2008]	[09:06 09/04/2008]
KB952011.log	--a---- 8723 bytes	[15:08 07/05/2010]	[15:10 07/05/2010]
KB954708.log	--a---- 5026 bytes	[16:15 26/07/2009]	[16:16 26/07/2009]
KB974392.log	--a---- 8082 bytes	[15:20 19/12/2009]	[15:23 19/12/2009]
liveup.ini	--a---- 44 bytes	[19:11 16/02/2006]	[19:11 16/02/2006]
MailSwitch.ocx	--a---- 1305448 bytes	[15:32 24/11/2008]	[15:32 24/11/2008]
maxlink.ini	--a---- 31767 bytes	[20:29 26/10/2011]	[19:24 28/03/2008]
mchguid.ini	--a---- 58 bytes	[22:53 26/09/2007]	[22:53 26/09/2007]
MF_C420.lfa	--a--c- 3120 bytes	[15:07 17/11/1617]	[15:07 17/11/1617]
MF_C421.lfa	--a--c- 3120 bytes	[15:07 17/11/1617]	[15:07 17/11/1617]
MF_C425.lfa	--a--c- 3120 bytes	[15:27 18/11/1617]	[15:27 18/11/1617]
MnyAdvPak.log	--a--c- 1749 bytes	[01:48 03/11/2005]	[01:48 03/11/2005]
ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt	--a---- 3710 bytes	[01:33 03/11/2005]	[17:18 21/03/2013]
mozver.dat	--a--c- 3421 bytes	[21:15 06/07/2006]	[23:28 19/12/2008]
mp10oem.txt	--a--c- 48 bytes	[17:52 02/08/2004]	[17:52 02/08/2004]
MSCompPackV1.log	--a--c- 16056 bytes	[00:36 20/11/2006]	[11:46 24/09/2010]
msdfmap.ini	--a---- 1405 bytes	[18:51 10/08/2004]	[11:00 04/08/2004]
msgsocm.log	--a---- 57811 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
msoffice.ini	--a---- 2 bytes	[19:01 30/11/2005]	[19:01 30/11/2005]
msxml4-KB936181-enu.LOG	--a--c- 300086 bytes	[09:02 15/08/2007]	[09:03 15/08/2007]
NLSDownlevelMapping.log	--a--c- 44613 bytes	[15:38 20/10/2006]	[19:22 13/02/2009]
notepad.exe	--a---- 69120 bytes	[18:57 10/08/2004]	[20:06 20/03/2008]
nsreg.dat	--a---- 335 bytes	[01:48 03/11/2005]	[01:48 03/11/2005]
nsw.log	--a---- 572 bytes	[16:58 26/11/2011]	[16:58 26/11/2011]
ntbtlog.txt	--a--c- 64338 bytes	[22:31 19/12/2008]	[22:41 19/12/2008]
ntdtcsetup.log	--a---- 234411 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
ocgen.log	--a---- 575960 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
ocmsn.log	--a---- 63604 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
ODBC.INI	--a---- 376 bytes	[01:47 03/11/2005]	[16:32 29/03/2008]
ODBCINST.INI	--a---- 4161 bytes	[18:57 10/08/2004]	[21:33 27/01/2007]
OEWABLog.txt	--a--c- 2356 bytes	[19:03 10/08/2004]	[18:04 02/09/2009]
orun32.ini	--a---- 780 bytes	[19:12 10/08/2004]	[19:13 10/08/2004]
orun32.isu	--a--c- 203055 bytes	[19:12 10/08/2004]	[19:13 10/08/2004]
PCDLIB32.DLL	--a---- 212480 bytes	[23:12 07/02/2006]	[11:44 01/08/1995]
pdf995.ini	--a---- 28 bytes	[20:21 10/01/2008]	[20:21 10/01/2008]
playful_elephants.scr	--a---- 2855424 bytes	[12:25 29/06/2006]	[12:25 29/06/2006]
Prairie Wind.bmp	--a--c- 65954 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
Q810243.log	--a--c- 1453 bytes	[17:11 23/02/2006]	[17:11 23/02/2006]
QTFont.for	--a--c- 1409 bytes	[13:55 22/07/2008]	[13:55 22/07/2008]
QTFont.qfn	--ah-c- 54156 bytes	[13:55 22/07/2008]	[17:10 04/08/2008]
regedit.exe	------- 146432 bytes	[18:51 10/08/2004]	[20:06 20/03/2008]
regopt.log	--a--c- 2282 bytes	[18:57 10/08/2004]	[23:40 09/11/2005]
resetlog.txt	--a--c- 3294 bytes	[23:09 19/12/2008]	[23:09 19/12/2008]
Rhododendron.bmp	--a--c- 17362 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
River Sumida.bmp	--a--c- 26680 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
Santa Fe Stucco.bmp	--a--c- 65832 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
SchedLgU.Txt	--a---- 32542 bytes	[19:08 10/08/2004]	[17:51 21/03/2013]
sessmgr.setup.log	--a--c- 2998 bytes	[19:01 10/08/2004]	[14:14 21/04/2008]
setpwrcg.exe	--a---- 49152 bytes	[01:24 03/11/2005]	[01:24 03/11/2005]
setupact.del	--a--c- 205956 bytes	[18:57 10/08/2004]	[19:07 10/08/2004]
setupact.log	--a---- 17544 bytes	[01:33 03/11/2005]	[17:13 17/03/2013]
setupapi.del	--a--c- 1016400 bytes	[18:57 10/08/2004]	[19:36 10/08/2004]
setupapi.log	--a---- 845104 bytes	[21:01 11/10/2009]	[02:23 02/03/2013]
setuperr.del	--a--c- 0 bytes	[18:57 10/08/2004]	[18:57 10/08/2004]
setuperr.log	--a--c- 0 bytes	[01:33 03/11/2005]	[01:33 03/11/2005]
setuplog.del	--a--c- 726441 bytes	[18:57 10/08/2004]	[19:07 10/08/2004]
setuplog.txt	--a--c- 160306 bytes	[23:39 09/11/2005]	[15:12 21/04/2008]
slrundll.exe	------- 32866 bytes	[12:43 15/04/2008]	[20:06 20/03/2008]
smscfg.ini	--a---- 61 bytes	[02:01 03/11/2005]	[02:01 03/11/2005]
Soap Bubbles.bmp	--a--c- 65978 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
spupdsvc.log	--a--c- 236889 bytes	[10:08 16/02/2006]	[16:06 17/02/2013]
spupdsvc.log.1.log	--a--c- 187 bytes	[15:14 21/04/2008]	[15:14 21/04/2008]
Sti_Trace.log	--a--c- 204156 bytes	[18:59 10/08/2004]	[18:39 05/03/2013]
svcpack.log	--a--c- 543825 bytes	[00:23 08/02/2006]	[14:18 21/04/2008]
system.ini	--a---- 254 bytes	[18:51 10/08/2004]	[14:15 16/03/2013]
T30DebugLogFile.txt	--a--c- 0 bytes	[19:01 10/08/2004]	[19:01 10/08/2004]
TASKMAN.EXE	--a---- 15360 bytes	[18:57 10/08/2004]	[11:00 04/08/2004]
TrueInstall.exe	--a---- 74608 bytes	[01:28 23/02/2009]	[00:48 22/01/2009]
TrueProcess.exe	--a---- 11112 bytes	[11:50 18/11/2008]	[11:50 18/11/2008]
tsoc.log	--a---- 444811 bytes	[18:57 10/08/2004]	[16:04 17/02/2013]
twain.dll	--a---- 94784 bytes	[18:51 10/08/2004]	[11:00 04/08/2004]
twain_32.dll	--a---- 50688 bytes	[18:51 10/08/2004]	[20:06 20/03/2008]
twunk_16.exe	--a---- 49680 bytes	[18:51 10/08/2004]	[11:00 04/08/2004]
twunk_32.exe	--a---- 25600 bytes	[18:51 10/08/2004]	[11:00 04/08/2004]
uninst.exe	--a---- 4728200 bytes	[14:44 07/01/2013]	[14:41 07/01/2013]
uninstalldrv.exe	--a---- 283 bytes	[17:12 05/01/2006]	[17:12 05/01/2006]
UninstallFirefox.exe	--a---- 99965 bytes	[23:28 19/12/2008]	[23:28 19/12/2008]
UNWISE.EXE	--a---- 149504 bytes	[01:58 03/11/2005]	[16:55 25/06/1999]
updspapi.log	--a--c- 953384 bytes	[01:44 03/11/2005]	[16:03 17/02/2013]
vb.ini	--a---- 36 bytes	[19:02 10/08/2004]	[19:02 10/08/2004]
vbaddin.ini	--a---- 37 bytes	[19:02 10/08/2004]	[19:02 10/08/2004]
vmmreg32.dll	--a---- 18944 bytes	[18:51 10/08/2004]	[11:00 04/08/2004]
vVX3000.dll	--a---- 476520 bytes	[23:55 29/06/2006]	[21:46 10/04/2007]
vVX3000.exe	--a---- 709992 bytes	[23:55 29/06/2006]	[21:46 10/04/2007]
VX3000.dll	--a---- 111976 bytes	[23:46 29/06/2006]	[21:46 10/04/2007]
VX3000.ini	--a---- 15498 bytes	[02:30 15/04/2006]	[21:46 10/04/2007]
VX3000.src	--a--c- 13023 bytes	[02:30 15/04/2006]	[21:46 10/04/2007]
Walgreens PhotoShow.scr	--a---- 294912 bytes	[23:04 09/08/2006]	[22:10 19/05/2005]
Wdf01007Inst.log	--a---- 9311 bytes	[21:00 11/10/2009]	[21:01 11/10/2009]
WGA.log	--a--c- 6112 bytes	[18:16 12/05/2006]	[18:17 12/05/2006]
WgaNotify.log	--a--c- 32992 bytes	[18:14 03/05/2006]	[15:28 21/03/2007]
wiadebug.log	--a---- 159 bytes	[18:59 10/08/2004]	[17:18 21/03/2013]
wiaservc.log	--a---- 49 bytes	[18:59 10/08/2004]	[17:18 21/03/2013]
WIC.log	--a--c- 6353 bytes	[22:56 03/04/2008]	[22:56 03/04/2008]
win.ini	--a---- 595 bytes	[18:51 10/08/2004]	[14:15 16/03/2013]
WindowsShell.Manifest	-rah--- 749 bytes	[19:02 10/08/2004]	[19:02 10/08/2004]
WindowsUpdate.log	--a---- 1584020 bytes	[19:02 10/08/2004]	[17:19 21/03/2013]
winhelp.exe	--a---- 256192 bytes	[18:51 10/08/2004]	[11:00 04/08/2004]
winhlp32.exe	--a---- 283648 bytes	[18:51 10/08/2004]	[20:06 20/03/2008]
wininit.ini	--a---- 626 bytes	[01:51 03/11/2005]	[18:38 11/12/2007]
winnt.bmp	--ahsc- 48680 bytes	[19:02 10/08/2004]	[11:00 04/08/2004]
winnt256.bmp	--ahsc- 48680 bytes	[19:02 10/08/2004]	[11:00 04/08/2004]
winpoint.ini	--a---- 54 bytes	[04:12 28/06/2010]	[04:12 28/06/2010]
WMCSetup.log	--a--c- 11010 bytes	[16:17 31/07/2006]	[16:17 31/07/2006]
WMFDist11.log	--a--c- 169981 bytes	[00:34 20/11/2006]	[11:44 24/09/2010]
wmp11.log	--a--c- 68515 bytes	[00:35 20/11/2006]	[11:46 24/09/2010]
wmsetup.log	--a--c- 249620 bytes	[19:01 10/08/2004]	[16:14 08/01/2013]
wmsetup10.log	--a--c- 16115 bytes	[01:46 03/11/2005]	[11:47 24/09/2010]
WMSysPr9.prx	--a--c- 316640 bytes	[19:03 10/08/2004]	[00:34 20/11/2006]
wpd99.drv	--a---- 59 bytes	[20:16 10/01/2008]	[20:09 28/01/2013]
Wudf01000Inst.log	--a--c- 16312 bytes	[00:33 20/11/2006]	[11:43 24/09/2010]
xpsp1hfm.log	--a--c- 2694 bytes	[01:52 03/11/2005]	[15:03 17/02/2013]
Zapotec.bmp	--a--c- 9522 bytes	[19:01 10/08/2004]	[11:00 04/08/2004]
_default.pif	--a---- 707 bytes	[18:50 10/08/2004]	[11:00 04/08/2004]
ƴ	--ahs-- 1607442432 bytes	[15:00 22/01/2013]	[15:00 22/01/2013]
ƴȂ粑	--ahs-- 1607442432 bytes	[15:00 22/01/2013]	[15:00 22/01/2013]
ƴ ϛ	--ahs-- 1607442432 bytes	[15:00 22/01/2013]	[15:00 22/01/2013]
࢘ƴ	--ahs-- 1607442432 bytes	[15:00 22/01/2013]	[15:00 22/01/2013]
、J	--ahs-- 1607442432 bytes	[17:45 16/12/2012]	[15:00 22/01/2013]
橤粔⡇粑ꓠ	--ahs-- 1607442432 bytes	[17:45 16/12/2012]	[15:00 22/01/2013]
橤粔⡇粑ꓸ	--ahs-- 1607442432 bytes	[17:45 16/12/2012]	[15:00 22/01/2013]
郩䡼郶ｼ&#65535;䇿郶&#979311;w	--ahs-- 1607442432 bytes	[12:43 11/02/2013]	[13:42 16/02/2013]
ꦤ	--ahs-- 1607442432 bytes	[12:43 11/02/2013]	[13:42 16/02/2013]
콜粐ꊃ粑&#65535;&#65535;ꂈ	--ahs-- 1607442432 bytes	[15:00 22/01/2013]	[15:00 22/01/2013]

---Folders---
$hf_mig$	d--h---	[01:41 03/11/2005]
$MSI31Uninstall_KB893803v2$	d--h-c-	[00:13 10/11/2005]
$NtServicePackUninstall$	d--h-c-	[13:57 21/04/2008]
$NtServicePackUninstallIDNMitigationAPIs$	d--h-c-	[15:39 20/10/2006]
$NtServicePackUninstallNLSDownlevelMapping$	d--h-c-	[15:38 20/10/2006]
$NtUninstallbasecsp$	d--h-c-	[16:17 31/07/2006]
$NtUninstallKB885836$	d--h-c-	[00:46 10/11/2005]
$NtUninstallKB885884$	d--h-c-	[00:43 10/11/2005]
$NtUninstallKB886185$	d--h-c-	[00:44 10/11/2005]
$NtUninstallKB887742$	d--h-c-	[00:45 10/11/2005]
$NtUninstallKB888302$	d--h-c-	[00:44 10/11/2005]
$NtUninstallKB890046$	d--h-c-	[00:45 10/11/2005]
$NtUninstallKB890859$	d--h-c-	[00:42 10/11/2005]
$NtUninstallKB893066$	d--h-c-	[00:44 10/11/2005]
$NtUninstallKB893756$	d--h-c-	[00:46 10/11/2005]
$NtUninstallKB894391$	d--h-c-	[00:42 10/11/2005]
$NtUninstallKB895316$	d--h-c-	[20:07 10/02/2006]
$NtUninstallKB896344$	d--h-c-	[16:16 31/07/2006]
$NtUninstallKB896358$	d--h-c-	[00:45 10/11/2005]
$NtUninstallKB896423$	d--h-c-	[00:46 10/11/2005]
$NtUninstallKB896424$	d--h-c-	[00:46 10/11/2005]
$NtUninstallKB896428$	d--h-c-	[00:43 10/11/2005]
$NtUninstallKB896688$	d--h-c-	[00:44 10/11/2005]
$NtUninstallKB898458$	d--h-c-	[00:45 10/11/2005]
$NtUninstallKB898461$	d--h-c-	[00:13 10/11/2005]
$NtUninstallKB899587$	d--h-c-	[00:47 10/11/2005]
$NtUninstallKB899591$	d--h-c-	[00:46 10/11/2005]
$NtUninstallKB900485$	d--h-c-	[09:00 27/04/2006]
$NtUninstallKB900725$	d--h-c-	[00:44 10/11/2005]
$NtUninstallKB901017$	d--h-c-	[00:46 10/11/2005]
$NtUninstallKB901190$	d--h-c-	[09:01 29/10/2007]
$NtUninstallKB902344$	d--h-c-	[20:08 10/02/2006]
$NtUninstallKB902400$	d--h-c-	[00:45 10/11/2005]
$NtUninstallKB904706$	d--h-c-	[00:43 10/11/2005]
$NtUninstallKB904942$	d--h-c-	[16:22 31/07/2006]
$NtUninstallKB905414$	d--h-c-	[00:44 10/11/2005]
$NtUninstallKB905749$	d--h-c-	[00:43 10/11/2005]
$NtUninstallKB905915$	d--h-c-	[10:00 17/12/2005]
$NtUninstallKB906569$	d--h-c-	[23:32 07/12/2006]
$NtUninstallKB908519$	d--h-c-	[10:00 11/01/2006]
$NtUninstallKB908531$	d--h-c-	[09:02 19/04/2006]
$NtUninstallKB910437$	d--h-c-	[10:01 17/12/2005]
$NtUninstallKB911280$	d--h-c-	[02:09 16/06/2006]
$NtUninstallKB911562$	d--h-c-	[09:01 19/04/2006]
$NtUninstallKB911564$	d--h-c-	[10:01 16/02/2006]
$NtUninstallKB911565$	d--h-c-	[10:01 16/02/2006]
$NtUninstallKB911567$	d--h-c-	[09:00 19/04/2006]
$NtUninstallKB911927$	d--h-c-	[10:02 16/02/2006]
$NtUninstallKB912812$	d--h-c-	[09:01 19/04/2006]
$NtUninstallKB912919$	d--h-c-	[10:00 07/01/2006]
$NtUninstallKB913446$	d--h-c-	[10:00 16/02/2006]
$NtUninstallKB913580$	d--h-c-	[18:20 12/05/2006]
$NtUninstallKB914388$	d--h-c-	[09:01 12/07/2006]
$NtUninstallKB914389$	d--h-c-	[02:08 16/06/2006]
$NtUninstallKB914440$	d--h-c-	[16:01 31/07/2006]
$NtUninstallKB915865$	d--h-c-	[15:38 20/10/2006]
$NtUninstallKB916281$	d--h-c-	[02:08 16/06/2006]
$NtUninstallKB916595$	d--h-c-	[09:01 12/07/2006]
$NtUninstallKB917159$	d--h-c-	[09:02 12/07/2006]
$NtUninstallKB917344$	d--h-c-	[02:09 16/06/2006]
$NtUninstallKB917422$	d--h-c-	[09:01 13/08/2006]
$NtUninstallKB917734_WMP10$	d--h-c-	[02:10 16/06/2006]
$NtUninstallKB917953$	d--h-c-	[02:09 16/06/2006]
$NtUninstallKB918118$	d--h-c-	[10:02 17/02/2007]
$NtUninstallKB918439$	d--h-c-	[02:09 16/06/2006]
$NtUninstallKB918899$	d--h-c-	[09:01 13/08/2006]
$NtUninstallKB919007$	d--h-c-	[15:55 15/09/2006]
$NtUninstallKB920213$	d--h-c-	[10:00 18/11/2006]
$NtUninstallKB920214$	d--h-c-	[09:03 13/08/2006]
$NtUninstallKB920670$ d--h-c-	[09:01 13/08/2006]
$NtUninstallKB920683$	d--h-c-	[09:00 13/08/2006]
$NtUninstallKB920685$	d--h-c-	[15:55 15/09/2006]
$NtUninstallKB920872$	d--h-c-	[15:55 15/09/2006]
$NtUninstallKB921398$	d--h-c-	[09:02 13/08/2006]
$NtUninstallKB921503$	d--h-c-	[09:06 15/08/2007]
$NtUninstallKB921883$	d--h-c-	[09:00 10/08/2006]
$NtUninstallKB922582$	d--h-c-	[15:54 15/09/2006]
$NtUninstallKB922616$	d--h-c-	[09:02 13/08/2006]
$NtUninstallKB922819$	d--h-c-	[09:05 12/10/2006]
$NtUninstallKB923191$	d--h-c-	[09:01 12/10/2006]
$NtUninstallKB923414$	d--h-c-	[09:05 12/10/2006]
$NtUninstallKB923694$	d--h-c-	[10:00 16/12/2006]
$NtUninstallKB923723$	d--h-c-	[10:04 17/02/2007]
$NtUninstallKB923980$	d--h-c-	[10:02 18/11/2006]
$NtUninstallKB924191$	d--h-c-	[09:05 12/10/2006]
$NtUninstallKB924270$	d--h-c-	[10:02 18/11/2006]
$NtUninstallKB924496$	d--h-c-	[09:04 12/10/2006]
$NtUninstallKB924667$	d--h-c-	[10:03 17/02/2007]
$NtUninstallKB925398_WMP64$	d--h-c-	[10:01 16/12/2006]
$NtUninstallKB925486$	d--h-c-	[17:36 27/09/2006]
$NtUninstallKB925876$	d--h-c-	[23:38 01/12/2006]
$NtUninstallKB925902$	d--h-c-	[09:01 04/04/2007]
$NtUninstallKB926239$	d--h-c-	[00:36 20/11/2006]
$NtUninstallKB926255$	d--h-c-	[10:01 16/12/2006]
$NtUninstallKB926436$	d--h-c-	[10:02 17/02/2007]
$NtUninstallKB927779$	d--h-c-	[10:04 17/02/2007]
$NtUninstallKB927802$	d--h-c-	[10:04 17/02/2007]
$NtUninstallKB927891$	d--h-c-	[09:01 23/05/2007]
$NtUninstallKB928255$	d--h-c-	[10:04 17/02/2007]
$NtUninstallKB928388$	d--h-c-	[17:05 30/01/2007]
$NtUninstallKB928843$	d--h-c-	[10:01 17/02/2007]
$NtUninstallKB929123$	d--h-c-	[09:03 13/06/2007]
$NtUninstallKB929338$	d--h-c-	[09:01 16/03/2007]
$NtUninstallKB929399$	d--h-c-	[09:02 16/03/2007]
$NtUninstallKB930178$	d--h-c-	[09:01 11/04/2007]
$NtUninstallKB930916$	d--h-c-	[09:02 09/05/2007]
$NtUninstallKB931261$	d--h-c-	[09:01 11/04/2007]
$NtUninstallKB931784$	d--h-c-	[09:01 11/04/2007]
$NtUninstallKB931836$	d--h-c-	[10:03 17/02/2007]
$NtUninstallKB932168$	d--h-c-	[09:01 11/04/2007]
$NtUninstallKB933360$	d--h-c-	[09:01 30/08/2007]
$NtUninstallKB933729$	d--h-c-	[09:03 10/10/2007]
$NtUninstallKB935839$	d--h-c-	[09:01 13/06/2007]
$NtUninstallKB935840$	d--h-c-	[09:03 13/06/2007]
$NtUninstallKB936021$	d--h-c-	[09:06 15/08/2007]
$NtUninstallKB936357$	d--h-c-	[09:07 12/07/2007]
$NtUninstallKB936782_WMP11$	d--h-c-	[09:01 15/08/2007]
$NtUninstallKB937143$	d--h-c-	[09:01 26/09/2007]
$NtUninstallKB938127$	d--h-c-	[09:01 26/09/2007]
$NtUninstallKB938828$	d--h-c-	[09:06 15/08/2007]
$NtUninstallKB938829$	d--h-c-	[09:06 15/08/2007]
$NtUninstallKB939683$	d--h-c-	[09:01 31/08/2007]
$NtUninstallKB941202$	d--h-c-	[09:01 10/10/2007]
$NtUninstallKB941568$	d--h-c-	[10:01 12/12/2007]
$NtUninstallKB941569$	d--h-c-	[10:03 12/12/2007]
$NtUninstallKB941644$	d--h-c-	[10:02 10/01/2008]
$NtUninstallKB941693$	d--h-c-	[09:05 09/04/2008]
$NtUninstallKB942763$	d--h-c-	[10:03 12/12/2007]
$NtUninstallKB943055$	d--h-c-	[10:01 13/02/2008]
$NtUninstallKB943460$	d--h-c-	[10:02 21/11/2007]
$NtUninstallKB943485$	d--h-c-	[10:01 10/01/2008]
$NtUninstallKB944653$	d--h-c-	[10:01 12/12/2007]
$NtUninstallKB945553$	d--h-c-	[09:02 09/04/2008]
$NtUninstallKB946026$	d--h-c-	[10:03 13/02/2008]
$NtUninstallKB948590$	d--h-c-	[09:04 09/04/2008]
$NtUninstallKB948881$	d--h-c-	[09:06 09/04/2008]
$NtUninstallKB952011$	d--h-c-	[15:09 07/05/2010]
$NtUninstallKB954708$	d--h-c-	[16:16 26/07/2009]
$NtUninstallKB974392$	d--h-c-	[15:22 19/12/2009]
$NtUninstallMSCompPackV1$	d--h-c-	[00:36 20/11/2006]
$NtUninstallWdf01007$	d--h-c-	[21:01 11/10/2009]
$NtUninstallWIC$	d--h-c-	[22:56 03/04/2008]
$NtUninstallWMCSetup$	d--h-c-	[16:17 31/07/2006]
$NtUninstallWMFDist11$	d--h-c-	[00:34 20/11/2006]
$NtUninstallwmp11$	d--h-c-	[00:35 20/11/2006]
$NtUninstallWudf01000$	d--h-c-	[00:33 20/11/2006]
addins	d------	[18:52 10/08/2004]
AppPatch	d------	[18:52 10/08/2004]
assembly	dr--s--	[19:09 10/08/2004]
Cache	d------	[18:10 04/11/2008]
canonbj	d------	[16:43 10/11/2005]
Config	d------	[18:52 10/08/2004]
Connection Wizard	d------	[18:52 10/08/2004]
Cursors	d------	[18:52 10/08/2004]
Debug	d------	[18:52 10/08/2004]
Downloaded Installations	d------	[01:44 03/11/2005]
Downloaded Program Files	d---s--	[19:03 10/08/2004]
Driver Cache	d------	[18:52 10/08/2004]
EHome	d------	[13:57 21/04/2008]
erdnt	d------	[03:03 03/03/2013]
Fonts	dr--s--	[18:52 10/08/2004]
ftpcache	d--hs--	[18:10 23/10/2006]
Help	d------	[18:52 10/08/2004]
Hewlett-Packard	d------	[17:11 14/11/2005]
ie7	d--h-c-	[16:11 02/10/2007]
ie7updates	d------	[10:00 23/01/2007]
ie8	d--h-c-	[16:00 17/02/2013]
ie8updates	d------	[15:05 17/02/2013]
ime	d------	[18:52 10/08/2004]
inf	d--h---	[18:52 10/08/2004]
Installer	d--hs--	[18:57 10/08/2004]
Intuit	d------	[01:51 03/11/2005]
java	d------	[18:52 10/08/2004]
l2schemas	d------	[14:11 21/04/2008]
Media	d------	[18:52 10/08/2004]
Microsoft.NET	d------	[19:09 10/08/2004]
Minidump	d------	[01:39 15/01/2006]
msagent	d------	[18:52 10/08/2004]
msapps	d------	[18:52 10/08/2004]
mui	d------	[18:52 10/08/2004]
network diagnostic	d------	[16:01 31/07/2006]
occache	d------	[01:49 03/11/2005]
Offline Web Pages	dr-----	[19:03 10/08/2004]
pchealth	d------	[18:52 10/08/2004]
PeerNet	d------	[18:52 10/08/2004]
Performance	d------	[17:24 30/01/2007]
Prefetch	d------	[15:11 21/04/2008]
Provisioning	d------	[18:52 10/08/2004]
pss	d------	[17:29 03/05/2006]
RegisteredPackages	d------	[01:45 03/11/2005]
Registration	d------	[19:02 10/08/2004]
repair	d------	[18:52 10/08/2004]
Resources	d------	[18:52 10/08/2004]
security	d------	[18:52 10/08/2004]
ServicePackFiles	d------	[14:07 21/04/2008]
ShellNew	d------	[01:47 03/11/2005]
SoftwareDistribution	d------	[19:08 10/08/2004]
srchasst	d------	[19:02 10/08/2004]
Sun	d------	[16:09 15/12/2005]
SxsCaPendDel	d------	[15:33 22/05/2011]
system	d------	[18:52 10/08/2004]
system32	d------	[01:27 03/11/2005]
Tasks	d---s--	[19:02 10/08/2004]
temp	d------	[03:49 03/03/2013]
twain_32	d------	[18:52 10/08/2004]
WBEM	d------	[15:41 20/10/2006]
Web	dr-----	[18:52 10/08/2004]
Windows Update Setup Files	d------	[19:09 13/02/2009]
WinSxS	d------	[18:52 10/08/2004]

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please open c:\Windows and take two screenshots.

For the first one scroll down past all of the folders to the list of files and take a screenshot showing all of the files from the beginning down to "Active Setup Log.txt "

For the second one scroll down to the very bottom of the list of file and take a screenshot showing all files that come after the one called "Zapotec.bmp".


----------



## kwatts (Jan 8, 2013)

I am waiting for the pictures to come back from my son, he is on the road. The net broadcast still shows up when I shut the computer down at night.


----------



## Cookiegal (Aug 27, 2003)

There is no need to take pictures of those as you can do screenshots.


----------



## kwatts (Jan 8, 2013)

How do you do screenshots?


----------



## Cookiegal (Aug 27, 2003)

When you have the screen you want to copy hit the Print Screen key on your keyboard. The location varies depending the type of keyboard but it should be on the same row as the F keys across the top and to the right. It may just say "prt scrn" or some variation of that. You won't see anything happen. It just copies the screen to the clipboard (which is invisible) and then you have to open up Paint (which comes with the operating system). To open Paint go to Start - All Programs - Accessories - Paint.

Now click on "Edit" and select "Paste" and your screenshot should appear there. You have to save the image and then you can upload it here as an attachment.

To upload an attachment, under the reply box click on "Manage Attachments" and then click on "Browse" to locate the file on your computer. Next click on "Open" and then on "Upload" and finally submit the reply.


----------



## kwatts (Jan 8, 2013)

There are no files or folders after zapotec.bmp. See attached.


----------



## Cookiegal (Aug 27, 2003)

Very good. :up:

Can you do just one more and that would at the top of the folder (the very top of the screen as you pull it up).


----------



## kwatts (Jan 8, 2013)

Here it is-see attached.


----------



## Cookiegal (Aug 27, 2003)

I see on your desktop you have things called "Chinese bond coupon". I'm thinking those files could be related to those as there could be Chinese characters. What are those?


----------



## kwatts (Jan 8, 2013)

they are just pictures of bonds.


----------



## Cookiegal (Aug 27, 2003)

OK. Please do this:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Hide protected operating system files" is unchecked. Then "Apply to all folders". Click "Apply" then "OK".

Then redo all of the screenshots please. Hopefully this will make them appear as they have system file attributes.


----------



## kwatts (Jan 8, 2013)

see attached 2 screen shots.


----------



## Cookiegal (Aug 27, 2003)

OK good. Now we can at least see them there at the bottom. All of the ones that come after the Installer folder with the exception of the three in the middle that appear normal.

Please go to *VirusTotal* and upload the following file for scanning.

Click *Choose File*
Navigate to one of those files then click *Open* 
Click *Scan It*
If you get a message saying the file has already been analyzed click *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

Do the same for two or three more of them please.


----------



## kwatts (Jan 8, 2013)

The files are to big to scan.


----------



## Cookiegal (Aug 27, 2003)

Try uploading just one of them to this site for analysis.

http://www.thespykiller.co.uk/index.php?board=1.0

Here are the directions for uploading the file:

Just register to create an account then click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.

If it's still too big to upload there as try zipping it first.


----------



## kwatts (Jan 8, 2013)

It said unable to verify url.


----------



## Cookiegal (Aug 27, 2003)

There is no URL involved. You are uploading a file.


----------



## kwatts (Jan 8, 2013)

I am sorry, but I am confused on how to post a link to the thread here.


----------



## Cookiegal (Aug 27, 2003)

Never mind that part. Have you uploaded the file?


----------



## kwatts (Jan 8, 2013)

It won't upload any of those files in windows.


----------



## Cookiegal (Aug 27, 2003)

Why not?


----------



## kwatts (Jan 8, 2013)

I tried several times but no message or errors.


----------



## kwatts (Jan 8, 2013)

I have a thread started but it wouldn't upload those items.


----------



## Cookiegal (Aug 27, 2003)

Please right-click on one of those files and select "properties". I already know their sizes and creation dates but tell me please if there is a "version" tab and if there is, click on it and tell me what information appears there.


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users" and then to the right of that change the File Age from 30 days to 90 days.
Under the *Additional Scans *section put a check in the box next to EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## kwatts (Jan 8, 2013)

There is no version tab. See attachment.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway
YN -> HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell4me.com/myway
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell4me.com/myway
YN -> HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell4me.com/myway
[Files/Folders - Created Within 90 Days]
NY ->  SpeedyPC Software -> C:\Documents and Settings\Karen Watts\Application Data\SpeedyPC Software
NY ->  SpeedyPC Software -> C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
NY ->  PC Cleaners -> C:\Documents and Settings\Karen Watts\Application Data\PC Cleaners
NY ->  uninst.exe -> C:\WINDOWS\uninst.exe
NY ->  PCPro -> C:\Documents and Settings\Karen Watts\Application Data\PCPro
[Files/Folders - Modified Within 90 Days]
NY ->  1 -> C:\WINDOWS\1
NY ->  @ -> C:\WINDOWS\@
NY ->  4 C:\Documents and Settings\Karen Watts\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Karen Watts\Local Settings\temp\*.tmp
[Files - No Company Name]
NY ->  0 -> C:\WINDOWS\0
NY ->  1 -> C:\WINDOWS\1
[Files/Folders - Unicode - All]
NY -> C:\WINDOWS\????? -> C:\WINDOWS\&#27236;&#31892;&#10311;&#31889;&#42208;
NY -> C:\WINDOWS\?J -> C:\WINDOWS\&#12289;J
NY -> C:\WINDOWS\? ? -> C:\WINDOWS\&#436;&#8192;&#987;
NY -> C:\WINDOWS\? -> C:\WINDOWS\&#436;
NY -> C:\WINDOWS\?? -> C:\WINDOWS\&#2200;&#436;
NY -> C:\WINDOWS\??? -> C:\WINDOWS\&#436;&#514;&#31889;
NY -> C:\WINDOWS\??????? -> C:\WINDOWS\&#53084;&#31888;&#41603;&#31889;&#65535;&#65535;&#41096;
NY -> C:\WINDOWS\? ? -> C:\WINDOWS\&#436;&#8192;&#987;
NY -> C:\WINDOWS\? -> C:\WINDOWS\&#436;
NY -> C:\WINDOWS\?? -> C:\WINDOWS\&#2200;&#436;
NY -> C:\WINDOWS\??? -> C:\WINDOWS\&#436;&#514;&#31889;
NY -> C:\WINDOWS\????? -> C:\WINDOWS\&#27236;&#31892;&#10311;&#31889;&#42208;
NY -> C:\WINDOWS\??????? -> C:\WINDOWS\&#53084;&#31888;&#41603;&#31889;&#65535;&#65535;&#41096;
NY -> C:\WINDOWS\?J -> C:\WINDOWS\&#12289;J
NY -> C:\WINDOWS\? -> C:\WINDOWS\&#43428;
NY -> C:\WINDOWS\?????????w -> C:\WINDOWS\&#37097;&#18556;&#37110;&#65404;&#65535;&#16895;&#37110;&#979311;w
NY -> C:\WINDOWS\? -> C:\WINDOWS\&#43428;
NY -> C:\WINDOWS\?????????w -> C:\WINDOWS\&#37097;&#18556;&#37110;&#65404;&#65535;&#16895;&#37110;&#979311;w
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## kwatts (Jan 8, 2013)

See attached!


----------



## Cookiegal (Aug 27, 2003)

For some reason when posting the fix most of those odd-looking files didn't copy over properly. The code tags converted them to something else. I've used quote tags instead. Please run this new fix the way you did the previous one and copy/paste the new log (there's no need to upload that as an attachment as it's quite shorter than the original log.



> [Kill All Processes]
> [Unregister Dlls]
> [Files/Folders - Unicode - All]
> NY -> C:\WINDOWS\????? -> C:\WINDOWS\橤粔⡇粑ꓠ
> ...


----------



## kwatts (Jan 8, 2013)

All Processes Killed
[Files/Folders - Unicode - All]
C:\WINDOWS\橤粔⡇粑ꓠ moved successfully.
C:\WINDOWS\、J moved successfully.
C:\WINDOWS\ƴ ϛ moved successfully.
C:\WINDOWS\ƴ moved successfully.
C:\WINDOWS\࢘ƴ moved successfully.
C:\WINDOWS\ƴȂ粑 moved successfully.
C:\WINDOWS\콜粐ꊃ粑&#65535;&#65535;ꂈ moved successfully.
File C:\WINDOWS\ƴ ϛ not found!
File C:\WINDOWS\ƴ not found!
File C:\WINDOWS\࢘ƴ not found!
File C:\WINDOWS\ƴȂ粑 not found!
File C:\WINDOWS\橤粔⡇粑ꓠ not found!
File C:\WINDOWS\콜粐ꊃ粑&#65535;&#65535;ꂈ not found!
File C:\WINDOWS\、J not found!
C:\WINDOWS\ꦤ moved successfully.
File C:\WINDOWS\郩䡼郶ｼ&#65535;䇿郶��w not found!
File C:\WINDOWS\郩䡼郶ｼ&#65535;䇿郶��w not found!
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Karen Watts
->Temp folder emptied: 60170 bytes
->Temporary Internet Files folder emptied: 36894 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8784648 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Karen Watts
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: Karen Watts
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 03232013_104502

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## Cookiegal (Aug 27, 2003)

Can you take a look in the C:\Windows folder again and see if they are now all gone from the bottom?


----------



## kwatts (Jan 8, 2013)

There are 2 left.


----------



## Cookiegal (Aug 27, 2003)

Can you post a screenshot please?


----------



## kwatts (Jan 8, 2013)

see attached.


----------



## Cookiegal (Aug 27, 2003)

See if you can right-click on those and select "delete". Let me know if that works.


----------



## kwatts (Jan 8, 2013)

They deleted! The net broadcasting still shows up when I shut down in the evening. Did you say that might something to do with CloudZow. Cloudzow is a back up of everything each day. Do you think that is good to use!


----------



## Cookiegal (Aug 27, 2003)

No, I thought the defragmenting problem (when it stalls on Volume Shadow Copy) might be caused by CloudZow.

Are you still getting the "Net-broadcast" error since deleting all of these files?


----------



## kwatts (Jan 8, 2013)

Yes it still comes up


----------



## Cookiegal (Aug 27, 2003)

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## kwatts (Jan 8, 2013)

see attachment


----------



## Cookiegal (Aug 27, 2003)

Please copy and paste the log as requested.


----------



## kwatts (Jan 8, 2013)

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-23 16:36:56
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0 74.51GB
Running: ir67z48q.exe; Driver: C:\DOCUME~1\KARENW~1\LOCALS~1\Temp\kwldqpow.sys

---- System - GMER 2.1 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0xEE4070DA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0xEE407CA6]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ZwCreateThread [0xEE5A3670]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0xEE407EB8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0xEE40B714]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0xEE40B756]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0xEE40B8FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0xEE407DCA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0xEE407282]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0xEE407482]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0xEE4075C2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0xEE40B85E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0xEE40B7A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0xEE40B7EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0xEE40B824]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0xEE407068]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0xEE407F6A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0xEE40B69C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0xEE406FE6]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xEE48A640]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0xEE406F46]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEC9C76D0]

---- Kernel code sections - GMER 2.1 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7B72760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6A81F80]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1064] ntdll.dll!KiUserApcDispatcher 7C90E430 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001 
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1064] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022 
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1064] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71AE0022 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B8, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, BB, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B8, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B9, 62, 00] {TEST AL, 0xb9; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9138B4 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, BA, 62, 00] {TEST AL, 0xba; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B9, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, BA, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B913925 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B8, 62, 00] {TEST AL, 0xb8; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B913A53 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B9, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, BA, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, BB, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 84, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 87, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 84, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 85, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EC80 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 86, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 85, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 86, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ECF1 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 84, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE1F 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 85, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 86, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 87, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

---- Devices - GMER 2.1 ----

Device Ntfs.sys
Device cbfs.sys
Device EBFA6D20

AttachedDevice fltmgr.sys

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-23 16:36:56
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0 74.51GB
Running: ir67z48q.exe; Driver: C:\DOCUME~1\KARENW~1\LOCALS~1\Temp\kwldqpow.sys

---- System - GMER 2.1 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0xEE4070DA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0xEE407CA6]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ZwCreateThread [0xEE5A3670]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0xEE407EB8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0xEE40B714]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0xEE40B756]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0xEE40B8FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0xEE407DCA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0xEE407282]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0xEE407482]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0xEE4075C2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0xEE40B85E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0xEE40B7A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0xEE40B7EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0xEE40B824]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0xEE407068]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0xEE407F6A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0xEE40B69C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0xEE406FE6]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xEE48A640]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0xEE406F46]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEC9C76D0]

---- Kernel code sections - GMER 2.1 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7B72760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6A81F80]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1064] ntdll.dll!KiUserApcDispatcher 7C90E430 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001 
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1064] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022 
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1064] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71AE0022 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B8, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, BB, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B8, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B9, 62, 00] {TEST AL, 0xb9; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9138B4 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, BA, 62, 00] {TEST AL, 0xba; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B9, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, BA, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B913925 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B8, 62, 00] {TEST AL, 0xb8; BOUND EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B913A53 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B9, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, BA, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, BB, 62, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2348] ntdll.dll!NtUnmapViewOfSection + B  7C90DEFB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 84, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 87, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 84, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 85, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EC80 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 86, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 85, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 86, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ECF1 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 84, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE1F 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + B  7C90D79B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 85, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 86, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 87, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

---- Devices - GMER 2.1 ----

Device Ntfs.sys
Device cbfs.sys
Device EBFA6D20

AttachedDevice fltmgr.sys

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----


----------



## Cookiegal (Aug 27, 2003)

Thanks.

Please drag ComboFix to the recycling bin and grab the latest version, disable security programs, run a new scan and post the log.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## kwatts (Jan 8, 2013)

ComboFix 13-03-23.01 - Karen Watts 03/23/2013 17:08:05.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.375 [GMT -6:00]
Running from: c:\documents and settings\Karen Watts\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\KARENW~1\LOCALS~1\Temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll
c:\documents and settings\Karen Watts\Local Settings\temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\MailSwitch.ocx
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\bszip.dll
c:\windows\system32\roboot.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
.
.
2013-03-23 16:13 . 2013-03-23 16:13	--------	d-----w-	C:\_OTS
2013-03-22 16:13 . 2013-03-22 16:14	--------	d-s---w-	c:\windows\Copy of Downloaded Program Files
2013-03-17 17:35 . 2013-03-17 17:36	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-03-05 19:00 . 2013-03-05 18:59	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-02-22 00:06 . 2013-02-22 00:06	--------	d-----w-	c:\documents and settings\Karen Watts\Local Settings\Application Data\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 18:32 . 2013-03-19 18:32	231205	----a-w-	C:\look.zip
2013-03-12 20:07 . 2012-04-12 11:24	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-12 20:07 . 2011-06-10 10:49	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-05 18:59 . 2013-03-05 19:00	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-05 18:59 . 2012-06-17 00:01	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-05 18:59 . 2010-05-03 11:37	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-19 14:39 . 2013-02-19 14:39	388096	----a-r-	c:\documents and settings\Karen Watts\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-15 13:17 . 2013-02-07 13:32	465280	----a-r-	c:\windows\system32\cpnprt2win32.cid
2013-01-30 10:53 . 2009-10-03 01:01	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-25 23:49 . 2008-01-10 20:16	1671168	----a-w-	c:\windows\system32\pdfmona.dll
2013-01-25 23:49 . 2008-01-10 20:16	36864	----a-w-	c:\windows\system32\pdf995mon.dll
2013-01-23 16:48 . 2013-01-23 16:48	25992	----a-w-	c:\windows\system32\pgdfgsvc.exe
2013-01-22 13:22 . 2013-01-22 13:22	74703	----a-w-	c:\windows\system32\mfc45.dll
2013-01-08 17:16 . 2013-01-08 17:16	3584	----a-r-	c:\documents and settings\Karen Watts\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2006-10-26 17:29 . 2006-10-26 17:30	774144	-c--a-w-	c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"Livedrive"="c:\program files\CloudZow\Livedrive.exe" [2012-09-17 3280384]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Karen Watts\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2006-2-7 110592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 14:55	61440	----a-w-	c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 22:43	2621440	------r-	c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 16:26	114688	------w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19	53248	-c----w-	c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-04-20 17:10	50792	----a-w-	c:\program files\Common Files\AOL\1145981300\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32	77824	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36	114688	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35	94208	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 05:05	46368	----a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-09-18 20:46	110592	-c--a-w-	c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-10 05:07	29984	----a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 15:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-01 19:45	4763008	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 23:46	204288	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Documents and Settings\\Karen Watts\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145981300\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145981300\\ee\\aolsoftware.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [7/29/2012 8:52 PM 65848]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [4/12/2012 1:25 PM 146904]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/30/2012 6:23 AM 272216]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [7/29/2012 8:52 PM 71480]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/29/2012 8:52 PM 166840]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 12:54 PM 116608]
R2 CloudZowVSSService;CloudZow VSS Service;c:\program files\CloudZow\VSSService.exe [9/17/2012 4:12 PM 156288]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/29/2012 8:52 PM 976728]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [10/26/2011 2:35 PM 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [10/26/2011 2:35 PM 11520]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [10/26/2011 2:34 PM 245760]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [11/30/2007 1:41 PM 14601]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [10/19/2012 10:25 AM 13024]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 22:08	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 20:07]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-17 16:25]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-17 16:25]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006Core.job
- c:\documents and settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-15 16:16]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006UA.job
- c:\documents and settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-15 16:16]
.
2007-12-17 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
2013-03-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 00:21]
.
2013-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 00:21]
.
2013-03-23 c:\windows\Tasks\User_Feed_Synchronization-{3D799EC0-67C1-4594-8868-87BDE4A2B02F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{6C8F2C29-0F94-49ff-8262-E12226CA34B0} - {4AD7B62C-7CDF-442a-9615-E16551AC5EC7} - c:\program files\Readonweb\CleanPage\CleanPage.dll
TCP: DhcpNameServer = 69.169.190.211 208.72.160.67
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-23 17:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2208)
c:\program files\CloudZow\LivedriveExtensions.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2013-03-23 17:54:06 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-23 23:54
.
Pre-Run: 30,643,736,576 bytes free
Post-Run: 30,608,109,568 bytes free
.
- - End Of File - - D742484BADBB82880B7619483A0EC03D


----------



## Cookiegal (Aug 27, 2003)

Do you use the Microsoft LifeCam?

I'm wondering why this scheduled task has been set up:

2007-12-17 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]


----------



## kwatts (Jan 8, 2013)

I haven't
used it in a long time, about 1 year. I don't need it.


----------



## Cookiegal (Aug 27, 2003)

Navigate to the following folder:

c:\documents and settings\Karen Watts\Start Menu\Programs\Startup

and delete this file:

*eFax 4.4.lnk*

then navigate to this folder:

c:\documents and settings\All Users\Start Menu\Programs\Startup\

and delete this file:

*Monitor.lnk*

Go to the *Control Panel* - *Scheduled Tasks* and remove this scheduled task:

*c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job*

Then go to *Start *- *Run *- type *msconfig *- click on the startup tab.

Uncheck anything related to these:

"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe"
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"VX3000"="c:\windows\vVX3000.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe"
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe"

and unless you purchased SuperAntiSpyware, in which case you would have real-time protection and should leave it, you can include this:

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

Then reboot the machine. Use it for a bit and then reboot it again and let me know if you still get that error message on shutdown.


----------



## kwatts (Jan 8, 2013)

How do I delete the desktop 'puppy'.exe you asked me to create, that I don't need anymore. I have tried everything. When I defragmented yesterday it came up with different items I can't defrag. See below. I rebooted several times and I get the same end program.

Volume (C
Volume size = 70.53 GB
Cluster size = 4 KB
Used space = 42.07 GB
Free space = 28.45 GB
Percent free space = 40 %

Volume fragmentation
Total fragmentation = 21 %
File fragmentation = 43 %
Free space fragmentation = 0 %

File fragmentation
Total files = 119,919
Average file size = 689 KB
Total fragmented files = 14
Total excess fragments = 499
Average fragments per file = 1.00

Pagefile fragmentation
Pagefile size = 1.50 GB
Total fragments = 3

Folder fragmentation
Total folders = 12,586
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 277 MB
MFT record count = 133,232
Percent MFT in use = 46 %
Total MFT fragments = 3

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
2 1.50 GB \_OTS\MovedFiles\03232013_104502\C_WINDOWS\&#43428;
4 1.50 GB \_OTS\MovedFiles\03232013_104502\C_WINDOWS\&#27236;&#31892;&#10311;&#31889;&#42208;
5 1.50 GB \_OTS\MovedFiles\03232013_104502\C_WINDOWS\&#12289;J
9 1.50 GB \_OTS\MovedFiles\03232013_101321\C_WINDOWS\@


----------



## Cookiegal (Aug 27, 2003)

We may still need ComboFix so please don't delete it yet.

As for those files that won't defragment, that's normal, they are the same ones that wouldn't before but now they are quarantined by the program we ran and will be deleted when we're finished.

Would you please run DDS again and post both logs.


----------



## kwatts (Jan 8, 2013)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Karen Watts at 10:04:32 on 2013-03-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.237 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyServer = :0
uSearchAssistant = hxxp://www.google.com/ie

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/9/2005 5:02:22 PM
System Uptime: 3/25/2013 6:45:00 AM (4 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2794/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 44.612 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/7/2013 4:05:20 PM - System Checkpoint
RP2: 3/8/2013 4:14:10 PM - System Checkpoint
RP3: 3/9/2013 5:12:37 PM - System Checkpoint
RP4: 3/10/2013 6:22:13 PM - System Checkpoint
RP5: 3/11/2013 6:46:30 PM - System Checkpoint
RP6: 3/13/2013 6:07:01 AM - System Checkpoint
RP7: 3/13/2013 7:00:22 AM - Software Distribution Service 3.0
RP8: 3/14/2013 7:00:30 AM - System Checkpoint
RP9: 3/15/2013 8:04:15 AM - System Checkpoint
RP10: 3/16/2013 8:35:50 AM - System Checkpoint
RP11: 3/17/2013 9:00:17 AM - System Checkpoint
RP12: 3/18/2013 10:14:33 AM - System Checkpoint
RP13: 3/19/2013 10:45:02 AM - System Checkpoint
RP14: 3/20/2013 11:31:24 AM - System Checkpoint
RP15: 3/21/2013 11:33:27 AM - System Checkpoint
RP16: 3/22/2013 11:47:22 AM - System Checkpoint
RP17: 3/23/2013 11:50:41 AM - System Checkpoint
RP18: 3/24/2013 11:15:25 AM - Installed Rapport
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Media Card Companion


----------



## Cookiegal (Aug 27, 2003)

Those are both only partial logs. Please post the entire logs.


----------



## kwatts (Jan 8, 2013)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Karen Watts at 10:04:32 on 2013-03-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.237 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudZow\VSSService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Karen Watts\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyServer = :0
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: MyBHO Class: {3DB0C335-73C5-466c-A622-BD20A1A5B925} - c:\program files\readonweb\cleanpage\ReadonwebToolbar.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - c:\program files\cloudzow\LivedriveExplorerExtensions.dll
BHO: CleanPageBHO Class: {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - c:\program files\readonweb\cleanpage\CleanPage.dll
TB: Microsoft CommBand: {4D5C8C2A-D075-11D0-B416-00C04FB90376} - c:\windows\system32\browseui.dll
TB: ReadonwebToolbar: {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - c:\program files\readonweb\cleanpage\ReadonwebToolbar.dll
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [Livedrive] "c:\program files\cloudzow\Livedrive.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - {4AD7B62C-7CDF-442a-9615-E16551AC5EC7} - c:\program files\readonweb\cleanpage\CleanPage.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358181906390
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
TCP: NameServer = 69.169.190.211 208.72.160.67
TCP: Interfaces\{E0604BBD-97AF-4FE2-95EA-77B1817D7B01} : DHCPNameServer = 69.169.190.211 208.72.160.67
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-3-17 102008]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2012-4-12 146904]
R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_51755.sys [2013-3-24 317112]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-3-17 102680]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-3-17 173880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 CloudZowVSSService;CloudZow VSS Service;c:\program files\cloudzow\VSSService.exe [2012-9-17 156288]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-3-17 1124184]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-10-26 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-10-26 11520]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-26 245760]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2007-11-30 14601]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-10-19 13024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/9/2005 5:02:22 PM
System Uptime: 3/25/2013 6:45:00 AM (4 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2794/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 44.612 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/7/2013 4:05:20 PM - System Checkpoint
RP2: 3/8/2013 4:14:10 PM - System Checkpoint
RP3: 3/9/2013 5:12:37 PM - System Checkpoint
RP4: 3/10/2013 6:22:13 PM - System Checkpoint
RP5: 3/11/2013 6:46:30 PM - System Checkpoint
RP6: 3/13/2013 6:07:01 AM - System Checkpoint
RP7: 3/13/2013 7:00:22 AM - Software Distribution Service 3.0
RP8: 3/14/2013 7:00:30 AM - System Checkpoint
RP9: 3/15/2013 8:04:15 AM - System Checkpoint
RP10: 3/16/2013 8:35:50 AM - System Checkpoint
RP11: 3/17/2013 9:00:17 AM - System Checkpoint
RP12: 3/18/2013 10:14:33 AM - System Checkpoint
RP13: 3/19/2013 10:45:02 AM - System Checkpoint
RP14: 3/20/2013 11:31:24 AM - System Checkpoint
RP15: 3/21/2013 11:33:27 AM - System Checkpoint
RP16: 3/22/2013 11:47:22 AM - System Checkpoint
RP17: 3/23/2013 11:50:41 AM - System Checkpoint
RP18: 3/24/2013 11:15:25 AM - Installed Rapport
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Media Card Companion
Banctec Service Agreement
Bonjour
BookScan&Whiteboard Suite
Brother MFL-Pro Suite MFC-J615W
CDBurnerXP
CloudZow
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Database Conversion Wizard
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell System Restore
DellSupport
Digital Content Portal
Digital Locker Assistant
eFax Messenger
Encompass NetBranch Installation Manager
Express Burn
Express Rip
FaceFilter Studio Brother Edition
GdiplusUpgrade
Google Chrome
Google Talk Plugin
Google Update Helper
GoToMeeting 4.0.0.320
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HPODiscovery
Humorous Greeting Card Factory
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Infoaxe Toolbar
Java 7 Update 17
Java Auto Updater
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Shredder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Word Viewer 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
OLYMPUS CAMEDIA Master 4.2
overland
PaperPort Image Printer
Pdf995
PdfEdit995
Personal Ancestral File 5
Personal License Update Wizard for Windows Media Player
Photo Click
Picasa 3
playful_elephants ScreenSaver
Plus! MP3 Audio Converter LE
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Rapport
Readonweb CleanPage
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB974392)
Setup
Signature995
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTap
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
swMSM
Update for PDF Creator
User Profile Hive Cleanup Service
Wallery
WavePad Uninstall
WebFldrs XP
WebIQ Client Software
WildTangent Web Driver
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Mail
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Media Player 9 Series 
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
3/23/2013 5:05:30 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/23/2013 2:51:12 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/23/2013 2:50:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/23/2013 10:15:51 AM, error: Dhcp [1002] - The IP address lease 10.90.4.16 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The CloudZow VSS Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/23/2013 10:13:22 AM, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
3/20/2013 7:08:52 PM, error: Dhcp [1002] - The IP address lease 10.90.4.13 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).
3/20/2013 1:08:50 PM, error: Dhcp [1002] - The IP address lease 10.90.4.19 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

2013-03-25 12:36:22	--------	d--h--w-	c:\windows\PIF
2013-03-22 16:13:59	--------	d-s---w-	c:\windows\Copy of Downloaded Program Files
2013-03-17 20:46:34	102008	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2013-03-17 17:35:46	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-03-05 19:00:29	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-03-05 19:00:15	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-03 03:14:06	--------	d-sha-r-	C:\cmdcons
.
==================== Find3M ====================
.
2013-03-12 20:07:35	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 20:07:35	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-05 18:59:28	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-05 18:59:27	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-15 13:17:34	465280	----a-r-	c:\windows\system32\cpnprt2win32.cid
2013-01-30 10:53:21	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-28 20:09:04	59	----a-w-	c:\windows\wpd99.drv
2013-01-25 23:49:42	1671168	----a-w-	c:\windows\system32\pdfmona.dll
2013-01-25 23:49:41	36864	----a-w-	c:\windows\system32\pdf995mon.dll
2013-01-23 16:48:24	25992	----a-w-	c:\windows\system32\pgdfgsvc.exe
2013-01-22 13:22:15	74703	----a-w-	c:\windows\system32\mfc45.dll
2006-10-26 17:29:56	774144	-c--a-w-	c:\program files\RngInterstitial.dll
.
============= FINISH: 10:08:23.57 ===============


----------



## Cookiegal (Aug 27, 2003)

It doesn't look like you unchecked these in msconfig:

"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe"
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe"
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe"

Please do that.

Also please uninstall SuperAntiSpyware and the User Profile Hive Cleanup Service.

Then reboot the machine and post new logs from DDS please.


----------



## kwatts (Jan 8, 2013)

E fax was already unchecked. The other 3 did not show up at misconfig.
I also uninstall the 2 files requested.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/9/2005 5:02:22 PM
System Uptime: 3/25/2013 5:31:30 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 44.639 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: 
.
==== System Restore Points ===================
.
RP1: 3/7/2013 4:05:20 PM - System Checkpoint
RP2: 3/8/2013 4:14:10 PM - System Checkpoint
RP3: 3/9/2013 5:12:37 PM - System Checkpoint
RP4: 3/10/2013 6:22:13 PM - System Checkpoint
RP5: 3/11/2013 6:46:30 PM - System Checkpoint
RP6: 3/13/2013 6:07:01 AM - System Checkpoint
RP7: 3/13/2013 7:00:22 AM - Software Distribution Service 3.0
RP8: 3/14/2013 7:00:30 AM - System Checkpoint
RP9: 3/15/2013 8:04:15 AM - System Checkpoint
RP10: 3/16/2013 8:35:50 AM - System Checkpoint
RP11: 3/17/2013 9:00:17 AM - System Checkpoint
RP12: 3/18/2013 10:14:33 AM - System Checkpoint
RP13: 3/19/2013 10:45:02 AM - System Checkpoint
RP14: 3/20/2013 11:31:24 AM - System Checkpoint
RP15: 3/21/2013 11:33:27 AM - System Checkpoint
RP16: 3/22/2013 11:47:22 AM - System Checkpoint
RP17: 3/23/2013 11:50:41 AM - System Checkpoint
RP18: 3/24/2013 11:15:25 AM - Installed Rapport
RP19: 3/25/2013 11:52:29 AM - System Checkpoint
RP20: 3/25/2013 5:28:54 PM - Removed User Profile Hive Cleanup Service
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Media Card Companion
Banctec Service Agreement
Bonjour
BookScan&Whiteboard Suite
Brother MFL-Pro Suite MFC-J615W
CDBurnerXP
CloudZow
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Database Conversion Wizard
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell System Restore
DellSupport
Digital Content Portal
Digital Locker Assistant
eFax Messenger
Encompass NetBranch Installation Manager
Express Burn
Express Rip
FaceFilter Studio Brother Edition
GdiplusUpgrade
Google Chrome
Google Talk Plugin
Google Update Helper
GoToMeeting 4.0.0.320
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HPODiscovery
Humorous Greeting Card Factory
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Infoaxe Toolbar
Java 7 Update 17
Java Auto Updater
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Shredder
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Word Viewer 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
OLYMPUS CAMEDIA Master 4.2
overland
PaperPort Image Printer
Pdf995
PdfEdit995
Personal Ancestral File 5
Personal License Update Wizard for Windows Media Player
Photo Click
Picasa 3
playful_elephants ScreenSaver
Plus! MP3 Audio Converter LE
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Rapport
Readonweb CleanPage
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB974392)
Setup
Signature995
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTap
Spelling Dictionaries Support For Adobe Reader 9
swMSM
Update for PDF Creator
Wallery
WavePad Uninstall
WebFldrs XP
WebIQ Client Software
WildTangent Web Driver
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Mail
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Media Player 9 Series 
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
3/25/2013 5:29:04 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/23/2013 5:05:30 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/23/2013 2:51:12 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/23/2013 2:50:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/23/2013 10:15:51 AM, error: Dhcp [1002] - The IP address lease 10.90.4.16 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The CloudZow VSS Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2013 10:13:23 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/23/2013 10:13:22 AM, error: Service Control Manager [7034] - The Rapport Management Service service terminated unexpectedly. It has done this 1 time(s).
3/20/2013 7:08:52 PM, error: Dhcp [1002] - The IP address lease 10.90.4.13 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).
3/20/2013 1:08:50 PM, error: Dhcp [1002] - The IP address lease 10.90.4.19 for the Network Card with network address 001320887CFA has been denied by the DHCP server 10.90.4.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Karen Watts at 17:52:45 on 2013-03-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.625 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\CloudZow\Livedrive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\CloudZow\VSSService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyServer = :0
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: MyBHO Class: {3DB0C335-73C5-466c-A622-BD20A1A5B925} - c:\program files\readonweb\cleanpage\ReadonwebToolbar.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - c:\program files\cloudzow\LivedriveExplorerExtensions.dll
BHO: CleanPageBHO Class: {F097E5AB-4C45-4e41-8BAD-34D785BEC6BB} - c:\program files\readonweb\cleanpage\CleanPage.dll
TB: Microsoft CommBand: {4D5C8C2A-D075-11D0-B416-00C04FB90376} - c:\windows\system32\browseui.dll
TB: ReadonwebToolbar: {B6283D8C-01AB-11DB-9D6F-E11AAB065F98} - c:\program files\readonweb\cleanpage\ReadonwebToolbar.dll
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [Livedrive] "c:\program files\cloudzow\Livedrive.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {6C8F2C29-0F94-49ff-8262-E12226CA34B0} - {4AD7B62C-7CDF-442a-9615-E16551AC5EC7} - c:\program files\readonweb\cleanpage\CleanPage.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358181906390
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
TCP: NameServer = 69.169.190.211 208.72.160.67
TCP: Interfaces\{E0604BBD-97AF-4FE2-95EA-77B1817D7B01} : DHCPNameServer = 69.169.190.211 208.72.160.67
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-3-17 102008]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2012-4-12 146904]
R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_51755.sys [2013-3-24 317112]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-3-17 102680]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-3-17 173880]
R2 CloudZowVSSService;CloudZow VSS Service;c:\program files\cloudzow\VSSService.exe [2012-9-17 156288]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-3-17 1124184]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-10-26 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-10-26 11520]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-26 245760]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2007-11-30 14601]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-10-19 13024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-25 12:36:22	--------	d--h--w-	c:\windows\PIF
2013-03-22 16:13:59	--------	d-s---w-	c:\windows\Copy of Downloaded Program Files
2013-03-17 20:46:34	102008	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2013-03-05 19:00:29	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-03-05 19:00:15	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-03 03:14:06	--------	d-sha-r-	C:\cmdcons
.
==================== Find3M ====================
.
2013-03-12 20:07:35	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 20:07:35	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-05 18:59:28	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-05 18:59:27	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-15 13:17:34	465280	----a-r-	c:\windows\system32\cpnprt2win32.cid
2013-01-30 10:53:21	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-28 20:09:04 59	----a-w-	c:\windows\wpd99.drv
2013-01-25 23:49:42	1671168	----a-w-	c:\windows\system32\pdfmona.dll
2013-01-25 23:49:41	36864	----a-w-	c:\windows\system32\pdf995mon.dll
2013-01-23 16:48:24	25992	----a-w-	c:\windows\system32\pgdfgsvc.exe
2013-01-22 13:22:15	74703	----a-w-	c:\windows\system32\mfc45.dll
2006-10-26 17:29:56	774144	-c--a-w-	c:\program files\RngInterstitial.dll
.
============= FINISH: 17:55:09.17 ===============


----------



## Cookiegal (Aug 27, 2003)

Please uninstall the following via the Control Panel - Add or Remove Programs.

Internet Explorer Infoaxe Toolbar
Windows Installer Clean Up

Then please go to Start - Run - type in msconfig -click OK and click on the StartUp tab. Please take screenshots of everything listed there (you'll have to scroll the bar down on the right-hand side to see everything) and post them.


----------



## kwatts (Jan 8, 2013)

here are 3 screen shots attached...


----------



## Cookiegal (Aug 27, 2003)

These were ones I also asked you to uncheck that still appear in the first screenshot. Please uncheck them then click Apply and OK.

Issch
J2GDllCmd
LifeExp

Then reboot and let me know if you still get that error message on shutdown.


----------



## kwatts (Jan 8, 2013)

I still get the error message after shutdown. I did this 3 times.


----------



## Cookiegal (Aug 27, 2003)

There's a tool to verify if the versions of .NET that you have installed are corrupt or not.

So please download the attached zip file, then Extract the contents to a new folder.

Then run the tool. A box will appear, select *Yes* and then *Yes* again.










The tool will extract a few files, and then will look like this:










Now, to determine which is actually showing any problems, can you select each one in turn from the drop down list, and then click *Verify Now*.

And then let me know what the *Current Status* is for each.

For example, this is 1.1 SP1 on a colleague's PC:










Which failed. That's because he doesn't have SP1 installed. But, for .NET SP2 it passed, as he had it installed:


----------



## kwatts (Jan 8, 2013)

.Net Framework 1.1 SP1 - Product verification failed!
.Net Framework 2.0 SP1, 3.0 SP2, 3.5 SP1, 4 Client and 4 Full--Product verification succeeded!


----------



## Cookiegal (Aug 27, 2003)

Please download and install the .NET Framework 1.1 SP1:

http://www.microsoft.com/en-ca/download/details.aspx?id=33

Then reboot and run the verification tool again and let me know the results as before.


----------



## kwatts (Jan 8, 2013)

All of them have succeeded...


----------



## Cookiegal (Aug 27, 2003)

Please reboot the system a couple of times and let me know if you're still getting that error message on shutdown.


----------



## kwatts (Jan 8, 2013)

I rebooted several times and it still shows up.


----------



## Cookiegal (Aug 27, 2003)

OK, we're going to uninstall all of the .NET Frameworks that are installed and reinstall them.

So please uninstall these in this order (most recent first then down to the oldest):

Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1

Then please run the following .NET Framework Cleanup Tool:

http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx

Then reboot the computer a couple of times and let me know if you still get that error message on shutdown. This is a test before reinstalling those applications to see if they are causing the message.


----------



## kwatts (Jan 8, 2013)

I rebooted it 4 times and it did not show up any of shutdowns.


----------



## kwatts (Jan 8, 2013)

I did not have the >net Framework 1.1 Hotfix on my system.


----------



## Cookiegal (Aug 27, 2003)

Please do the following as I want to be sure there are no versions of .NET Framework left before we start reinstalling.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## kwatts (Jan 8, 2013)

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Media Card Companion
Banctec Service Agreement
Bonjour
BookScan&Whiteboard Suite
Brother MFL-Pro Suite MFC-J615W
CDBurnerXP
CloudZow
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Database Conversion Wizard
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
DellSupport
Digital Content Portal
Digital Locker Assistant
Encompass NetBranch Installation Manager
Express Burn
Express Rip
FaceFilter Studio Brother Edition
GdiplusUpgrade
Google Chrome
Google Talk Plugin
Google Update Helper
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954708)
Humorous Greeting Card Factory
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java 7 Update 17
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Word Viewer 2003
Microsoft Picture It! Premium 10
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
OLYMPUS CAMEDIA Master 4.2
overland
PaperPort Image Printer
Pdf995
PdfEdit995
Personal Ancestral File 5
Personal License Update Wizard for Windows Media Player
Photo Click
Picasa 3
playful_elephants ScreenSaver
Plus! MP3 Audio Converter LE
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Rapport
Rapport
Readonweb CleanPage
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB974392)
Signature995
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTap
Spelling Dictionaries Support For Adobe Reader 9
swMSM
Wallery
WavePad Uninstall
WebIQ Client Software
WildTangent Web Driver
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Media Player 9 Series


----------



## Cookiegal (Aug 27, 2003)

Please install .NET Framework 1.1 from the following link:

http://www.microsoft.com/en-us/download/details.aspx?id=26

Then visit Microsoft updates and if there are any updated related to .NET Framework 1.1 please downland and install them.

Please report back how this went.


----------



## kwatts (Jan 8, 2013)

All is OK. I rebooted a couple of times and still good. Nothing shows up when I reboot.


----------



## Cookiegal (Aug 27, 2003)

Were there any updates offered when you visited Windows Updates?


----------



## kwatts (Jan 8, 2013)

only 1 for net framework 1.1


----------



## Cookiegal (Aug 27, 2003)

Please post a new uninstall list from HijackThis.


----------



## kwatts (Jan 8, 2013)

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Media Card Companion
Banctec Service Agreement
Bonjour
BookScan&Whiteboard Suite
Brother MFL-Pro Suite MFC-J615W
CDBurnerXP
CloudZow
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Database Conversion Wizard
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
DellSupport
Digital Content Portal
Digital Locker Assistant
Encompass NetBranch Installation Manager
Express Burn
Express Rip
FaceFilter Studio Brother Edition
GdiplusUpgrade
Google Chrome
Google Talk Plugin
Google Update Helper
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954708)
Humorous Greeting Card Factory
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java 7 Update 17
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Word Viewer 2003
Microsoft Picture It! Premium 10
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
OLYMPUS CAMEDIA Master 4.2
overland
PaperPort Image Printer
Pdf995
PdfEdit995
Personal Ancestral File 5
Personal License Update Wizard for Windows Media Player
Photo Click
Picasa 3
playful_elephants ScreenSaver
Plus! MP3 Audio Converter LE
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Rapport
Rapport
Readonweb CleanPage
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB974392)
Signature995
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTap
Spelling Dictionaries Support For Adobe Reader 9
swMSM
Wallery
WavePad Uninstall
WebIQ Client Software
WildTangent Web Driver
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Media Player 9 Series


----------



## Cookiegal (Aug 27, 2003)

I have no idea how these slipped back in:

Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended

Did you install them?


----------



## kwatts (Jan 8, 2013)

No, I didn't install them.


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and install the .NET Framework 3.5 Service Pack 1 Full package.

http://www.microsoft.com/en-ca/download/details.aspx?id=25150

Then reboot the computer.

Then visit Windows Updates and install all updates pertaining to any version of .NET Framework.

Once that's done please post a new uninstall list from HijackThis.


----------



## kwatts (Jan 8, 2013)

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Media Card Companion
Banctec Service Agreement
Bonjour
BookScan&Whiteboard Suite
Brother MFL-Pro Suite MFC-J615W
CDBurnerXP
CloudZow
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Database Conversion Wizard
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
DellSupport
Digital Content Portal
Digital Locker Assistant
Encompass NetBranch Installation Manager
Express Burn
Express Rip
FaceFilter Studio Brother Edition
GdiplusUpgrade
Google Chrome
Google Talk Plugin
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954708)
Humorous Greeting Card Factory
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java 7 Update 17
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Live Add-in 1.5
Microsoft Office Word Viewer 2003
Microsoft Picture It! Premium 10
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 2.0 SP3 Runtime
Modem Event Monitor
Modem Helper
Modem On Hold
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
OLYMPUS CAMEDIA Master 4.2
overland
PaperPort Image Printer
Pdf995
PdfEdit995
Personal Ancestral File 5
Personal License Update Wizard for Windows Media Player
Photo Click
Picasa 3
playful_elephants ScreenSaver
Plus! MP3 Audio Converter LE
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Rapport
Rapport
Readonweb CleanPage
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB974392)
Signature995
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
SoundTap
Spelling Dictionaries Support For Adobe Reader 9
swMSM
Wallery
WavePad Uninstall
WebIQ Client Software
WildTangent Web Driver
Winamp
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Media Player 9 Series


----------



## Cookiegal (Aug 27, 2003)

Were any updates installed?

Are you still not getting that error message on shutdown?


----------



## kwatts (Jan 8, 2013)

I got all the updates installed. After this last update the ' .Net broadcast' shows up again on shut down.


----------



## Cookiegal (Aug 27, 2003)

Which update was that (it would have a number that begins with KB).


----------



## kwatts (Jan 8, 2013)

when I installed net.framework 3, the last install.


----------



## Cookiegal (Aug 27, 2003)

Let's install these updates that fix some compatibility issues. Please install all three of them and do so in the order specificed at the bottom.

http://www.microsoft.com/en-us/download/details.aspx?id=10006

Once you've done that reboot the computer and then let me know if you still get that error message on the next shutdown.


----------



## kwatts (Jan 8, 2013)

I installed all the updates requested. I have also rebooted the computer and I still get the same message on the shutdown.


----------



## Cookiegal (Aug 27, 2003)

Please run the .NET verification tool again as outlined in post no. 221 and let me know the results.


----------



## kwatts (Jan 8, 2013)

1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 4 Client and 4 Full were all verified succeeded!


----------



## Cookiegal (Aug 27, 2003)

Try running this .NET Framework repair tool.

http://www.microsoft.com/en-us/download/details.aspx?id=30135

Then reboot the computer and let me know if the problem persists.


----------



## kwatts (Jan 8, 2013)

I run the repair tool. Then I rebooted 3 times and it still shows up on shutdown.


----------



## Cookiegal (Aug 27, 2003)

OK, we know that it's a problem related to .NET Framework but unfortunately, I'm not going to be able to solve this for you. I was going to suggest uninstalling them all again and then reinstalling them one by one but I can't even find the individual downloads for all of them. 

Are there any other problems with the computer? If not then I suggest that you start a new thread and we'll see if someone else can figure it out for you.


----------



## kwatts (Jan 8, 2013)

No other problems. I can start a new thread again and see what happens. Thanks for all your help..I really appreciate all you have done for me. By the way how do I get rid of puppy.exe........


----------



## Cookiegal (Aug 27, 2003)

Here are some final instructions for you. This will uninstall most of the tools we used. If anything is left let me know and I'll tell you how to uninstall it.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there.









Please open OTS again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## kwatts (Jan 8, 2013)

I did all the above. How do I get rid of puppy.exe?


----------



## Cookiegal (Aug 27, 2003)

Right-click the puppy.exe file and select "rename" and rename it to "uninstall".exe. Then double-click the uninstall.exe file and it should uninstall itself.


----------



## kwatts (Jan 8, 2013)

It said "cannot rename puppy. It is being used by another person or program. close any programs that might be using the file and try again."


----------



## Cookiegal (Aug 27, 2003)

Where is ComboFix located? You had downloaded it here:

c:\documents and settings\Karen Watts\My Documents\Downloads\ComboFix.exe

it wasn't renamed puppy.exe

Di you move it from there to your desktop?


----------



## kwatts (Jan 8, 2013)

Yes it is on my desktop!


----------



## Cookiegal (Aug 27, 2003)

I don't get it because although I asked you to rename it to puppy.exe when you last downloaded ComboFix you did NOT do that. Did you by chance move it to your desktop and rename it after that?

Try double-clicking on the puppy.exe and see if ComboFix runs. If it does please post the log.


----------



## kwatts (Jan 8, 2013)

Combo fix does not run. When I double click it comes up with black screen ...C:\DOCUME-1\KARENW-1\Desktop\puppy.exe


----------



## Cookiegal (Aug 27, 2003)

You didn't answer my other questions.


----------



## kwatts (Jan 8, 2013)

I did what you asked me to do in thread #205. I changed it to puppy.exe after I downloaded it.


----------



## Cookiegal (Aug 27, 2003)

You couldn't have because the log you posted from ComboFix shows it was running from this location:

c:\documents and settings\Karen Watts\My Documents\Downloads\ComboFix.exe

It must have been moved at some point afterwards?

Do you still have this folder?

C:\*qoobox*


----------



## kwatts (Jan 8, 2013)

Then, I don't remember. No I don't have C:\qoobox folder.


----------



## Cookiegal (Aug 27, 2003)

Does the puppy.exe icon on your desktop has a smale white box with a black arrow in it? This would indicate it's just a shortcut.


----------



## kwatts (Jan 8, 2013)

No, it has a black screen with a cursor. I can't type anything on it.


----------



## Cookiegal (Aug 27, 2003)

You mean the computer won't boot?

Have you tried booting to safe mode?


----------



## kwatts (Jan 8, 2013)

No, how to boot in safe mode?


----------



## Cookiegal (Aug 27, 2003)

When booting the computer, before Windows starts to load, start tapping F8 on your keyboard until you get a menu that has boot options. Select "safe mode" and hit Enter.

If that doesn't work then try "Last Known Good Configuration".


----------



## kwatts (Jan 8, 2013)

I can't get on the internet in safe mode.


----------



## Cookiegal (Aug 27, 2003)

Go to *All Programs* - *Accessories *- *System Tools* -* System Restore *and try to restore the computer to a restore point just before this problem occured.


----------



## kwatts (Jan 8, 2013)

I did system restore prior to getting the puppy.exe. Now what?


----------



## Cookiegal (Aug 27, 2003)

Are you able to boot to Windows normally now?


----------



## kwatts (Jan 8, 2013)

How do I boot to windows normally?


----------



## Cookiegal (Aug 27, 2003)

The same way you do every day. You said you weren't able to do that before and got a black screen.


----------



## kwatts (Jan 8, 2013)

I am ok now. What about puppy.exe?


----------



## Cookiegal (Aug 27, 2003)

I would just drag it to the Recycle Bin.


----------



## kwatts (Jan 8, 2013)

I tried, but it can't be deleted.


----------



## Cookiegal (Aug 27, 2003)

Do you get an error message?


----------



## kwatts (Jan 8, 2013)

When I double click it comes up with a blank screen and at the top it says C:\DOCUME -1\KARENW -1\Desktop\puppy.exe. If I try and close it it says windows cannot end this program. It may need more time to complete an operation.


----------



## Cookiegal (Aug 27, 2003)

I'm surprised you double-clicked it again if it made your computer unbootable before. Does it look like it's running a scan?

I would try booting to safe mode again and see if you can delete it then.


----------



## kwatts (Jan 8, 2013)

I tried deleting it when I was in safe mode. It looks like it was running on Saturday and I let it run for 1 hour and nothing happened.


----------



## Cookiegal (Aug 27, 2003)

Let's redownload ComboFix and reinstall it over the top. It's very important this time that you do NOT download it to your downloads folder but that you rename it puppy.exe while saving (not after) and that is be saved on the desktop.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Once you've done that do a new scan and post the log please.


----------



## kwatts (Jan 8, 2013)

When I went to ComboFix to download it does not come up with SAVE. It only says run or cancel. Now I know why I
saved it after instead of before. Do you still want me to run it?


----------



## Cookiegal (Aug 27, 2003)

What browser are you using?


----------



## kwatts (Jan 8, 2013)

Google Chrome


----------



## Cookiegal (Aug 27, 2003)

Try using Internet Explorer for the download.


----------



## kwatts (Jan 8, 2013)

OK it worked. puppy.exe is on the desk top now for combofix.


----------



## Cookiegal (Aug 27, 2003)

Run a scan (be sure to disable your security programs) and post the log.


----------



## kwatts (Jan 8, 2013)

ComboFix 13-04-01.01 - Karen Watts 04/01/2013 16:54:05.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.609 [GMT -6:00]
Running from: c:\documents and settings\Karen Watts\Desktop\puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\KARENW~1\LOCALS~1\Temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll
c:\documents and settings\Karen Watts\Local Settings\temp\{dd377082-31fa-4f98-af9f-7a14b5b21b9f}\Livedrive.Native.dll
c:\windows\EventSystem.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-03-29 23:40 . 2013-03-29 23:40	--------	d-----w-	c:\windows\system32\XPSViewer
2013-03-29 23:39 . 2013-03-29 23:39	--------	d-----w-	c:\program files\MSBuild
2013-03-29 23:39 . 2013-03-29 23:39	--------	d-----w-	c:\program files\Reference Assemblies
2013-03-29 15:16 . 2013-03-29 15:16	--------	d-----w-	c:\program files\Microsoft.NET
2013-03-28 02:28 . 2013-03-28 02:28	--------	d-----w-	C:\2c893750849fce380582cef4cf
2013-03-25 12:36 . 2013-03-25 12:36	--------	d--h--w-	c:\windows\PIF
2013-03-22 16:13 . 2013-03-22 16:14	--------	d-s---w-	c:\windows\Copy of Downloaded Program Files
2013-03-17 20:46 . 2013-03-17 20:46	102008	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2013-03-05 19:00 . 2013-03-05 18:59	143872	----a-w-	c:\windows\system32\javacpl.cpl
2013-03-05 19:00 . 2013-03-05 18:59	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 12:36 . 2012-04-12 11:24	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-01 12:36 . 2011-06-10 10:49	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-29 13:57 . 2013-03-29 13:57	388096	----a-r-	c:\documents and settings\Karen Watts\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-19 18:32 . 2013-03-19 18:32	231205	----a-w-	C:\look.zip
2013-03-05 18:59 . 2012-06-17 00:01	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-05 18:59 . 2010-05-03 11:37	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-15 13:17 . 2013-02-07 13:32	465280	----a-r-	c:\windows\system32\cpnprt2win32.cid
2013-01-30 10:53 . 2009-10-03 01:01	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-25 23:49 . 2008-01-10 20:16	1671168	----a-w-	c:\windows\system32\pdfmona.dll
2013-01-25 23:49 . 2008-01-10 20:16	36864	----a-w-	c:\windows\system32\pdf995mon.dll
2013-01-23 16:48 . 2013-01-23 16:48	25992	----a-w-	c:\windows\system32\pgdfgsvc.exe
2013-01-22 13:22 . 2013-01-22 13:22	74703	----a-w-	c:\windows\system32\mfc45.dll
2006-10-26 17:29 . 2006-10-26 17:30	774144	-c--a-w-	c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-09-17 22:13	4198128	----a-w-	c:\program files\CloudZow\LivedriveExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livedrive"="c:\program files\CloudZow\Livedrive.exe" [2012-09-17 3280384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Karen Watts^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Karen Watts\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 14:55	61440	----a-w-	c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 22:43	2621440	------r-	c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 16:26	114688	------w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19	53248	-c----w-	c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2008-10-07 20:25	95744	----a-w-	c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-04-20 17:10	50792	----a-w-	c:\program files\Common Files\AOL\1145981300\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32	77824	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36	114688	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35	94208	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 05:05	46368	----a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44	249856	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44	81920	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45	279912	----a-w-	c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-09-18 20:46	110592	-c--a-w-	c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-10 05:07	29984	----a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 15:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 21:46	709992	----a-w-	c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 23:46	204288	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Documents and Settings\\Karen Watts\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145981300\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1145981300\\ee\\aolsoftware.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [3/17/2013 2:46 PM 102008]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [4/12/2012 1:25 PM 146904]
R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys [3/24/2013 11:20 AM 317112]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [3/17/2013 2:46 PM 102680]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/17/2013 2:46 PM 173880]
R2 CloudZowVSSService;CloudZow VSS Service;c:\program files\CloudZow\VSSService.exe [9/17/2012 4:12 PM 156288]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/17/2013 2:46 PM 1124184]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [10/26/2011 2:35 PM 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [10/26/2011 2:35 PM 11520]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [10/26/2011 2:34 PM 245760]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [11/30/2007 1:41 PM 14601]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [10/19/2012 10:25 AM 13024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 00:39	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 12:36]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-17 16:25]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-17 16:25]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006Core.job
- c:\documents and settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-15 16:16]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343432931-39797470-1917149517-1006UA.job
- c:\documents and settings\Karen Watts\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-15 16:16]
.
2013-04-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 00:21]
.
2013-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2343432931-39797470-1917149517-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 00:21]
.
2013-04-01 c:\windows\Tasks\User_Feed_Synchronization-{3D799EC0-67C1-4594-8868-87BDE4A2B02F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{6C8F2C29-0F94-49ff-8262-E12226CA34B0} - {4AD7B62C-7CDF-442a-9615-E16551AC5EC7} - c:\program files\Readonweb\CleanPage\CleanPage.dll
TCP: DhcpNameServer = 69.169.190.211 208.72.160.67
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-01 17:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\program files\CloudZow\LivedriveExtensions.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2013-04-01 17:33:36 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-01 23:33
.
Pre-Run: 48,495,366,144 bytes free
Post-Run: 48,819,732,480 bytes free
.
- - End Of File - - F3DD68F37197B7AB37A58C9F68BAB805


----------



## Cookiegal (Aug 27, 2003)

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there.









Let me know how that goes.


----------



## kwatts (Jan 8, 2013)

It worked and puppy.exe is deleted. Thank you again!


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

