# at wits end



## lostim (Feb 24, 2010)

i'm not sure how long i had this problem because i discovered it while trying to open a pdf for my new cell phone that didn't come with an instruction book. what i discovered was i couldn't open the pdf. my adobe will not work, it will not update and it will not uninstall so i could start over with it from scratch. i looked around on the internet and found i should check my java, it will, with some difficulty, uninstall but it will not update. i had to restore back a day to get it to install but it still will not update. i tried to install superantispyware to see if that would help, it will not even finish installation. same thing when i tried to install malwarebytes antimalware. maybe two months back i also noticed that i kept losing internet explorer but i could get it back pretty easily, while it was annoying it wasn't a real problem or is it? i also tried to download an office program called openoffice 3.2 and it also will not finish the installation, i also should mention that my wife and daughter also have accounts on this computer, family thing. the open office works on my wife's account but will not install on my account, same computer just different accounts. the java and adobe does the same thing on all three accounts. everything i've tried to do or undo results in the same error code 1606 could not access network location %APPDATA%\. it does well on the other stuff, as far as i know, i do consider myself computer illterate. java says it's an installshield error code, some place else said it's a registry error code, me i'm clueless about any of it, i would like it to work properly, hopefully without spending an arm and a leg with it in the shop.


----------



## antech (Feb 23, 2010)

Probably its virus problem 
Pls move it to Malware Forums


----------



## crjdriver (Jan 2, 2001)

First post a hijack log _then_ we can decide if it needs to go to malware.


----------



## Dezo (Feb 23, 2010)

You could give him the link to it too...

Download this: http://free.antivirus.com/hijackthis/

And then post the log it gives you after you run it. That will help the people here work out what's wrong (not me, I haven't a clue how to read the thing XD).


----------



## lostim (Feb 24, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:22 PM, on 2/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: fruttinet - {b0feda70-f863-f114-20ad-bc5ca8bf3e2c} - C:\Windows\system32\df7399d9-3e41-2b41-d273-73fb2f070920.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDL[email protected]
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /S
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: IMVU.lnk = C:\Users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix: 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9cd2565275ba0) (gupdate1c9cd2565275ba0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11260 bytes


----------



## lostim (Feb 24, 2010)

being on the presipes of borderline ignorant i hope this is what you were referring to when you said to post the log that hijack this gave me, i put it just above this reply. i hope you can help me. the hijackthis 2.0.3 beta version would not install, probably same problem i have but the log file i posted is from the version 2.0.2.


----------



## Dezo (Feb 23, 2010)

I *think* that looks like the right thing, at least it's like what I've posted here in the past. Now you just need to wait for someone who knows how to read it.


----------



## lostim (Feb 24, 2010)

should i just go and move this to the malware forums?


----------



## antech (Feb 23, 2010)

Bump


----------



## lostim (Feb 24, 2010)

how do i do that?


----------



## antech (Feb 23, 2010)

What do you want to do?


----------



## lostim (Feb 24, 2010)

move it or bump it, what ever it was that you suggested.


----------



## antech (Feb 23, 2010)

I just asked someone to post his/her views.
That's all


----------



## crjdriver (Jan 2, 2001)

I have asked a security person to review your log. If there is malware/virus problems, we can move it. 

It can take a little while, since they are pretty busy.


----------



## Cookiegal (Aug 27, 2003)

There is indeed indication of malware so let's address that.

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## lostim (Feb 24, 2010)

when i did as you asked it stopped short of installing and said first "internal error: failed to expand shell folder constant "userappdata"" then it said "setup was not complete please correct the problem and run setup again". what do i do now?


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## lostim (Feb 24, 2010)

it didn't ask me where to save it, it just did it so it's still named combofix.exe and is in C\users\tim\downloads. when i right click on it it doesn't say anything about edit so i don't know how to rename it to puppy.exe. my computer security did ask me a number of times if i wanted to allow the changes being made when combofix was running, i have mcafee, and i said yes, hope that was alright, i'm new to all this. i was asked if i wanted to make internet explorer my default, i said yes. here are the logs you asked for: omboFix 10-03-08.02 - tim 03/09/2010 9:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.991 [GMT -6:00]
Running from: c:\users\tim\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-4027892296-2810054924-922058701-500
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\mtWB3sh.dll
c:\programdata\AV1
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\03629c12-22d0-61cf-8d09-ab128f4b3b48
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\2cfe2d62-f4ce-ab0f-9918-fa6227140718
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\6c8e7a93-f0fa-0ff6-eb7c-1153b4b10851
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\81153b5a-13ab-aa47-9fdb-5b486b1d42eb
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 162
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 204
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 214
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 235
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 300
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 307
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 334
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 36
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 370
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 448
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 490
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 561
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 590
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 597
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 654
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 71
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 712
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 767
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 812
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 865
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 870
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Component Update 948
c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\ee1cd6f7-656f-74fd-1a82-3b5c2ebda652
c:\windows\system32\5fda8d57-d5d4-a3b0-8ec0-924539d42a24.exe
.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.
2010-03-09 15:49 . 2010-03-09 15:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-09 15:49 . 2010-03-09 15:49 -------- d-----w- c:\users\teanna\AppData\Local\temp
2010-03-09 15:49 . 2010-03-09 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-09 15:49 . 2010-03-09 15:49 -------- d-----w- c:\users\lavina\AppData\Local\temp
2010-02-25 03:16 . 2010-02-25 03:16 -------- d-----w- c:\program files\Trend Micro
2010-02-24 19:24 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 19:24 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 19:24 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 19:23 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 19:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 19:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 19:23 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 19:23 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 19:23 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 19:23 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 19:23 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 19:23 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 19:23 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 03:07 . 2010-02-23 03:07 -------- d-----w- c:\windows\Sun
2010-02-23 02:33 . 2010-03-05 16:24 1 ----a-w- c:\users\lavina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-23 02:33 . 2010-02-23 02:33 -------- d-----w- c:\users\lavina\AppData\Roaming\OpenOffice.org
2010-02-23 02:32 . 2010-02-12 17:53 38784 ----a-w- c:\users\lavina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-23 01:46 . 2010-02-23 01:46 1 ----a-w- c:\users\teanna\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-23 01:46 . 2010-02-23 01:46 -------- d-----w- c:\users\teanna\AppData\Roaming\OpenOffice.org
2010-02-22 22:38 . 2010-02-22 22:38 329536 ----a-w- c:\users\Public\RemoveSGP.exe
2010-02-22 13:58 . 2010-02-22 13:58 -------- d-----w- c:\program files\JRE
2010-02-22 13:57 . 2010-02-22 16:05 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-22 00:59 . 2010-02-12 17:53 38784 ----a-w- c:\users\teanna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 18:42 . 2010-02-17 18:42 -------- d-----w- c:\program files\Common Files\Adobe AIR(0)
2010-02-17 18:34 . 2010-02-12 18:30 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-10 05:37 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 05:37 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 04:55 . 2009-01-23 19:49 -------- d-----w- c:\users\lavina\AppData\Roaming\LimeWire
2010-03-09 02:08 . 2009-01-23 22:28 -------- d-----w- c:\users\teanna\AppData\Roaming\LimeWire
2010-03-07 19:38 . 2009-06-25 19:45 1312 ----a-w- c:\users\teanna\AppData\Roaming\wklnhst.dat
2010-03-07 00:43 . 2009-01-13 17:48 5892 ----a-w- c:\users\lavina\AppData\Local\d3d9caps.dat
2010-03-04 23:46 . 2009-01-12 23:00 5216 ----a-w- c:\users\teanna\AppData\Local\d3d9caps.dat
2010-02-25 22:00 . 2009-01-10 18:39 71760 ----a-w- c:\users\lavina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 19:31 . 2009-01-10 18:49 71760 ----a-w- c:\users\teanna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 16:04 . 2009-01-10 17:29 71760 ----a-w- c:\users\tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-03 12:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 04:14 . 2009-01-07 16:48 -------- d-----w- c:\program files\McAfee
2010-02-17 19:17 . 2010-02-01 04:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-17 18:52 . 2010-01-26 15:31 -------- d-----w- c:\programdata\NOS
2010-02-17 15:13 . 2009-02-09 19:42 5216 ----a-w- c:\users\tim\AppData\Local\d3d9caps.dat
2010-02-12 17:09 . 2009-01-10 17:43 -------- d-----w- c:\program files\dl_Cats
2010-02-10 15:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-08 17:13 . 2010-02-08 17:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-02-08 02:17 . 2009-12-12 02:49 7631232 ----a-w- c:\users\teanna\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-01-31 23:12 . 2010-01-31 23:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA134.tmp.exe
2010-01-31 02:54 . 2009-01-07 16:56 -------- d-----w- c:\program files\Dell DataSafe Online
2010-01-31 02:53 . 2009-07-24 02:22 8653312 ----a-w- c:\users\lavina\AppData\Roaming\DataSafeDotNet.exe
2010-01-31 02:53 . 2009-07-24 02:22 8653312 ----a-w- c:\users\lavina\AppData\Roaming\DataSafeDotNet.exe
2010-01-21 03:56 . 2010-01-14 07:07 0 ----a-w- c:\users\tim\AppData\Local\Mdipupewadag.bin
2010-01-21 03:56 . 2010-01-14 07:07 120 ----a-w- c:\users\tim\AppData\Local\Brakuviyakidalos.dat
2010-01-12 04:03 . 2010-01-12 04:03 8799005 ----a-w- c:\programdata\SPLC505.tmp
2010-01-06 15:38 . 2010-02-24 19:24 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 19:24 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 19:24 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 19:24 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-04 18:26 . 2010-01-04 18:26 862000 ----a-w- c:\programdata\SPL7BE9.tmp
2010-01-03 21:32 . 2010-01-03 21:32 862000 ----a-w- c:\programdata\SPL1EA9.tmp
2010-01-02 20:05 . 2009-01-14 19:47 1669192 ----a-w- c:\programdata\WildTangent\OEM Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-01-02 06:38 . 2010-01-22 19:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 19:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 19:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 19:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 16:53 . 2009-12-20 16:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-12 23:13 . 2009-12-12 23:13 0 ----a-w- c:\users\lavina\AppData\Roaming\wklnhst.dat
2009-01-07 18:14 . 2009-01-07 18:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0feda70-f863-f114-20ad-bc5ca8bf3e2c}]
2009-11-21 20:00 1830912 ----a-w- c:\windows\System32\df7399d9-3e41-2b41-d273-73fb2f070920.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]
c:\users\lavina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\users\teanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
IMVU.lnk - c:\users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe [2009-6-28 49920]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-1-7 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-07 16:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):af,6a,ff,8e,a4,f7,c9,01
R2 gupdate1c9cd2565275ba0;Google Update Service (gupdate1c9cd2565275ba0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-03-06 27648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 02:00]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 02:00]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
2010-03-09 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-07 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
AddRemove-5fda8d57-d5d4-a3b0-8ec0-924539d42a24 - c:\windows\system32\5fda8d57-d5d4-a3b0-8ec0-924539d42a24.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 09:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-09 09:52:27
ComboFix-quarantined-files.txt 2010-03-09 15:52
Pre-Run: 220,102,922,240 bytes free
Post-Run: 220,726,284,288 bytes free
- - End Of File - - 4995015A8EA60FAC0CC80815560363BE


----------



## lostim (Feb 24, 2010)

i had to post it in 2 posts, too long:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:53 AM, on 3/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: fruttinet - {b0feda70-f863-f114-20ad-bc5ca8bf3e2c} - C:\Windows\system32\df7399d9-3e41-2b41-d273-73fb2f070920.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: IMVU.lnk = C:\Users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9cd2565275ba0) (gupdate1c9cd2565275ba0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9666 bytes


----------



## Cookiegal (Aug 27, 2003)

It has to be on the desktop. I assume you used Firefox to download it because it goes by default to the Download folder. You can change that in Firefox to send all downloads to your desktop. Click on Tools - Options and on the Main tab under Downloads, beside where it says "save Files to" - change that to your desktop using the Browse button. Or you can select the option to always ask you to where to save files.

Anyway, you should be able to drag ComboFix to the desktop from the Download folder.

Once on the desktop, right-click the file and select "Rename" (not Edit) to rename the file.

You also need to disable Windows Defender and it still shows your anti-virus as being active.

Once you've got ComboFix on the desktop, please run a new scan and post that log.


----------



## lostim (Feb 24, 2010)

here's the new log from combofixComboFix 10-03-08.02 - tim 03/10/2010 8:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1068 [GMT -6:00]
Running from: c:\users\tim\Downloads\puppy.exe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\tim\AppData\Local\{C401C606-CDB5-41FF-911C-0A2635FC8316}
c:\users\tim\AppData\Local\{C401C606-CDB5-41FF-911C-0A2635FC8316}\chrome.manifest
c:\users\tim\AppData\Local\{C401C606-CDB5-41FF-911C-0A2635FC8316}\chrome\content\_cfg.js
c:\users\tim\AppData\Local\{C401C606-CDB5-41FF-911C-0A2635FC8316}\chrome\content\overlay.xul
c:\users\tim\AppData\Local\{C401C606-CDB5-41FF-911C-0A2635FC8316}\install.rdf
.
((((((((((((((((((((((((( Files Created from 2010-02-10 to 2010-03-10 )))))))))))))))))))))))))))))))
.
2010-03-10 14:55 . 2010-03-10 14:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-10 14:55 . 2010-03-10 14:55 -------- d-----w- c:\users\teanna\AppData\Local\temp
2010-03-10 14:55 . 2010-03-10 14:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-10 14:55 . 2010-03-10 14:55 -------- d-----w- c:\users\lavina\AppData\Local\temp
2010-03-10 14:55 . 2010-03-10 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-25 03:16 . 2010-02-25 03:16 -------- d-----w- c:\program files\Trend Micro
2010-02-24 19:24 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 19:24 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 19:24 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 19:23 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 19:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 19:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 19:23 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 19:23 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 19:23 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 19:23 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 19:23 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 19:23 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 19:23 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 03:07 . 2010-02-23 03:07 -------- d-----w- c:\windows\Sun
2010-02-23 02:33 . 2010-03-05 16:24 1 ----a-w- c:\users\lavina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-23 02:33 . 2010-02-23 02:33 -------- d-----w- c:\users\lavina\AppData\Roaming\OpenOffice.org
2010-02-23 02:32 . 2010-02-12 17:53 38784 ----a-w- c:\users\lavina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-23 01:46 . 2010-02-23 01:46 1 ----a-w- c:\users\teanna\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-23 01:46 . 2010-02-23 01:46 -------- d-----w- c:\users\teanna\AppData\Roaming\OpenOffice.org
2010-02-22 22:38 . 2010-02-22 22:38 329536 ----a-w- c:\users\Public\RemoveSGP.exe
2010-02-22 13:58 . 2010-02-22 13:58 -------- d-----w- c:\program files\JRE
2010-02-22 13:57 . 2010-02-22 16:05 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-22 00:59 . 2010-02-12 17:53 38784 ----a-w- c:\users\teanna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 18:42 . 2010-02-17 18:42 -------- d-----w- c:\program files\Common Files\Adobe AIR(0)
2010-02-17 18:34 . 2010-02-12 18:30 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-10 05:37 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 05:37 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 05:21 . 2009-01-23 19:49 -------- d-----w- c:\users\lavina\AppData\Roaming\LimeWire
2010-03-10 02:06 . 2009-01-23 22:28 -------- d-----w- c:\users\teanna\AppData\Roaming\LimeWire
2010-03-07 19:38 . 2009-06-25 19:45 1312 ----a-w- c:\users\teanna\AppData\Roaming\wklnhst.dat
2010-03-07 00:43 . 2009-01-13 17:48 5892 ----a-w- c:\users\lavina\AppData\Local\d3d9caps.dat
2010-03-04 23:46 . 2009-01-12 23:00 5216 ----a-w- c:\users\teanna\AppData\Local\d3d9caps.dat
2010-02-25 22:00 . 2009-01-10 18:39 71760 ----a-w- c:\users\lavina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 19:31 . 2009-01-10 18:49 71760 ----a-w- c:\users\teanna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 16:04 . 2009-01-10 17:29 71760 ----a-w- c:\users\tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-03 12:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 04:14 . 2009-01-07 16:48 -------- d-----w- c:\program files\McAfee
2010-02-17 19:17 . 2010-02-01 04:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-17 18:52 . 2010-01-26 15:31 -------- d-----w- c:\programdata\NOS
2010-02-17 15:13 . 2009-02-09 19:42 5216 ----a-w- c:\users\tim\AppData\Local\d3d9caps.dat
2010-02-12 17:09 . 2009-01-10 17:43 -------- d-----w- c:\program files\dl_Cats
2010-02-10 15:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-08 17:13 . 2010-02-08 17:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-02-08 02:17 . 2009-12-12 02:49 7631232 ----a-w- c:\users\teanna\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-01-31 23:12 . 2010-01-31 23:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA134.tmp.exe
2010-01-31 02:54 . 2009-01-07 16:56 -------- d-----w- c:\program files\Dell DataSafe Online
2010-01-31 02:53 . 2009-07-24 02:22 8653312 ----a-w- c:\users\lavina\AppData\Roaming\DataSafeDotNet.exe
2010-01-31 02:53 . 2009-07-24 02:22 8653312 ----a-w- c:\users\lavina\AppData\Roaming\DataSafeDotNet.exe
2010-01-21 03:56 . 2010-01-14 07:07 0 ----a-w- c:\users\tim\AppData\Local\Mdipupewadag.bin
2010-01-21 03:56 . 2010-01-14 07:07 120 ----a-w- c:\users\tim\AppData\Local\Brakuviyakidalos.dat
2010-01-12 04:03 . 2010-01-12 04:03 8799005 ----a-w- c:\programdata\SPLC505.tmp
2010-01-06 15:38 . 2010-02-24 19:24 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 19:24 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 19:24 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 19:24 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-04 18:26 . 2010-01-04 18:26 862000 ----a-w- c:\programdata\SPL7BE9.tmp
2010-01-03 21:32 . 2010-01-03 21:32 862000 ----a-w- c:\programdata\SPL1EA9.tmp
2010-01-02 20:05 . 2009-01-14 19:47 1669192 ----a-w- c:\programdata\WildTangent\OEM Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-01-02 06:38 . 2010-01-22 19:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 19:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 19:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 19:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 16:53 . 2009-12-20 16:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-12 23:13 . 2009-12-12 23:13 0 ----a-w- c:\users\lavina\AppData\Roaming\wklnhst.dat
2009-01-07 18:14 . 2009-01-07 18:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( [email protected]_15.50.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-28 02:37 . 2009-04-11 06:28 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2EXT.dll
+ 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2EXT.dll
- 2006-11-02 13:05 . 2010-03-09 15:22 66006 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-03-10 13:48 66006 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-10 17:24 . 2010-03-09 15:41 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-10 17:24 . 2010-03-10 13:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-10 17:24 . 2010-03-09 15:41 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 17:24 . 2010-03-10 13:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-10 17:24 . 2010-03-09 15:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-10 17:24 . 2010-03-10 13:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-28 08:08 . 2010-03-08 20:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-28 08:08 . 2010-03-10 03:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-28 08:08 . 2010-03-10 03:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-28 08:08 . 2010-03-08 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 08:08 . 2010-03-10 03:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-28 08:08 . 2010-03-08 20:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-27 03:49 . 2010-03-09 15:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-27 03:49 . 2010-03-09 00:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-27 03:49 . 2010-03-09 15:20 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-27 03:49 . 2010-03-09 00:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-27 03:49 . 2010-03-09 00:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-27 03:49 . 2010-03-09 15:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-10 17:57 . 2010-03-10 13:48 8414 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1000_UserData.bin
+ 2010-03-10 13:51 . 2010-03-10 13:56 3236 c:\windows\SoftwareDistribution\EventCache\{54DBEA9F-EAEB-496E-996C-B7627DB9299E}.bin
- 2010-03-09 15:20 . 2010-03-09 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-10 13:46 . 2010-03-10 13:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-09 15:20 . 2010-03-09 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-10 13:46 . 2010-03-10 13:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-28 02:37 . 2009-04-11 06:28 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2AE.dll
+ 2009-06-28 02:37 . 2009-04-11 06:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2AE.dll
+ 2009-01-10 18:35 . 2010-03-10 04:53 227926 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 12:47 . 2010-02-25 16:03 295392 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:47 . 2010-03-10 13:46 295392 c:\windows\System32\FNTCACHE.DAT
+ 2009-10-08 04:58 . 2010-03-10 13:51 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-10-08 04:58 . 2010-03-02 01:09 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 10:22 . 2010-03-10 13:54 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-02-25 16:03 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-03-10 14:47 . 2010-03-10 14:47 6434816 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-06-04 03:59 . 2010-03-10 13:55 215304964 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0feda70-f863-f114-20ad-bc5ca8bf3e2c}]
2009-11-21 20:00 1830912 ----a-w- c:\windows\System32\df7399d9-3e41-2b41-d273-73fb2f070920.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]
c:\users\lavina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\users\teanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
IMVU.lnk - c:\users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe [2009-6-28 49920]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-1-7 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-07 16:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):af,6a,ff,8e,a4,f7,c9,01
R2 gupdate1c9cd2565275ba0;Google Update Service (gupdate1c9cd2565275ba0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-03-06 27648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 02:00]
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 02:00]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
2010-03-10 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-07 11:44]
2010-03-09 c:\windows\Tasks\User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 08:55
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-10 08:57:20
ComboFix-quarantined-files.txt 2010-03-10 14:57
ComboFix2.txt 2010-03-09 15:52
Pre-Run: 221,022,998,528 bytes free
Post-Run: 220,991,479,808 bytes free
- - End Of File - - 183CA0BDE9FC3F0C9AF1045447C2EAAF


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\users\tim\AppData\Local\Mdipupewadag.bin
c:\users\tim\AppData\Local\Brakuviyakidalos.dat
c:\programdata\SPLC505.tmp
c:\programdata\SPL7BE9.tmp
c:\programdata\SPL1EA9.tmp
c:\windows\System32\df7399d9-3e41-2b41-d273-73fb2f070920.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0feda70-f863-f114-20ad-bc5ca8bf3e2c}]
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## lostim (Feb 24, 2010)

ComboFix 10-03-12.02 - tim 03/12/2010 23:26:01.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.949 [GMT -6:00]
Running from: c:\users\tim\Downloads\puppy.exe.exe
Command switches used :: c:\users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZNQLU1EU\CFScriptB-4[1].gif
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))
.
2010-03-13 05:33 . 2010-03-13 05:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-13 05:33 . 2010-03-13 05:33 -------- d-----w- c:\users\teanna\AppData\Local\temp
2010-03-13 05:33 . 2010-03-13 05:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-13 05:33 . 2010-03-13 05:33 -------- d-----w- c:\users\lavina\AppData\Local\temp
2010-03-13 05:33 . 2010-03-13 05:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-10 15:27 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 15:27 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 15:27 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 15:06 . 2010-03-10 15:06 -------- d-sh--w- c:\users\tim\%APPDATA%
2010-02-25 03:16 . 2010-02-25 03:16 -------- d-----w- c:\program files\Trend Micro
2010-02-24 19:24 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 19:24 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 19:24 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 19:23 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 19:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 19:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 19:23 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 19:23 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 19:23 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 19:23 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 19:23 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 19:23 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 19:23 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 03:07 . 2010-02-23 03:07 -------- d-----w- c:\windows\Sun
2010-02-23 02:33 . 2010-03-11 07:07 1 ----a-w- c:\users\lavina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-23 02:33 . 2010-02-23 02:33 -------- d-----w- c:\users\lavina\AppData\Roaming\OpenOffice.org
2010-02-23 02:32 . 2010-02-12 17:53 38784 ----a-w- c:\users\lavina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-23 01:46 . 2010-02-23 01:46 1 ----a-w- c:\users\teanna\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-23 01:46 . 2010-02-23 01:46 -------- d-----w- c:\users\teanna\AppData\Roaming\OpenOffice.org
2010-02-22 22:38 . 2010-02-22 22:38 329536 ----a-w- c:\users\Public\RemoveSGP.exe
2010-02-22 13:58 . 2010-02-22 13:58 -------- d-----w- c:\program files\JRE
2010-02-22 13:57 . 2010-02-22 16:05 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-22 00:59 . 2010-02-12 17:53 38784 ----a-w- c:\users\teanna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 18:42 . 2010-02-17 18:42 -------- d-----w- c:\program files\Common Files\Adobe AIR(0)
2010-02-17 18:34 . 2010-02-12 18:30 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 02:11 . 2009-01-23 22:28 -------- d-----w- c:\users\teanna\AppData\Roaming\LimeWire
2010-03-12 19:29 . 2009-01-23 19:49 -------- d-----w- c:\users\lavina\AppData\Roaming\LimeWire
2010-03-11 08:51 . 2009-01-13 17:48 5892 ----a-w- c:\users\lavina\AppData\Local\d3d9caps.dat
2010-03-10 15:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 15:12 . 2009-01-10 17:43 -------- d-----w- c:\program files\dl_Cats
2010-03-07 19:38 . 2009-06-25 19:45 1312 ----a-w- c:\users\teanna\AppData\Roaming\wklnhst.dat
2010-03-04 23:46 . 2009-01-12 23:00 5216 ----a-w- c:\users\teanna\AppData\Local\d3d9caps.dat
2010-02-25 22:00 . 2009-01-10 18:39 71760 ----a-w- c:\users\lavina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 19:31 . 2009-01-10 18:49 71760 ----a-w- c:\users\teanna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 16:04 . 2009-01-10 17:29 71760 ----a-w- c:\users\tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-03 12:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 04:14 . 2009-01-07 16:48 -------- d-----w- c:\program files\McAfee
2010-02-17 19:17 . 2010-02-01 04:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-17 18:52 . 2010-01-26 15:31 -------- d-----w- c:\programdata\NOS
2010-02-17 15:13 . 2009-02-09 19:42 5216 ----a-w- c:\users\tim\AppData\Local\d3d9caps.dat
2010-02-08 17:13 . 2010-02-08 17:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-02-08 02:17 . 2009-12-12 02:49 7631232 ----a-w- c:\users\teanna\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-01-31 23:12 . 2010-01-31 23:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA134.tmp.exe
2010-01-31 02:54 . 2009-01-07 16:56 -------- d-----w- c:\program files\Dell DataSafe Online
2010-01-31 02:53 . 2009-07-24 02:22 8653312 ----a-w- c:\users\lavina\AppData\Roaming\DataSafeDotNet.exe
2010-01-31 02:53 . 2009-07-24 02:22 8653312 ----a-w- c:\users\lavina\AppData\Roaming\DataSafeDotNet.exe
2010-01-21 03:56 . 2010-01-14 07:07 0 ----a-w- c:\users\tim\AppData\Local\Mdipupewadag.bin
2010-01-21 03:56 . 2010-01-14 07:07 120 ----a-w- c:\users\tim\AppData\Local\Brakuviyakidalos.dat
2010-01-12 04:03 . 2010-01-12 04:03 8799005 ----a-w- c:\programdata\SPLC505.tmp
2010-01-06 15:38 . 2010-02-24 19:24 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 19:24 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 19:24 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 19:24 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-04 18:26 . 2010-01-04 18:26 862000 ----a-w- c:\programdata\SPL7BE9.tmp
2010-01-03 21:32 . 2010-01-03 21:32 862000 ----a-w- c:\programdata\SPL1EA9.tmp
2010-01-02 20:05 . 2009-01-14 19:47 1669192 ----a-w- c:\programdata\WildTangent\OEM Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-01-02 06:38 . 2010-01-22 19:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 19:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 19:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 19:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 16:53 . 2009-12-20 16:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-01-07 18:14 . 2009-01-07 18:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( [email protected]_15.50.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-10 15:27 . 2010-02-20 23:12 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhstipm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:12 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhst_pm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:12 48128 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3wphost.dll
+ 2010-03-10 15:27 . 2010-02-20 23:12 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3tp.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhstipm.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhst_pm.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 47616 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3wphost.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3tp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhstipm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhst_pm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3wphost.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3tp.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhstipm.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhst_pm.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3wphost.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3tp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:36 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhstipm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:36 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhst_pm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:36 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3wphost.dll
+ 2010-03-10 15:27 . 2010-02-20 23:36 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3tp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhstipm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhst_pm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3wphost.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3tp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:10 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22343_none_75f500438adc1033\nshhttp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:06 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18210_none_7588d25e71a8d091\nshhttp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22638_none_741e5fb98da91dd1\nshhttp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:39 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18428_none_739f90f4748364ef\nshhttp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:35 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21227_none_7241c6f1907b8db3\nshhttp.dll
+ 2010-03-10 15:27 . 2010-02-20 23:54 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.17022_none_71b326ce7762720f\nshhttp.dll
+ 2010-03-10 13:55 . 2009-10-14 14:12 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2EXT.dll
+ 2009-06-28 02:37 . 2009-04-11 06:28 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2EXT.dll
+ 2010-03-10 13:55 . 2009-10-14 15:08 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2EXT.dll
+ 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2EXT.dll
+ 2010-03-10 13:55 . 2009-10-14 14:51 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2EXT.dll
+ 2010-03-10 13:55 . 2009-10-14 15:06 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2EXT.dll
+ 2010-03-10 15:27 . 2010-02-20 23:12 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\wamregps.dll
+ 2010-03-10 15:27 . 2010-02-20 23:11 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rscaext.dll
+ 2010-03-10 15:27 . 2010-02-20 23:11 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rsca.dll
+ 2010-03-10 15:27 . 2010-02-20 23:08 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissyspr.dll
+ 2010-03-10 15:27 . 2010-02-20 21:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstas.exe
+ 2010-03-10 15:27 . 2010-02-20 21:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreset.exe
+ 2010-03-10 15:27 . 2010-02-20 23:08 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreg.dll
+ 2010-03-10 15:27 . 2010-02-20 23:07 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\ahadmin.dll
+ 2010-03-10 15:27 . 2010-02-20 23:06 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\admwprox.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\wamregps.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rscaext.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rsca.dll
+ 2009-12-11 18:16 . 2009-11-09 12:30 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissyspr.dll
+ 2009-12-11 18:16 . 2009-11-09 10:48 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstas.exe
+ 2009-12-11 18:16 . 2009-11-09 10:48 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreset.exe
+ 2009-12-11 18:16 . 2009-11-09 12:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreg.dll
+ 2009-12-11 18:16 . 2009-11-09 12:28 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\ahadmin.dll
+ 2009-12-11 18:16 . 2009-11-09 12:28 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\admwprox.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\wamregps.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rscaext.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rsca.dll
+ 2010-03-10 15:27 . 2010-02-20 23:29 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissyspr.dll
+ 2010-03-10 15:27 . 2010-02-20 21:35 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstas.exe
+ 2010-03-10 15:27 . 2010-02-20 21:35 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreset.exe
+ 2010-03-10 15:27 . 2010-02-20 23:29 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreg.dll
+ 2010-03-10 15:27 . 2010-02-20 23:26 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\ahadmin.dll
+ 2010-03-10 15:27 . 2010-02-20 23:26 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\admwprox.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\wamregps.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rscaext.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rsca.dll
+ 2009-12-11 18:16 . 2009-11-09 13:20 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissyspr.dll
+ 2009-12-11 18:16 . 2009-11-09 11:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstas.exe
+ 2009-12-11 18:16 . 2009-11-09 11:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreset.exe
+ 2009-12-11 18:16 . 2009-11-09 13:20 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreg.dll
+ 2009-12-11 18:16 . 2009-11-09 13:18 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\ahadmin.dll
+ 2009-12-11 18:16 . 2009-11-09 13:18 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\admwprox.dll
+ 2010-03-10 15:27 . 2010-02-20 23:36 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\wamregps.dll
+ 2010-03-10 15:27 . 2010-02-20 23:35 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\rsca.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissyspr.dll
+ 2010-03-10 15:27 . 2010-02-20 21:31 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstas.exe
+ 2010-03-10 15:27 . 2010-02-20 21:31 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreset.exe
+ 2010-03-10 15:27 . 2010-02-20 23:31 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreg.dll
+ 2010-03-10 15:27 . 2010-02-20 23:30 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\admwprox.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\wamregps.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\rsca.dll
+ 2010-03-10 15:27 . 2010-02-20 23:52 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissyspr.dll
+ 2010-03-10 15:27 . 2010-02-20 21:46 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstas.exe
+ 2010-03-10 15:27 . 2010-02-20 21:46 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreset.exe
+ 2010-03-10 15:27 . 2010-02-20 23:52 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreg.dll
+ 2010-03-10 15:27 . 2010-02-20 23:50 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\admwprox.dll
+ 2010-03-10 15:27 . 2010-02-20 23:12 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\w3dt.dll
+ 2010-03-10 15:27 . 2010-02-20 23:08 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\hwebcore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:07 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\w3dt.dll
+ 2009-12-11 18:16 . 2009-11-09 12:30 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\hwebcore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\w3dt.dll
+ 2010-03-10 15:27 . 2010-02-20 23:29 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\hwebcore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:40 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\w3dt.dll
+ 2009-12-11 18:16 . 2009-11-09 13:20 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\hwebcore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:36 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\w3dt.dll


----------



## lostim (Feb 24, 2010)

+ 2010-03-10 15:27 . 2010-02-20 23:31 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\hwebcore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\w3dt.dll
+ 2010-03-10 15:27 . 2010-02-20 23:51 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\hwebcore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:07 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22343_none_22e5433d125cc342\authsspi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:04 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.18210_none_22791557f92983a0\authsspi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:27 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.22638_none_210ea2b31529d0e0\authsspi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:35 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.18428_none_208fd3edfc0417fe\authsspi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:30 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.21227_none_1f3209eb17fc40c2\authsspi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:50 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.17022_none_1ea369c7fee3251e\authsspi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:08 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22343_none_f7f4165eb3ad7c4d\httpapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:05 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18210_none_f787e8799a7a3cab\httpapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:29 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22638_none_f61d75d4b67a89eb\httpapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:37 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18428_none_f59ea70f9d54d109\httpapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21227_none_f440dd0cb94cf9cd\httpapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:51 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.17022_none_f3b23ce9a033de29\httpapi.dll
+ 2008-01-21 01:58 . 2010-03-12 19:40 46168 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-03-12 19:40 66092 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-10 17:24 . 2010-03-09 15:41 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-10 17:24 . 2010-03-13 05:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-10 17:24 . 2010-03-09 15:41 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 17:24 . 2010-03-13 05:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-10 17:24 . 2010-03-09 15:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-10 17:24 . 2010-03-13 05:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-28 08:08 . 2010-03-13 00:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-28 08:08 . 2010-03-08 20:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-28 08:08 . 2010-03-08 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 08:08 . 2010-03-13 00:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-28 08:08 . 2010-03-08 20:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-28 08:08 . 2010-03-13 00:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-27 03:49 . 2010-03-09 00:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-27 03:49 . 2010-03-12 19:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-27 03:49 . 2010-03-09 00:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-27 03:49 . 2010-03-12 19:38 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-27 03:49 . 2010-03-09 00:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-27 03:49 . 2010-03-12 19:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-10 15:27 . 2010-02-20 23:12 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\w3ctrlps.dll
+ 2010-03-10 15:27 . 2010-02-20 23:08 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstap.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\w3ctrlps.dll
+ 2009-12-11 18:16 . 2009-11-09 12:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstap.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\w3ctrlps.dll
+ 2010-03-10 15:27 . 2010-02-20 23:29 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstap.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\w3ctrlps.dll
+ 2009-12-11 18:16 . 2009-11-09 13:20 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstap.dll
+ 2010-03-10 15:27 . 2010-02-20 23:35 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\w3ctrlps.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstap.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\w3ctrlps.dll
+ 2010-03-10 15:27 . 2010-02-20 23:52 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstap.dll
- 2009-01-13 17:50 . 2010-03-06 18:34 8648 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1002_UserData.bin
+ 2009-01-13 17:50 . 2010-03-12 18:59 8648 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1002_UserData.bin
- 2009-01-11 23:22 . 2010-03-09 00:38 9892 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1001_UserData.bin
+ 2009-01-11 23:22 . 2010-03-12 19:40 9892 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1001_UserData.bin
+ 2009-01-10 17:57 . 2010-03-11 15:13 8834 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1000_UserData.bin
- 2010-03-09 15:20 . 2010-03-09 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-12 19:38 . 2010-03-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-12 19:38 . 2010-03-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-09 15:20 . 2010-03-09 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-10 15:27 . 2010-02-20 23:08 374272 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\iisw3adm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:05 373760 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\iisw3adm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:29 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\iisw3adm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:37 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\iisw3adm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\iisw3adm.dll
+ 2010-03-10 15:27 . 2010-02-20 23:52 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\iisw3adm.dll
+ 2010-03-10 13:55 . 2009-10-14 14:12 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2AE.dll
+ 2010-03-10 13:55 . 2009-10-14 12:23 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.exe
+ 2009-06-28 02:37 . 2009-04-11 06:28 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2AE.dll
+ 2009-06-28 02:37 . 2009-04-11 06:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.exe
+ 2010-03-10 13:55 . 2009-10-14 15:08 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2AE.dll
+ 2010-03-10 13:55 . 2009-10-14 13:16 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2AE.dll
+ 2010-03-10 13:55 . 2009-10-14 12:43 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.exe
+ 2010-03-10 13:55 . 2009-10-14 14:51 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2AE.dll
+ 2010-03-10 13:55 . 2009-10-14 12:44 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.exe
+ 2010-03-10 13:55 . 2009-10-14 15:06 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2AE.dll
+ 2010-03-10 13:55 . 2009-10-14 12:54 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.exe
+ 2010-03-10 15:27 . 2010-02-20 23:10 333312 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\nativerd.dll
+ 2010-03-10 15:27 . 2010-02-20 23:08 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisutil.dll
+ 2010-03-10 15:27 . 2010-02-20 21:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissetup.exe
+ 2010-03-10 15:27 . 2010-02-20 23:08 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisRtl.dll
+ 2010-03-10 15:27 . 2010-02-20 21:22 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisres.dll
+ 2010-03-10 15:27 . 2010-02-20 23:11 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iismig.dll
+ 2010-03-10 15:27 . 2010-02-20 21:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\aspnetca.exe
+ 2010-03-10 15:27 . 2010-02-20 23:07 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appobj.dll
+ 2010-03-10 15:27 . 2010-02-20 21:22 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appcmd.exe
+ 2009-12-11 18:16 . 2009-11-09 12:31 331264 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\nativerd.dll
+ 2009-12-11 18:16 . 2009-11-09 12:30 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisutil.dll
+ 2009-12-11 18:16 . 2009-11-09 10:49 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissetup.exe
+ 2009-12-11 18:16 . 2009-11-09 12:30 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisRtl.dll
+ 2009-12-11 18:16 . 2009-11-09 10:48 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisres.dll
+ 2009-12-11 18:16 . 2009-11-09 12:32 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iismig.dll
+ 2009-12-11 18:16 . 2009-11-09 10:49 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\aspnetca.exe
+ 2009-12-11 18:16 . 2009-11-09 12:28 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appobj.dll
+ 2009-12-11 18:16 . 2009-11-09 10:48 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appcmd.exe
+ 2010-03-10 15:27 . 2010-02-20 23:30 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\nativerd.dll
+ 2010-03-10 15:27 . 2010-02-20 23:29 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisutil.dll
+ 2010-03-10 15:27 . 2010-02-20 21:35 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissetup.exe
+ 2010-03-10 15:27 . 2010-02-20 23:29 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisRtl.dll
+ 2010-03-10 15:27 . 2010-02-20 21:35 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisres.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iismig.dll
+ 2010-03-10 15:27 . 2010-02-20 21:35 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\aspnetca.exe
+ 2010-03-10 15:27 . 2010-02-20 23:26 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appobj.dll
+ 2010-03-10 15:27 . 2010-02-20 21:35 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appcmd.exe
+ 2009-12-11 18:16 . 2009-11-09 13:22 326656 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\nativerd.dll
+ 2009-12-11 18:16 . 2009-11-09 13:20 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisutil.dll
+ 2009-12-11 18:16 . 2009-11-09 11:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissetup.exe
+ 2009-12-11 18:16 . 2009-11-09 13:20 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisRtl.dll
+ 2009-12-11 18:16 . 2009-11-09 11:21 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisres.dll
+ 2009-12-11 18:16 . 2009-11-09 13:23 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iismig.dll
+ 2009-12-11 18:16 . 2009-11-09 11:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\aspnetca.exe
+ 2009-12-11 18:16 . 2009-11-09 13:18 311296 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appobj.dll
+ 2009-12-11 18:16 . 2009-11-09 11:21 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appcmd.exe
+ 2010-03-10 15:27 . 2010-02-20 23:34 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\nativerd.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisutil.dll
+ 2010-03-10 15:27 . 2010-02-20 21:31 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissetup.exe
+ 2010-03-10 15:27 . 2010-02-20 23:31 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisRtl.dll
+ 2010-03-10 15:27 . 2010-02-20 20:21 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisres.dll
+ 2010-03-10 15:27 . 2010-02-20 23:35 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iismig.dll
+ 2010-03-10 15:27 . 2010-02-20 21:31 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\aspnetca.exe
+ 2010-03-10 15:27 . 2010-02-20 23:30 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appobj.dll
+ 2010-03-10 15:27 . 2010-02-20 21:31 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appcmd.exe
+ 2010-03-10 15:27 . 2010-02-20 23:54 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\nativerd.dll
+ 2010-03-10 15:27 . 2010-02-20 23:52 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisutil.dll
+ 2010-03-10 15:27 . 2010-02-20 21:47 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissetup.exe
+ 2010-03-10 15:27 . 2010-02-20 23:52 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisRtl.dll
+ 2010-03-10 15:27 . 2010-02-20 20:30 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisres.dll
+ 2010-03-10 15:27 . 2010-02-20 23:55 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iismig.dll
+ 2010-03-10 15:27 . 2010-02-20 21:47 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\aspnetca.exe
+ 2010-03-10 15:27 . 2010-02-20 23:50 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appobj.dll
+ 2010-03-10 15:27 . 2010-02-20 21:47 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appcmd.exe
+ 2010-03-10 15:27 . 2010-02-20 23:08 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.22343_none_6bd150839a36b650\isapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:05 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.18210_none_6b65229e810376ae\isapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:29 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.22638_none_69faaff99d03c3ee\isapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:37 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.18428_none_697be13483de0b0c\isapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:32 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.21227_none_681e17319fd633d0\isapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:52 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.17022_none_678f770e86bd182c\isapi.dll
+ 2010-03-10 15:27 . 2010-02-20 23:08 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\iiscore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:05 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\iiscore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:29 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\iiscore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:37 189952 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\iiscore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:31 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\iiscore.dll
+ 2010-03-10 15:27 . 2010-02-20 23:52 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\iiscore.dll
+ 2010-03-10 15:27 . 2010-02-20 21:06 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22343_none_af08d5a82f3c8f92\http.sys
+ 2010-03-10 15:27 . 2010-02-20 20:53 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18210_none_ae9ca7c316094ff0\http.sys
+ 2010-03-10 15:27 . 2010-02-20 21:20 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22638_none_ad32351e32099d30\http.sys
+ 2010-03-10 15:27 . 2010-02-20 21:18 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18428_none_acb3665918e3e44e\http.sys
+ 2010-03-10 15:27 . 2010-02-20 21:16 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21227_none_ab559c5634dc0d12\http.sys
+ 2010-03-10 15:27 . 2010-02-20 21:30 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.17022_none_aac6fc331bc2f16e\http.sys
+ 2009-01-10 18:35 . 2010-03-11 19:08 228518 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 12:47 . 2010-02-25 16:03 295392 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:47 . 2010-03-10 13:46 295392 c:\windows\System32\FNTCACHE.DAT
- 2009-10-08 04:58 . 2010-03-02 01:09 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-08 04:58 . 2010-03-10 13:51 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-10 13:55 . 2010-02-15 09:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22340_none_f4ccf2a581dea99c\OESpamFilter.dat
+ 2010-03-10 13:55 . 2010-02-15 09:49 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18208_none_f47697da689964c6\OESpamFilter.dat
+ 2010-03-10 13:55 . 2010-02-15 09:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22635_none_f2f6521b84abb73a\OESpamFilter.dat
+ 2010-03-10 13:55 . 2010-02-15 09:51 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18426_none_f27883a06b8517af\OESpamFilter.dat
+ 2010-03-10 13:55 . 2010-02-15 09:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21225_none_f11ab99d877d4073\OESpamFilter.dat
+ 2010-03-10 13:55 . 2010-02-15 09:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.17020_none_f08c197a6e6424cf\OESpamFilter.dat
- 2006-11-02 10:22 . 2010-02-25 16:03 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2010-03-11 07:12 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:47 . 2010-03-10 15:33 4296665 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2006-11-02 12:47 . 2009-10-28 18:04 4296665 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2010-03-10 13:55 . 2009-10-14 14:10 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.dll
+ 2010-03-10 13:55 . 2009-10-14 13:58 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.dll
+ 2010-03-10 13:55 . 2009-10-14 15:06 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.dll
+ 2010-03-10 13:55 . 2009-10-14 14:45 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.dll
+ 2010-03-10 13:55 . 2009-10-14 14:48 10921984 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.dll
+ 2010-03-10 13:55 . 2009-10-14 15:02 10922496 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.dll
+ 2006-11-02 10:24 . 2010-03-02 05:30 31648712 c:\windows\System32\mrt.exe
+ 2009-06-04 03:59 . 2010-03-10 15:27 217667711 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.


----------



## lostim (Feb 24, 2010)

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0feda70-f863-f114-20ad-bc5ca8bf3e2c}]
2009-11-21 20:00 1830912 ----a-w- c:\windows\System32\df7399d9-3e41-2b41-d273-73fb2f070920.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]
c:\users\teanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
IMVU.lnk - c:\users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe [2009-6-28 49920]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\users\lavina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-1-7 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-07 16:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):af,6a,ff,8e,a4,f7,c9,01
R2 gupdate1c9cd2565275ba0;Google Update Service (gupdate1c9cd2565275ba0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-03-06 27648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 02:00]
2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 02:00]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
2010-03-13 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-07 11:44]
2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 23:34
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-12 23:35:57
ComboFix-quarantined-files.txt 2010-03-13 05:35
ComboFix2.txt 2010-03-10 14:57
ComboFix3.txt 2010-03-09 15:52
Pre-Run: 223,054,192,640 bytes free
Post-Run: 223,035,371,520 bytes free
- - End Of File - - B213E151B408AB0D46F4D1619827F1C0


----------



## lostim (Feb 24, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:30 PM, on 3/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: fruttinet - {b0feda70-f863-f114-20ad-bc5ca8bf3e2c} - C:\Windows\system32\df7399d9-3e41-2b41-d273-73fb2f070920.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-4027892296-2810054924-922058701-1002\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'lavina')
O4 - HKUS\S-1-5-21-4027892296-2810054924-922058701-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'lavina')
O4 - HKUS\S-1-5-21-4027892296-2810054924-922058701-1002\..\Run: [MySpaceIM] C:\Users\lavina\AppData\Roaming\MySpace\IM\bin\MySpaceIM.exe (User 'lavina')
O4 - HKUS\S-1-5-21-4027892296-2810054924-922058701-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'lavina')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'Default user')
O4 - S-1-5-21-4027892296-2810054924-922058701-1002 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'lavina')
O4 - S-1-5-21-4027892296-2810054924-922058701-1002 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'lavina')
O4 - S-1-5-21-4027892296-2810054924-922058701-1002 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'lavina')
O4 - S-1-5-21-4027892296-2810054924-922058701-1002 User Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'lavina')
O4 - S-1-5-21-4027892296-2810054924-922058701-1002 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'lavina')
O4 - S-1-5-21-4027892296-2810054924-922058701-1002 User Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'lavina')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: IMVU.lnk = C:\Users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9cd2565275ba0) (gupdate1c9cd2565275ba0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11105 bytes


----------



## Cookiegal (Aug 27, 2003)

You didn't move ComboFix to the desktop and the script ran from temp files. This isn't going to work if you don't follow the instructions carefully. Please move ComboFix (puppy.exe) to the desktop, disable your anti-virus program and Windows Defender and run a new scan and post that log.


----------



## lostim (Feb 24, 2010)

i'm sorry about before, i hope this is better ComboFix 10-03-12.02 - tim 03/14/2010 23:27:39.4.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2036.1090 [GMT -5:00]
Running from: c:\users\tim\Desktop\puppy.exe.exe
Command switches used :: c:\users\tim\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\SPL1EA9.tmp"
"c:\programdata\SPL7BE9.tmp"
"c:\programdata\SPLC505.tmp"
"c:\users\tim\AppData\Local\Brakuviyakidalos.dat"
"c:\users\tim\AppData\Local\Mdipupewadag.bin"
"c:\windows\System32\df7399d9-3e41-2b41-d273-73fb2f070920.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\SPL1EA9.tmp
c:\programdata\SPL7BE9.tmp
c:\programdata\SPLC505.tmp
c:\users\tim\AppData\Local\Brakuviyakidalos.dat
c:\users\tim\AppData\Local\Mdipupewadag.bin
c:\windows\System32\df7399d9-3e41-2b41-d273-73fb2f070920.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.
2010-03-15 04:35 . 2010-03-15 04:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-15 04:35 . 2010-03-15 04:35 -------- d-----w- c:\users\teanna\AppData\Local\temp
2010-03-15 04:35 . 2010-03-15 04:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-15 04:35 . 2010-03-15 04:35 -------- d-----w- c:\users\lavina\AppData\Local\temp
2010-03-15 04:35 . 2010-03-15 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-10 15:27 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 15:27 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 15:27 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 15:06 . 2010-03-10 15:06 -------- d-sh--w- c:\users\tim\%APPDATA%
2010-02-25 03:16 . 2010-02-25 03:16 -------- d-----w- c:\program files\Trend Micro
2010-02-24 19:24 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 19:24 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 19:24 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 19:23 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 19:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 19:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 19:23 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 19:23 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 19:23 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 19:23 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 19:23 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 19:23 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 19:23 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 03:07 . 2010-02-23 03:07 -------- d-----w- c:\windows\Sun
2010-02-23 02:33 . 2010-03-11 07:07 1 ----a-w- c:\users\lavina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-23 02:33 . 2010-02-23 02:33 -------- d-----w- c:\users\lavina\AppData\Roaming\OpenOffice.org
2010-02-23 02:32 . 2010-02-12 17:53 38784 ----a-w- c:\users\lavina\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-23 01:46 . 2010-02-23 01:46 1 ----a-w- c:\users\teanna\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-23 01:46 . 2010-02-23 01:46 -------- d-----w- c:\users\teanna\AppData\Roaming\OpenOffice.org
2010-02-22 22:38 . 2010-02-22 22:38 329536 ----a-w- c:\users\Public\RemoveSGP.exe
2010-02-22 13:58 . 2010-02-22 13:58 -------- d-----w- c:\program files\JRE
2010-02-22 13:57 . 2010-02-22 16:05 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-22 00:59 . 2010-02-12 17:53 38784 ----a-w- c:\users\teanna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 18:42 . 2010-02-17 18:42 -------- d-----w- c:\program files\Common Files\Adobe AIR(0)
2010-02-17 18:34 . 2010-02-12 18:30 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 00:32 . 2009-01-23 19:49 -------- d-----w- c:\users\lavina\AppData\Roaming\LimeWire
2010-03-14 22:07 . 2009-01-23 22:28 -------- d-----w- c:\users\teanna\AppData\Roaming\LimeWire
2010-03-13 22:24 . 2009-01-12 23:00 5216 ----a-w- c:\users\teanna\AppData\Local\d3d9caps.dat
2010-03-13 08:09 . 2009-01-13 17:48 5892 ----a-w- c:\users\lavina\AppData\Local\d3d9caps.dat
2010-03-10 15:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 15:12 . 2009-01-10 17:43 -------- d-----w- c:\program files\dl_Cats
2010-03-07 19:38 . 2009-06-25 19:45 1312 ----a-w- c:\users\teanna\AppData\Roaming\wklnhst.dat
2010-02-25 22:00 . 2009-01-10 18:39 71760 ----a-w- c:\users\lavina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 19:31 . 2009-01-10 18:49 71760 ----a-w- c:\users\teanna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 16:04 . 2009-01-10 17:29 71760 ----a-w- c:\users\tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-03 12:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 04:14 . 2009-01-07 16:48 -------- d-----w- c:\program files\McAfee
2010-02-17 19:17 . 2010-02-01 04:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-17 18:52 . 2010-01-26 15:31 -------- d-----w- c:\programdata\NOS
2010-02-17 15:13 . 2009-02-09 19:42 5216 ----a-w- c:\users\tim\AppData\Local\d3d9caps.dat
2010-02-08 17:13 . 2010-02-08 17:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-02-08 02:17 . 2009-12-12 02:49 7631232 ----a-w- c:\users\teanna\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.823.0-static-A.exe
2010-01-31 23:12 . 2010-01-31 23:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA134.tmp.exe
2010-01-31 02:54 . 2009-01-07 16:56 -------- d-----w- c:\program files\Dell DataSafe Online
2010-01-31 02:53 . 2009-07-24 02:22 8653312 ----a-w- c:\users\lavina\AppData\Roaming\DataSafeDotNet.exe
2010-01-31 02:53 . 2009-07-24 02:22 8653312 ----a-w- c:\users\lavina\AppData\Roaming\DataSafeDotNet.exe
2010-01-06 15:38 . 2010-02-24 19:24 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 19:24 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 19:24 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 19:24 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 20:05 . 2009-01-14 19:47 1669192 ----a-w- c:\programdata\WildTangent\OEM Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-01-02 06:38 . 2010-01-22 19:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 19:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 19:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 19:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 16:53 . 2009-12-20 16:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-01-07 18:14 . 2009-01-07 18:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot_2010-03-13_05.34.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-03-14 19:37 46184 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-03-12 19:40 66092 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-03-15 04:09 66092 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-10 17:24 . 2010-03-15 04:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-10 17:24 . 2010-03-13 05:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-10 17:24 . 2010-03-15 04:36 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-10 17:24 . 2010-03-13 05:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 17:24 . 2010-03-15 04:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-10 17:24 . 2010-03-13 05:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-28 08:08 . 2010-03-13 00:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-28 08:08 . 2010-03-14 20:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-28 08:08 . 2010-03-13 00:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 08:08 . 2010-03-14 20:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 08:08 . 2010-03-14 20:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-28 08:08 . 2010-03-13 00:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-27 03:49 . 2010-03-12 19:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-27 03:49 . 2010-03-14 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-27 03:49 . 2010-03-14 19:35 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-27 03:49 . 2010-03-12 19:38 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-27 03:49 . 2010-03-12 19:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-27 03:49 . 2010-03-14 19:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-13 17:50 . 2010-03-13 08:11 8790 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1002_UserData.bin
- 2009-01-11 23:22 . 2010-03-12 19:40 9892 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1001_UserData.bin
+ 2009-01-11 23:22 . 2010-03-14 19:37 9892 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1001_UserData.bin
+ 2009-01-10 17:57 . 2010-03-15 04:09 8834 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1000_UserData.bin
- 2009-01-10 17:57 . 2010-03-11 15:13 8834 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4027892296-2810054924-922058701-1000_UserData.bin
- 2010-03-12 19:38 . 2010-03-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-15 04:07 . 2010-03-15 04:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-15 04:07 . 2010-03-15 04:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-12 19:38 . 2010-03-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-10 18:35 . 2010-03-13 21:20 228710 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 10:33 . 2010-02-20 05:18 595446 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-03-15 04:12 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-02-20 05:18 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-03-15 04:12 101144 c:\windows\System32\perfc009.dat
- 2006-11-02 10:24 . 2010-03-02 05:30 31648712 c:\windows\System32\mrt.exe
+ 2006-11-02 10:24 . 2010-03-02 03:30 31648712 c:\windows\System32\mrt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]
c:\users\teanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
IMVU.lnk - c:\users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe [2009-6-28 49920]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\users\lavina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-1-7 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-07 16:53 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):af,6a,ff,8e,a4,f7,c9,01
R2 gupdate1c9cd2565275ba0;Google Update Service (gupdate1c9cd2565275ba0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-03-06 27648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 02:00]
2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 02:00]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]
2010-03-15 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-07 11:44]
2010-03-15 c:\windows\Tasks\User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 23:35
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-14 23:37:31
ComboFix-quarantined-files.txt 2010-03-15 04:37
ComboFix2.txt 2010-03-13 05:35
ComboFix3.txt 2010-03-10 14:57
ComboFix4.txt 2010-03-09 15:52
Pre-Run: 223,807,803,392 bytes free
Post-Run: 223,804,432,384 bytes free
- - End Of File - - 08449A08FC7AD76969A98E8205A7E585


----------



## lostim (Feb 24, 2010)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:43 PM, on 3/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: IMVU.lnk = C:\Users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9cd2565275ba0) (gupdate1c9cd2565275ba0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9463 bytes


----------



## Cookiegal (Aug 27, 2003)

Although Windows Defender is still enabled, at least ComboFix is on the desktop now so much better.

Can you please uninstall MalwareyBytes through the Control Panel and then try to download it again and run the scan.


----------



## lostim (Feb 24, 2010)

glad i did one thing right, on the windows defender i brought it up, went to options, went down to administrator options and turned it off or so i thought. on the malwarebytes it wouldn't install in the first place and the same thing happened when i tried to install it this time. i get a little white message board that said internal error:failed to expand shell folder constant"userappdata". then it takes back everything it tried to install and says to fix the problem and try again.


----------



## Cookiegal (Aug 27, 2003)

Do you know your way around the registry at all?


----------



## lostim (Feb 24, 2010)

not at all, as far as i know i can barely find the registry and have no idea of what should or should not be there or how it should be set up.


----------



## Cookiegal (Aug 27, 2003)

OK, this command will export the key so I can see if something is out of place there as I suspect:

Go to *Start *- *Run *and copy and paste the following:


```
[B]regedit /e C:\look.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"[/B]
```
You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## lostim (Feb 24, 2010)

i'm sorry i don't understand what you mean by RUN. i went to START and didn't see anything that said RUN. i don't want to seem dense but could you be more exact about how i need to do this, step by step, remember i'm illiterate in computers and on the terminology i'm probably less than that.


----------



## Cookiegal (Aug 27, 2003)

In Vista, it's not shown by default. You can restore it but that's not necessary. You should be able to get it by hitting the Windows key and R (Win + R) on your keyboard at the same time.


----------



## lostim (Feb 24, 2010)

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=hex(2):25,00,41,00,50,00,50,00,44,00,41,00,54,00,41,00,25,00,00,00
"Cache"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,4c,00,\
6f,00,63,00,61,00,6c,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,54,00,65,00,\
6d,00,70,00,6f,00,72,00,61,00,72,00,79,00,20,00,49,00,6e,00,74,00,65,00,72,\
00,6e,00,65,00,74,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00
"Cookies"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\
00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
00,43,00,6f,00,6f,00,6b,00,69,00,65,00,73,00,00,00
"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00
"Favorites"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,\
00,00,00
"History"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,4c,\
00,6f,00,63,00,61,00,6c,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,\
66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,48,00,69,\
00,73,00,74,00,6f,00,72,00,79,00,00,00
"Local AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,\
00,4c,00,6f,00,63,00,61,00,6c,00,00,00
"My Music"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4d,00,75,00,73,00,69,00,63,00,00,00
"My Pictures"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\
00,4c,00,45,00,25,00,5c,00,50,00,69,00,63,00,74,00,75,00,72,00,65,00,73,00,\
00,00
"My Video"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,56,00,69,00,64,00,65,00,6f,00,73,00,00,00
"NetHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\
00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,20,00,53,00,68,00,6f,00,72,00,\
74,00,63,00,75,00,74,00,73,00,00,00
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,\
00,00,00
"PrintHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\
00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
00,50,00,72,00,69,00,6e,00,74,00,65,00,72,00,20,00,53,00,68,00,6f,00,72,00,\
74,00,63,00,75,00,74,00,73,00,00,00
"Programs"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\
00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,00,75,00,5c,00,50,00,\
72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,00,00
"Recent"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,00,\
6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,\
52,00,65,00,63,00,65,00,6e,00,74,00,00,00
"SendTo"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,00,\
6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,00,\
53,00,65,00,6e,00,64,00,54,00,6f,00,00,00
"Startup"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\
00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,00,75,00,5c,00,50,00,\
72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,5c,00,53,00,74,00,61,00,72,00,74,\
00,75,00,70,00,00,00
"Start Menu"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\
00,4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,\
52,00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,\
00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,00,75,00,00,00
"Templates"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,44,00,61,00,74,00,61,00,5c,00,52,\
00,6f,00,61,00,6d,00,69,00,6e,00,67,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,5c,\
00,54,00,65,00,6d,00,70,00,6c,00,61,00,74,00,65,00,73,00,00,00
"{374DE290-123F-4565-9164-39C4925E467B}"=hex(2):25,00,55,00,53,00,45,00,52,00,\
50,00,52,00,4f,00,46,00,49,00,4c,00,45,00,25,00,5c,00,44,00,6f,00,77,00,6e,\
00,6c,00,6f,00,61,00,64,00,73,00,00,00


----------



## Cookiegal (Aug 27, 2003)

Have you done any tweaks to your system such as moving folders like "My Documents" to a location other than the default one?


----------



## lostim (Feb 24, 2010)

not intentionally or that i'm aware of.


----------



## Cookiegal (Aug 27, 2003)

Do you have administrator rights on this computer?

I see there are other user profiles. How many are there?

Some were set up as roaming profiles but yours is not. Do you know why?


----------



## Cookiegal (Aug 27, 2003)

Go to Start - Control Panel - System and Maintenance, Administrative Tools and double-click on the Event Viewer. You may be prompted for a password or confirmation. 

Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## lostim (Feb 24, 2010)

this is the copies i got from system under windows logs in the event viewer
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/23/2010 3:10:46 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-23T20:10:46.000Z" />
<EventRecordID>155603</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
{C2BFE331-6739-4270-86C9-493D9A04CD38}
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/22/2010 10:15:47 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-23T03:15:47.000Z" />
<EventRecordID>155428</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
{C2BFE331-6739-4270-86C9-493D9A04CD38}
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/22/2010 4:56:13 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T21:56:13.000Z" />
<EventRecordID>155396</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
{C2BFE331-6739-4270-86C9-493D9A04CD38}
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/22/2010 12:14:12 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T17:14:12.000Z" />
<EventRecordID>155353</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
{C2BFE331-6739-4270-86C9-493D9A04CD38}
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/21/2010 8:58:50 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T01:58:50.000Z" />
<EventRecordID>155205</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
{C2BFE331-6739-4270-86C9-493D9A04CD38}
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/20/2010 9:11:00 AM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-20T14:11:00.000Z" />
<EventRecordID>154848</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
{C2BFE331-6739-4270-86C9-493D9A04CD38}
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/23/2010 5:35:09 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-23T22:35:09.000Z" />
<EventRecordID>155611</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
{C2BFE331-6739-4270-86C9-493D9A04CD38}
</EventData>
</Event>


----------



## lostim (Feb 24, 2010)

same place in the windows logs in the event viewer in applications

Log Name: Application
Source: Microsoft-Windows-EventSystem
Date: 3/23/2010 4:11:00 PM
Event ID: 4621
Task Category: Event System
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The COM+ Event System could not remove the EventSystem.EventSubscription object {EE9B6D09-80ED-4565-A293-C230163A249E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
<EventID Qualifiers="49152">4621</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-23T21:11:00.000Z" />
<EventRecordID>31799</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
80070005
EventSystem.EventSubscription
{EE9B6D09-80ED-4565-A293-C230163A249E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 3/23/2010 12:55:10 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-23T17:55:10.000Z" />
<EventRecordID>31773</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/22/2010 10:30:58 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-23T03:30:58.000Z" />
<EventRecordID>31751</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/22/2010 10:30:58 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-23T03:30:58.000Z" />
<EventRecordID>31750</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-EventSystem
Date: 3/22/2010 10:01:34 PM
Event ID: 4621
Task Category: Event System
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The COM+ Event System could not remove the EventSystem.EventSubscription object {3D55EE7E-0145-4725-A771-D88D10EAAB71}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
<EventID Qualifiers="49152">4621</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-23T03:01:34.000Z" />
<EventRecordID>31742</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
80070005
EventSystem.EventSubscription
{3D55EE7E-0145-4725-A771-D88D10EAAB71}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/22/2010 5:30:44 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T22:30:44.000Z" />
<EventRecordID>31730</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/22/2010 5:30:44 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T22:30:44.000Z" />
<EventRecordID>31729</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/22/2010 12:31:03 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T17:31:03.000Z" />
<EventRecordID>31706</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/22/2010 12:31:03 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T17:31:03.000Z" />
<EventRecordID>31705</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 3/22/2010 11:42:22 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T16:42:22.000Z" />
<EventRecordID>31689</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/21/2010 8:30:39 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T01:30:39.000Z" />
<EventRecordID>31652</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/21/2010 8:30:39 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-22T01:30:39.000Z" />
<EventRecordID>31651</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/21/2010 3:30:42 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-21T20:30:42.000Z" />
<EventRecordID>31642</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/21/2010 3:30:42 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-21T20:30:42.000Z" />
<EventRecordID>31641</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 3/21/2010 2:32:38 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-21T19:32:38.000Z" />
<EventRecordID>31632</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 3/21/2010 12:50:29 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-21T05:50:29.000Z" />
<EventRecordID>31602</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/20/2010 11:30:42 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-21T04:30:42.000Z" />
<EventRecordID>31574</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 3/20/2010 11:30:42 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-21T04:30:42.000Z" />
<EventRecordID>31573</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B32454146374536312D303638452D313144462D393533432D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: Application Error
Date: 3/20/2010 7:01:24 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Faulting application IEXPLORE.EXE, version 8.0.6001.18882, time stamp 0x4b3ed243, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x1420, application start time 0x01cac8887649cd00.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-03-21T00:01:24.000Z" />
<EventRecordID>31564</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
IEXPLORE.EXE
8.0.6001.18882
4b3ed243
unknown
0.0.0.0
00000000
c0000005
00000000
1420
01cac8887649cd00
</EventData>
</Event>


----------



## Cookiegal (Aug 27, 2003)

Cookiegal said:


> Do you have administrator rights on this computer?
> 
> I see there are other user profiles. How many are there?
> 
> Some were set up as roaming profiles but yours is not. Do you know why?


Please answer these questions.


----------



## lostim (Feb 24, 2010)

yes i am the administrator. 2, my wife and my daughter. well i'm not sure what a roaming profile is but i was the one who was first on the computer when we got it, hence the administrator rank and the girls set there own accounts up for themselves. i don't know if that answered your question about how it was done but i simply followed the setup instructions that it told me when it was first turned on.


----------



## Cookiegal (Aug 27, 2003)

Are any of the other user accounts experiencing the same problems?


----------



## lostim (Feb 24, 2010)

i checked my girls accounts and on both of them the adobe will open up, so i assume it works for them but it will not open up for me at all. i get that error 1606. could not access network location %APPDATA%\. now on the java none of us can update it, it's update 17 but the jave update installer won't install, i get that error 1606 etc. it figures that i would be the one that would have the most problems such is life.


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop and double-click on it to extract the files. It will create a folder named *OTS* on your desktop.

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Open the *OTS* folder and double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## lostim (Feb 24, 2010)

```
OTS logfile created on: 3/27/2010 11:07:54 PM - Run 1
OTS by OldTimer - Version 3.1.27.1     Folder = C:\Users\tim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 205.17 Gb Free Space | 72.40% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.11 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREDDIE2
Current User Name: tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\tim\Desktop\OTS.exe -> [2010/03/27 23:05:32 | 000,637,440 | ---- | M] (OldTimer Tools)
soffice.bin -> C:\Program Files\OpenOffice.org 3\program\soffice.bin -> [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org)
soffice.exe -> C:\Program Files\OpenOffice.org 3\program\soffice.exe -> [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org)
googletoolbaruser_32.exe -> C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe -> [2010/01/31 18:17:26 | 000,298,608 | ---- | M] (Google Inc.)
flashutil10e.exe -> C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe -> [2010/01/26 19:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/12/05 08:24:10 | 000,030,192 | ---- | M] (Google)
datasafeonline.exe -> C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe -> [2009/11/13 17:15:00 | 001,807,600 | ---- | M] ()
mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
msksrver.exe -> C:\Program Files\McAfee\MSK\msksrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
sprtcmd.exe -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2008/10/04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
hnm_svc.exe -> c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -> [2008/09/30 11:03:14 | 000,820,464 | ---- | M] (Dell Inc.)
ezi_ra.exe -> C:\Program Files\Dell Remote Access\ezi_ra.exe -> [2008/09/30 11:03:12 | 000,464,112 | ---- | M] (Dell Inc.)
delldock.exe -> C:\Program Files\Dell\DellDock\DellDock.exe -> [2008/09/23 23:09:52 | 001,295,656 | ---- | M] (Stardock Corporation)
docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation)
limewire.exe -> C:\Program Files\LimeWire\LimeWire.exe -> [2008/09/18 13:50:21 | 000,147,456 | ---- | M] (Lime Wire, LLC)
rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2008/03/06 06:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor)
pcmservice.exe -> C:\Program Files\Dell\MediaDirect\PCMService.exe -> [2008/01/14 11:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.)
dlcgcoms.exe -> C:\Windows\System32\dlcgcoms.exe -> [2006/11/03 12:28:22 | 000,537,480 | ---- | M] ( )

[Modules - Safe List]
ots.exe -> C:\Users\tim\Desktop\OTS.exe -> [2010/03/27 23:05:32 | 000,637,440 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(GoogleDesktopManager-110309-193829) Google Desktop Manager 5.9.911.3589 [On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/12/05 08:24:10 | 000,030,192 | ---- | M] (Google)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)
(McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -> [2009/08/27 13:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee Anti-Spam Service [Auto | Running] -> C:\Program Files\McAfee\MSK\MskSrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -> [2009/01/07 11:53:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) [Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
(hnmsvc) Advanced Networking Service [Auto | Running] -> c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -> [2008/09/30 11:03:14 | 000,820,464 | ---- | M] (Dell Inc.)
(DockLoginService) Dock Login Service [Auto | Running] -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation)
(dlcg_device) dlcg_device [Auto | Running] -> C:\Windows\System32\dlcgcoms.exe -> [2006/11/03 12:28:22 | 000,537,480 | ---- | M] ( )

[Driver Services - Safe List]
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2009/12/20 11:53:32 | 000,234,016 | ---- | M] (Realtek                                            )
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\System32\drivers\mfehidk.sys -> [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfeavfk.sys -> [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfesmfk.sys -> [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfebopk.sys -> [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mferkdk.sys -> [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\System32\drivers\Mpfp.sys -> [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.)
(Packet) Auto Internet Protocol [Kernel | Auto | Running] -> C:\Windows\System32\drivers\packet.sys -> [2008/06/17 13:01:06 | 000,022,016 | ---- | M] (SingleClick Systems)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2008/03/06 06:52:58 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.)
(RtNdPt60) Realtek NDIS Protocol Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\RtNdPt60.sys -> [2008/03/06 06:44:48 | 000,027,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(iaStor) Intel AHCI Controller [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastor.sys -> [2008/03/06 06:31:52 | 000,308,248 | ---- | M] (Intel Corporation)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation)
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\e1e6032.sys -> [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.)
(nvraid) NVIDIA nForce RAID Driver    [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.)
(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\motmodem.sys -> [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> [URL]http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html[/URL] -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://att.my.yahoo.com/[/URL] -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> [URL]http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com[/URL] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\tim\AppData\Roaming\Mozilla\Extensions -> [2009/07/11 21:26:13 | 000,000,000 | ---D | M]
  -> C:\Users\tim\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/07/11 21:26:13 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/18 16:41:30 | 000,000,736 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
::1             localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/07/30 21:44:14 | 000,909,040 | ---- | M] (Yahoo! Inc.)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/07/08 14:48:48 | 000,246,800 | ---- | M] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 05:27:02 | 000,509,328 | ---- | M] (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/01/31 18:16:20 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/01/31 22:25:05 | 000,812,528 | ---- | M] (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/11/09 10:56:48 | 000,098,304 | ---- | M] (Dell Inc.)
{FCBCCB87-9224-4B8D-B117-F56D924BEB18} [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar Helper] -> File not found
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/07/30 21:44:02 | 000,159,472 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{1BB22D38-A411-4B13-A746-C2A4F4EC7344}" [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar] -> File not found
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/01/31 18:16:20 | 000,279,664 | ---- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 21:44:14 | 000,909,040 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{1BB22D38-A411-4B13-A746-C2A4F4EC7344}" [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/01/31 18:16:20 | 000,279,664 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Dell DataSafe Online" -> C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ["C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m] -> [2009/11/13 17:15:00 | 001,807,600 | ---- | M] ()
"dellsupportcenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter] -> [2008/10/04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
"DLCGCATS" -> C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL [rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]] -> [2006/10/20 18:50:02 | 000,073,728 | ---- | M] ()
"Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2009/12/05 08:24:10 | 000,030,192 | ---- | M] (Google)
"mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2008/01/14 11:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.)
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2008/03/06 06:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor)
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/01/07 11:47:54 | 000,039,408 | ---- | M] (Google Inc.)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/01/31 18:17:01 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 05:27:02 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
localhost .[http] -> Local intranet -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
GD [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[/URL] [Java Plug-in 1.6.0_07] -> 
{A7EA8AD2-287F-11D3-B120-006008C39542} [HKLM] -> [URL]https://offers.e-centives.com/cif/download/bin/actxcab.cab[/URL] [CBSTIEPrint Class] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[/URL] [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[/URL] [Java Plug-in 1.6.0_07] ->
```


----------



## lostim (Feb 24, 2010)

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{D045E73C-D32A-43AF-B596-8BEA6ED32400}\\DhcpNameServer -> 192.168.1.254 (Realtek PCIe GBE Family Controller) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2009/12/05 08:24:11 | 000,123,392 | ---- | M] (Google)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll -> [2009/01/07 11:53:55 | 000,010,536 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2008/02/11 18:46:44 | 000,204,800 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 16:43:36 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 3/20/2010 7:30:42 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/20/2010 8:01:24 PM Computer Name = freddie2 | Source = Application Error | ID = 1000 -> Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18882, time stamp 0x4b3ed243, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x1420, application start time 0x01cac8887649cd00.
Application [ Error ] 3/21/2010 12:30:42 AM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 12:30:42 AM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 1:50:29 AM Computer Name = freddie2 | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 3/21/2010 3:32:38 PM Computer Name = freddie2 | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 3/21/2010 4:30:42 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 4:30:42 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 9:30:39 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 9:30:39 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Media Center [ Error ] 4/29/2009 10:08:06 PM Computer Name = freddie2 | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 6/9/2009 12:23:01 PM Computer Name = freddie2 | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
System [ Error ] 3/23/2010 6:35:09 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/24/2010 11:03:30 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/25/2010 5:22:40 AM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/25/2010 8:45:43 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/25/2010 10:03:55 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/26/2010 12:40:39 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/26/2010 1:40:52 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/26/2010 11:46:09 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/27/2010 2:26:42 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/27/2010 8:04:42 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description =

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\tim\Desktop\OTS.exe -> [2010/03/27 23:05:21 | 000,637,440 | ---- | C] (OldTimer Tools)
JRE -> C:\Program Files\JRE -> [2010/03/15 02:05:13 | 000,000,000 | ---D | C]
OpenOffice.org 3.2 (en-US) Installation Files -> C:\Users\tim\Desktop\OpenOffice.org 3.2 (en-US) Installation Files -> [2010/03/15 01:59:14 | 000,000,000 | ---D | C]
OpenOffice.org -> C:\Windows\OpenOffice.org -> [2010/03/15 00:09:27 | 000,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/03/14 23:37:51 | 000,000,000 | -HSD | C]
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/03/14 23:24:24 | 000,212,480 | ---- | C] (SteelWerX)
nshhttp.dll -> C:\Windows\System32\nshhttp.dll -> [2010/03/10 10:27:07 | 000,024,064 | ---- | C] (Microsoft Corporation)
httpapi.dll -> C:\Windows\System32\httpapi.dll -> [2010/03/10 10:27:06 | 000,030,720 | ---- | C] (Microsoft Corporation)
%APPDATA% -> C:\Users\tim\%APPDATA% -> [2010/03/10 10:06:09 | 000,000,000 | -HSD | C]
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/03/09 10:37:31 | 000,031,232 | ---- | C] (NirSoft)
SWREG.exe -> C:\Windows\SWREG.exe -> [2010/03/09 10:37:28 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2010/03/09 10:37:28 | 000,136,704 | ---- | C] (SteelWerX)
ERDNT -> C:\Windows\ERDNT -> [2010/03/09 10:37:21 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/03/09 10:36:58 | 000,000,000 | ---D | C]
dlcgpmui.dll -> C:\Windows\System32\dlcgpmui.dll -> [2006/10/11 19:01:40 | 000,643,072 | ---- | C] ( )
dlcgserv.dll -> C:\Windows\System32\dlcgserv.dll -> [2006/10/11 18:59:56 | 001,224,704 | ---- | C] ( )
dlcgcomm.dll -> C:\Windows\System32\dlcgcomm.dll -> [2006/10/11 18:54:10 | 000,421,888 | ---- | C] ( )
dlcglmpm.dll -> C:\Windows\System32\dlcglmpm.dll -> [2006/10/11 18:52:34 | 000,585,728 | ---- | C] ( )
dlcgiesc.dll -> C:\Windows\System32\dlcgiesc.dll -> [2006/10/11 18:51:16 | 000,397,312 | ---- | C] ( )
dlcgpplc.dll -> C:\Windows\System32\dlcgpplc.dll -> [2006/10/11 18:48:58 | 000,094,208 | ---- | C] ( )
dlcgcomc.dll -> C:\Windows\System32\dlcgcomc.dll -> [2006/10/11 18:48:14 | 000,684,032 | ---- | C] ( )
dlcgprox.dll -> C:\Windows\System32\dlcgprox.dll -> [2006/10/11 18:47:42 | 000,163,840 | ---- | C] ( )
dlcginpa.dll -> C:\Windows\System32\dlcginpa.dll -> [2006/10/11 18:41:42 | 000,413,696 | ---- | C] ( )
dlcgusb1.dll -> C:\Windows\System32\dlcgusb1.dll -> [2006/10/11 18:41:04 | 000,991,232 | ---- | C] ( )
dlcghbn3.dll -> C:\Windows\System32\dlcghbn3.dll -> [2006/10/11 18:37:14 | 000,696,320 | ---- | C] ( )
9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->

[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\tim\ntuser.dat -> [2010/03/27 23:11:42 | 003,145,728 | -HS- | M] ()
OTS.exe -> C:\Users\tim\Desktop\OTS.exe -> [2010/03/27 23:05:32 | 000,637,440 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/03/27 22:30:00 | 000,000,886 | ---- | M] ()
User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job -> C:\Windows\tasks\User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job -> [2010/03/27 22:22:35 | 000,000,414 | -H-- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/03/27 22:21:09 | 000,000,882 | ---- | M] ()
RtlNICDiagVistaStart.job -> C:\Windows\tasks\RtlNICDiagVistaStart.job -> [2010/03/27 22:21:08 | 000,000,276 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/27 21:25:24 | 000,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/27 21:25:24 | 000,003,616 | -H-- | M] ()
Config.MPF -> C:\Windows\System32\Config.MPF -> [2010/03/27 16:26:17 | 000,025,799 | ---- | M] ()
ntuser.dat{5a3e3c2f-1bf7-11df-a765-00219b1be78d}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\tim\ntuser.dat{5a3e3c2f-1bf7-11df-a765-00219b1be78d}.TMContainer00000000000000000001.regtrans-ms -> [2010/03/27 13:53:31 | 000,524,288 | -HS- | M] ()
ntuser.dat{5a3e3c2f-1bf7-11df-a765-00219b1be78d}.TM.blf -> C:\Users\tim\ntuser.dat{5a3e3c2f-1bf7-11df-a765-00219b1be78d}.TM.blf -> [2010/03/27 13:53:31 | 000,065,536 | -HS- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/03/27 13:25:25 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/03/27 13:25:23 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/03/27 13:25:21 | 2136,133,632 | -HS- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/03/23 13:00:56 | 000,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/03/23 13:00:56 | 000,595,446 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/03/23 13:00:56 | 000,101,144 | ---- | M] ()
IconCache.db -> C:\Users\tim\AppData\Local\IconCache.db -> [2010/03/22 12:13:40 | 003,950,315 | -H-- | M] ()
d3d9caps.dat -> C:\Users\tim\AppData\Local\d3d9caps.dat -> [2010/03/16 22:04:35 | 000,005,216 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\tim\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/03/16 22:04:19 | 000,071,760 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/03/15 12:07:40 | 000,295,392 | ---- | M] ()
OpenOffice.org 3.2.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk -> [2010/03/15 02:08:01 | 000,000,961 | ---- | M] ()
McDefragTask.job -> C:\Windows\tasks\McDefragTask.job -> [2010/03/15 00:59:59 | 000,000,356 | ---- | M] ()
OpenOffice.org 3.2.lnk -> C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk -> [2010/03/15 00:09:57 | 000,000,986 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2010/03/14 23:35:21 | 000,000,215 | ---- | M] ()
puppy.exe.exe -> C:\Users\tim\Desktop\puppy.exe.exe -> [2010/03/13 00:22:25 | 003,888,448 | R--- | M] ()
9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
49 C:\Users\tim\AppData\Local\Temp\*.tmp files -> C:\Users\tim\AppData\Local\Temp\*.tmp -> 
49 C:\Users\tim\AppData\Local\Temp\*.tmp files -> C:\Users\tim\AppData\Local\Temp\*.tmp ->

[Files - No Company Name]
OpenOffice.org 3.2.lnk -> C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk -> [2010/03/15 00:09:57 | 000,000,986 | ---- | C] ()
User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job -> C:\Windows\tasks\User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job -> [2010/03/09 11:58:57 | 000,000,414 | -H-- | C] ()
MBR.exe -> C:\Windows\MBR.exe -> [2010/03/09 10:37:31 | 000,077,312 | ---- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2010/03/09 10:37:28 | 000,261,632 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2010/03/09 10:37:28 | 000,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2010/03/09 10:37:28 | 000,080,412 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2010/03/09 10:37:28 | 000,068,096 | ---- | C] ()
puppy.exe.exe -> C:\Users\tim\Desktop\puppy.exe.exe -> [2010/03/09 10:36:06 | 003,888,448 | R--- | C] ()
RtNicProp32.dll -> C:\Windows\System32\RtNicProp32.dll -> [2009/12/03 10:27:28 | 000,080,416 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/06/27 21:38:46 | 000,117,248 | ---- | C] ()
igklg400.dll -> C:\Windows\System32\igklg400.dll -> [2009/01/07 13:28:11 | 001,953,696 | ---- | C] ()
igklg450.dll -> C:\Windows\System32\igklg450.dll -> [2009/01/07 13:28:11 | 001,533,360 | ---- | C] ()
igfxCoIn_v1409.dll -> C:\Windows\System32\igfxCoIn_v1409.dll -> [2009/01/07 13:28:11 | 000,147,456 | ---- | C] ()
igmedcompkrn.dll -> C:\Windows\System32\igmedcompkrn.dll -> [2009/01/07 13:28:11 | 000,104,636 | ---- | C] ()
igfxCoIn_v1437.dll -> C:\Windows\System32\igfxCoIn_v1437.dll -> [2008/02/11 19:55:18 | 000,147,456 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 07:37:35 | 000,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 07:37:35 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 07:37:35 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 07:37:35 | 000,026,040 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 07:35:32 | 000,005,632 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 05:25:44 | 000,159,744 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 000,013,750 | ---- | C] ()
dlcgcoin.dll -> C:\Windows\System32\dlcgcoin.dll -> [2006/10/28 11:31:44 | 000,344,064 | ---- | C] ()
dlcginsr.dll -> C:\Windows\System32\dlcginsr.dll -> [2006/10/20 05:51:32 | 000,106,496 | ---- | C] ()
dlcgcur.dll -> C:\Windows\System32\dlcgcur.dll -> [2006/10/20 05:51:18 | 000,036,864 | ---- | C] ()
dlcgjswr.dll -> C:\Windows\System32\dlcgjswr.dll -> [2006/10/20 05:50:34 | 000,131,072 | ---- | C] ()
dlcginsb.dll -> C:\Windows\System32\dlcginsb.dll -> [2006/10/20 05:45:26 | 000,176,128 | ---- | C] ()
dlcgcub.dll -> C:\Windows\System32\dlcgcub.dll -> [2006/10/20 05:45:16 | 000,086,016 | ---- | C] ()
dlcgcu.dll -> C:\Windows\System32\dlcgcu.dll -> [2006/10/20 05:45:00 | 000,073,728 | ---- | C] ()
dlcgins.dll -> C:\Windows\System32\dlcgins.dll -> [2006/10/20 05:44:54 | 000,159,744 | ---- | C] ()
dlcgutil.dll -> C:\Windows\System32\dlcgutil.dll -> [2006/10/20 05:42:56 | 000,434,176 | ---- | C] ()
dlcgcfg.dll -> C:\Windows\System32\dlcgcfg.dll -> [2006/09/06 06:27:28 | 000,069,632 | ---- | C] ()
dlcgvs.dll -> C:\Windows\System32\dlcgvs.dll -> [2005/08/18 07:26:46 | 000,040,960 | ---- | C] ()
dlcgcnv4.dll -> C:\Windows\System32\dlcgcnv4.dll -> [2005/07/05 11:32:24 | 000,061,440 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
[/code]


----------



## Cookiegal (Aug 27, 2003)

The instructions were to attach the log. I cannot use it in that format so please upload it as an attachment.


----------



## lostim (Feb 24, 2010)

like this.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar Helper]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{1BB22D38-A411-4B13-A746-C2A4F4EC7344}" [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{1BB22D38-A411-4B13-A746-C2A4F4EC7344}" [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar]
[Files/Folders - Created Within 30 Days]
NY ->  9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
NY ->  9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
NY ->  9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
NY ->  49 C:\Users\tim\AppData\Local\Temp\*.tmp files -> C:\Users\tim\AppData\Local\Temp\*.tmp
NY ->  49 C:\Users\tim\AppData\Local\Temp\*.tmp files -> C:\Users\tim\AppData\Local\Temp\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1
NY -> @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D432CE3
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## Cookiegal (Aug 27, 2003)

I suspect your CD drive may not be working. Can you give it a try please?

If not, you will have to reinstall the driver.


----------



## lostim (Feb 24, 2010)

i hope i did this right, the ots crashed when it was trying to finish and the whole computer went blank. i had to turn the power off several times to get it to even come up and i went through it all again and this is what i got as far as logs.
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
[Files/Folders - Created Within 30 Days]
[Files/Folders - Modified Within 30 Days]
C:\Users\tim\AppData\Local\Temp\si2B36.tmp deleted successfully.
C:\Users\tim\AppData\Local\Temp\sv2an.tmp folder deleted successfully.
C:\Users\tim\AppData\Local\Temp\~DF1DE.tmp deleted successfully.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF308E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF38C2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF3912.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF3975.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF3AAC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF3AB7.tmp scheduled to be deleted on reboot.
C:\Users\tim\AppData\Local\Temp\~DF549.tmp deleted successfully.
C:\Users\tim\AppData\Local\Temp\~DF7DA5.tmp deleted successfully.
C:\Users\tim\AppData\Local\Temp\~DF98C3.tmp deleted successfully.
C:\Users\tim\AppData\Local\Temp\~DFDDD9.tmp deleted successfully.
C:\Users\tim\AppData\Local\Temp\~DFFA6C.tmp deleted successfully.
C:\Users\tim\AppData\Local\Temp\~DFFC6C.tmp deleted successfully.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF308E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF38C2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF3912.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF3975.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF3AAC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\tim\AppData\Local\Temp\~DF3AB7.tmp scheduled to be deleted on reboot.
C:\Users\tim\AppData\Local\Temp\~DF549.tmp deleted successfully.
C:\Users\tim\AppData\Local\Temp\~DFDDD9.tmp deleted successfully.
C:\Users\tim\AppData\Local\Temp\~DFFC6C.tmp deleted successfully.
[Alternate Data Streams]
Unable to delete ADS C:\ProgramData\TEMP1B5B4F1 .
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
[Empty Temp Folders]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lavina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: teanna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: tim
->Temp folder emptied: 330193 bytes
->Temporary Internet Files folder emptied: 2990567 bytes
->Java cache emptied: 955197 bytes
->Flash cache emptied: 49271 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51003 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13165158 bytes
RecycleBin emptied: 631260 bytes

Total Files Cleaned = 17.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.27.1 fix logfile created on 03302010_202056
Files\Folders moved on Reboot...
File\Folder C:\Users\tim\AppData\Local\Temp\~DF308E.tmp not found!
File\Folder C:\Users\tim\AppData\Local\Temp\~DF38C2.tmp not found!
File\Folder C:\Users\tim\AppData\Local\Temp\~DF3912.tmp not found!
File\Folder C:\Users\tim\AppData\Local\Temp\~DF3975.tmp not found!
File\Folder C:\Users\tim\AppData\Local\Temp\~DF3AAC.tmp not found!
File\Folder C:\Users\tim\AppData\Local\Temp\~DF3AB7.tmp not found!
C:\Users\tim\AppData\Local\Temp\Low\~DF2866.tmp moved successfully.
C:\Users\tim\AppData\Local\Temp\Low\~DF7D22.tmp moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TQV16I7P\fc[1].txt moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TQV16I7P\launch[1].txt moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J44346A6\905474-wits-end-4[1].html moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J44346A6\ads[1].txt moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J44346A6\blank[1].html moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J44346A6\blank[2].html moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2HKUZZUF\ads[1].txt moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2HKUZZUF\blank[1].html moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2HKUZZUF\sh14[1].html moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\mcafee_AInhjpVz2Y9MDYH not found!
File\Folder C:\Windows\temp\mcafee_gWUBfL3gTfjSWtg not found!
File\Folder C:\Windows\temp\mcmsc_FejuOHUSGeX9bax not found!
File\Folder C:\Windows\temp\mcmsc_ha1R1EKeiWD7h8j not found!
File\Folder C:\Windows\temp\mcmsc_WUHebZaPsIDMTTT not found!
File\Folder C:\Windows\temp\sqlite_7NI4IvRcl3VJwn2 not found!
File\Folder C:\Windows\temp\sqlite_Ed6sB6Slm9gWVTt not found!
File\Folder C:\Windows\temp\sqlite_eFi6khXVrkZHyub not found!
File\Folder C:\Windows\temp\sqlite_w4w6S1wz5494FA9 not found!
Registry entries deleted on Reboot...


----------



## lostim (Feb 24, 2010)

and this is the hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:44 PM, on 3/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\notepad.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {5aa14397-d310-447d-8548-2dd90218a07d} - C:\Program Files\CoolChaser Toolbar\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FCTBPos00Pos - {FC78E410-0EFA-4BEC-B283-D1DB1922F420} - C:\Program Files\CoolChaser Toolbar\Toolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: CoolChaser Toolbar - {B0208007-27C1-4BCD-93EF-EFF5DB61FC22} - C:\Program Files\CoolChaser Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\teanna\appdata\local\temp\TE521D~1.SH! c:\users\teanna\appdata\local\temp\HSPERF~1.SH! (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: IMVU.lnk = C:\Users\tim\AppData\Roaming\IMVUClient\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - https://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9cd2565275ba0) (gupdate1c9cd2565275ba0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10272 bytes


----------



## lostim (Feb 24, 2010)

as far as the cd drive goes i put a music cd in and it doesn't know it has a cd in it, so no it's not working. i looked at the stuff that came with the computer when i got it and found a disk marked drivers and utilities already installed on your computer, put that in and play it or go to dell and find it and download it. i know i'm frustrating but i just don't want to do the wrong thing and if i need to go to dell what do i need to look for?


----------



## Cookiegal (Aug 27, 2003)

Go to this MS article and scroll down to the instructions under Remove and Reinstall drivers and do the steps for your operating system.

http://support.microsoft.com/kb/982116

Let me know how that goes please.


----------



## lostim (Feb 24, 2010)

i did as you suggested and it didn't help a bit to make the cd-dvd drive work. i also tried a couple of the fixes they suggested, all to no avail. it also talked about deleteing something in the registry in one of the articles but i did not do that, to affarid of what might happen and i got enough problems right now.


----------



## Cookiegal (Aug 27, 2003)

First, let's backup the registry:

Please go to *Start *- *Run *and copy and paste the following and then click OK:

*regedit /e c:\registrybackup.reg*

It won't appear to be doing anything and that's normal. Your mouse pointer may turn to an hour glass for a minute.

When it no longer has the hour glass, check in your C drive to be sure you have a file called* registrybackup.reg *before continuing. If you do not see that file, please let me know before doing anything else.

Then if you can, create a new system restore point before doing the next step.

Then, please go to the following link and run the automatic fix from Microsoft:

http://support.microsoft.com/?kbid=886549

Then reboot the machine and let me know how it went.


----------



## lostim (Feb 24, 2010)

it didn't finish, what it said was the specified path '%APPDATA%\' is unavailable.


----------



## Cookiegal (Aug 27, 2003)

OK, then we have to do a few things manually and then you should be able to run the fix to complete the process.

I'm writing a registry fix for you so you don't have to do it manually.

In the meantime, please do the following and report back:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders".
Click "Apply" then "OK".

Then do a search for the following file and let me know the entire path to all that you find please.

*cdrom.sys*

I will post back later with further instructions.


----------



## lostim (Feb 24, 2010)

i don't know how significate this is but some strange things happened when i put cdrom.sys in the search box after going to control panel then clicking on folder options and then doing what you said. i had 3 things pop up on my desktop. 1st. a little folder marked %APPDATA% inside that it said microsoft then windows then 3 things IECompatCashe underneath that IETldCashe and PrivacIE, all 3 spelled exactly like that. inside the 1st. one was index.dat dated 4/2/2010 couldn't open it. inside the 2nd. one it said index.dat dated 3/28/2010 and couldn't open it either. finally the 3rd. one dated 3/25/2010 index.dat couldn't open it either. also had 2 look like sheet of paper with a gear in front of them also on the desktop. both of them said desktop.ini. the first one said [.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
and the second one said [.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21799. they were not there before i did the stuff in the folder options but were after.


----------



## Cookiegal (Aug 27, 2003)

That's because those files were hidden before. Did you just recently install IE8?

Did you find any cdrom.sys files?


----------



## lostim (Feb 24, 2010)

no i didn't do the IE8, it keeps trying too but i haven't messed with it. no cdrom.sys files that i noticed.


----------



## lostim (Feb 24, 2010)

i went back and tried that again and apparently do have IE8 and the only thing that showed up when i searched for cdrom.sys was this.
code]
OTS logfile created on: 3/27/2010 11:07:54 PM - Run 1
OTS by OldTimer - Version 3.1.27.1 Folder = C:\Users\tim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 205.17 Gb Free Space | 72.40% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.11 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREDDIE2
Current User Name: tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\tim\Desktop\OTS.exe -> [2010/03/27 23:05:32 | 000,637,440 | ---- | M] (OldTimer Tools)
soffice.bin -> C:\Program Files\OpenOffice.org 3\program\soffice.bin -> [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org)
soffice.exe -> C:\Program Files\OpenOffice.org 3\program\soffice.exe -> [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org)
googletoolbaruser_32.exe -> C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe -> [2010/01/31 18:17:26 | 000,298,608 | ---- | M] (Google Inc.)
flashutil10e.exe -> C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe -> [2010/01/26 19:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/12/05 08:24:10 | 000,030,192 | ---- | M] (Google)
datasafeonline.exe -> C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe -> [2009/11/13 17:15:00 | 001,807,600 | ---- | M] ()
mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
msksrver.exe -> C:\Program Files\McAfee\MSK\msksrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
searchprotection.exe -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
sprtcmd.exe -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2008/10/04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
hnm_svc.exe -> c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -> [2008/09/30 11:03:14 | 000,820,464 | ---- | M] (Dell Inc.)
ezi_ra.exe -> C:\Program Files\Dell Remote Access\ezi_ra.exe -> [2008/09/30 11:03:12 | 000,464,112 | ---- | M] (Dell Inc.)
delldock.exe -> C:\Program Files\Dell\DellDock\DellDock.exe -> [2008/09/23 23:09:52 | 001,295,656 | ---- | M] (Stardock Corporation)
docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation)
limewire.exe -> C:\Program Files\LimeWire\LimeWire.exe -> [2008/09/18 13:50:21 | 000,147,456 | ---- | M] (Lime Wire, LLC)
rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2008/03/06 06:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor)
pcmservice.exe -> C:\Program Files\Dell\MediaDirect\PCMService.exe -> [2008/01/14 11:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.)
dlcgcoms.exe -> C:\Windows\System32\dlcgcoms.exe -> [2006/11/03 12:28:22 | 000,537,480 | ---- | M] ( )

[Modules - Safe List]
ots.exe -> C:\Users\tim\Desktop\OTS.exe -> [2010/03/27 23:05:32 | 000,637,440 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(GoogleDesktopManager-110309-193829) Google Desktop Manager 5.9.911.3589 [On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2009/12/05 08:24:10 | 000,030,192 | ---- | M] (Google)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)
(McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -> [2009/08/27 13:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee Anti-Spam Service [Auto | Running] -> C:\Program Files\McAfee\MSK\MskSrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -> [2009/01/07 11:53:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) [Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
(hnmsvc) Advanced Networking Service [Auto | Running] -> c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -> [2008/09/30 11:03:14 | 000,820,464 | ---- | M] (Dell Inc.)
(DockLoginService) Dock Login Service [Auto | Running] -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation)
(dlcg_device) dlcg_device [Auto | Running] -> C:\Windows\System32\dlcgcoms.exe -> [2006/11/03 12:28:22 | 000,537,480 | ---- | M] ( )

[Driver Services - Safe List]
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2009/12/20 11:53:32 | 000,234,016 | ---- | M] (Realtek )
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\System32\drivers\mfehidk.sys -> [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfeavfk.sys -> [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfesmfk.sys -> [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfebopk.sys -> [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mferkdk.sys -> [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\System32\drivers\Mpfp.sys -> [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.)
(Packet) Auto Internet Protocol [Kernel | Auto | Running] -> C:\Windows\System32\drivers\packet.sys -> [2008/06/17 13:01:06 | 000,022,016 | ---- | M] (SingleClick Systems)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2008/03/06 06:52:58 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.)
(RtNdPt60) Realtek NDIS Protocol Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\RtNdPt60.sys -> [2008/03/06 06:44:48 | 000,027,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(iaStor) Intel AHCI Controller [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastor.sys -> [2008/03/06 06:31:52 | 000,308,248 | ---- | M] (Intel Corporation)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation)
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\e1e6032.sys -> [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.)
(nvraid) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.)
(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\motmodem.sys -> [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://att.my.yahoo.com/ -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> -> 
< FireFox Extensions [User Folders] > -> 
-> C:\Users\tim\AppData\Roaming\Mozilla\Extensions -> [2009/07/11 21:26:13 | 000,000,000 | ---D | M]
-> C:\Users\tim\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/07/11 21:26:13 | 000,000,000 | ---D | M]
< HOSTS File > ([2006/09/18 16:41:30 | 000,000,736 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2009/07/30 21:44:14 | 000,909,040 | ---- | M] (Yahoo! Inc.)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/07/08 14:48:48 | 000,246,800 | ---- | M] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 05:27:02 | 000,509,328 | ---- | M] (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/01/31 18:16:20 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/01/31 22:25:05 | 000,812,528 | ---- | M] (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/11/09 10:56:48 | 000,098,304 | ---- | M] (Dell Inc.)
{FCBCCB87-9224-4B8D-B117-F56D924BEB18} [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar Helper] -> File not found
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [SingleInstance Class] -> [2009/07/30 21:44:02 | 000,159,472 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{1BB22D38-A411-4B13-A746-C2A4F4EC7344}" [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar] -> File not found
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/01/31 18:16:20 | 000,279,664 | ---- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2009/07/30 21:44:14 | 000,909,040 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{1BB22D38-A411-4B13-A746-C2A4F4EC7344}" [HKLM] -> C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [Fast Browser Search Toolbar] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/01/31 18:16:20 | 000,279,664 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Dell DataSafe Online" -> C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ["C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m] -> [2009/11/13 17:15:00 | 001,807,600 | ---- | M] ()
"dellsupportcenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter] -> [2008/10/04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
"DLCGCATS" -> C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL [rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,[email protected]] -> [2006/10/20 18:50:02 | 000,073,728 | ---- | M] ()
"Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2009/12/05 08:24:10 | 000,030,192 | ---- | M] (Google)
"mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2008/01/14 11:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.)
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2008/03/06 06:52:56 | 004,706,304 | ---- | M] (Realtek Semiconductor)
"YSearchProtection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.)
"Search Protection" -> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/01/07 11:47:54 | 000,039,408 | ---- | M] (Google Inc.)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/01/31 18:17:01 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 05:27:02 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
localhost .[http] -> Local intranet -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
GD [:Range = 127.0.0.1] -> http = Local intranet | -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{A7EA8AD2-287F-11D3-B120-006008C39542} [HKLM] -> https://offers.e-centives.com/cif/download/bin/actxcab.cab [CBSTIEPrint Class] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{D045E73C-D32A-43AF-B596-8BEA6ED32400}\\DhcpNameServer -> 192.168.1.254 (Realtek PCIe GBE Family Controller) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2009/12/05 08:24:11 | 000,123,392 | ---- | M] (Google)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll -> [2009/01/07 11:53:55 | 000,010,536 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2008/02/11 18:46:44 | 000,204,800 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 16:43:36 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 3/20/2010 7:30:42 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/20/2010 8:01:24 PM Computer Name = freddie2 | Source = Application Error | ID = 1000 -> Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18882, time stamp 0x4b3ed243, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x1420, application start time 0x01cac8887649cd00.
Application [ Error ] 3/21/2010 12:30:42 AM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 12:30:42 AM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 1:50:29 AM Computer Name = freddie2 | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 3/21/2010 3:32:38 PM Computer Name = freddie2 | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 3/21/2010 4:30:42 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 4:30:42 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 9:30:39 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Application [ Error ] 3/21/2010 9:30:39 PM Computer Name = freddie2 | Source = MsiInstaller | ID = 11606 -> Description = 
Media Center [ Error ] 4/29/2009 10:08:06 PM Computer Name = freddie2 | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 6/9/2009 12:23:01 PM Computer Name = freddie2 | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
System [ Error ] 3/23/2010 6:35:09 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/24/2010 11:03:30 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/25/2010 5:22:40 AM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/25/2010 8:45:43 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/25/2010 10:03:55 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/26/2010 12:40:39 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/26/2010 1:40:52 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/26/2010 11:46:09 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/27/2010 2:26:42 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 3/27/2010 8:04:42 PM Computer Name = freddie2 | Source = DCOM | ID = 10010 -> Description =

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\tim\Desktop\OTS.exe -> [2010/03/27 23:05:21 | 000,637,440 | ---- | C] (OldTimer Tools)
JRE -> C:\Program Files\JRE -> [2010/03/15 02:05:13 | 000,000,000 | ---D | C]
OpenOffice.org 3.2 (en-US) Installation Files -> C:\Users\tim\Desktop\OpenOffice.org 3.2 (en-US) Installation Files -> [2010/03/15 01:59:14 | 000,000,000 | ---D | C]
OpenOffice.org -> C:\Windows\OpenOffice.org -> [2010/03/15 00:09:27 | 000,000,000 | ---D | C]
$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2010/03/14 23:37:51 | 000,000,000 | -HSD | C]
SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/03/14 23:24:24 | 000,212,480 | ---- | C] (SteelWerX)
nshhttp.dll -> C:\Windows\System32\nshhttp.dll -> [2010/03/10 10:27:07 | 000,024,064 | ---- | C] (Microsoft Corporation)
httpapi.dll -> C:\Windows\System32\httpapi.dll -> [2010/03/10 10:27:06 | 000,030,720 | ---- | C] (Microsoft Corporation)
%APPDATA% -> C:\Users\tim\%APPDATA% -> [2010/03/10 10:06:09 | 000,000,000 | -HSD | C]
NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/03/09 10:37:31 | 000,031,232 | ---- | C] (NirSoft)
SWREG.exe -> C:\Windows\SWREG.exe -> [2010/03/09 10:37:28 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\Windows\SWSC.exe -> [2010/03/09 10:37:28 | 000,136,704 | ---- | C] (SteelWerX)
ERDNT -> C:\Windows\ERDNT -> [2010/03/09 10:37:21 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/03/09 10:36:58 | 000,000,000 | ---D | C]
dlcgpmui.dll -> C:\Windows\System32\dlcgpmui.dll -> [2006/10/11 19:01:40 | 000,643,072 | ---- | C] ( )
dlcgserv.dll -> C:\Windows\System32\dlcgserv.dll -> [2006/10/11 18:59:56 | 001,224,704 | ---- | C] ( )
dlcgcomm.dll -> C:\Windows\System32\dlcgcomm.dll -> [2006/10/11 18:54:10 | 000,421,888 | ---- | C] ( )
dlcglmpm.dll -> C:\Windows\System32\dlcglmpm.dll -> [2006/10/11 18:52:34 | 000,585,728 | ---- | C] ( )
dlcgiesc.dll -> C:\Windows\System32\dlcgiesc.dll -> [2006/10/11 18:51:16 | 000,397,312 | ---- | C] ( )
dlcgpplc.dll -> C:\Windows\System32\dlcgpplc.dll -> [2006/10/11 18:48:58 | 000,094,208 | ---- | C] ( )
dlcgcomc.dll -> C:\Windows\System32\dlcgcomc.dll -> [2006/10/11 18:48:14 | 000,684,032 | ---- | C] ( )
dlcgprox.dll -> C:\Windows\System32\dlcgprox.dll -> [2006/10/11 18:47:42 | 000,163,840 | ---- | C] ( )
dlcginpa.dll -> C:\Windows\System32\dlcginpa.dll -> [2006/10/11 18:41:42 | 000,413,696 | ---- | C] ( )
dlcgusb1.dll -> C:\Windows\System32\dlcgusb1.dll -> [2006/10/11 18:41:04 | 000,991,232 | ---- | C] ( )
dlcghbn3.dll -> C:\Windows\System32\dlcghbn3.dll -> [2006/10/11 18:37:14 | 000,696,320 | ---- | C] ( )
9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp ->

[Files/Folders - Modified Within 30 Days]
ntuser.dat -> C:\Users\tim\ntuser.dat -> [2010/03/27 23:11:42 | 003,145,728 | -HS- | M] ()
OTS.exe -> C:\Users\tim\Desktop\OTS.exe -> [2010/03/27 23:05:32 | 000,637,440 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/03/27 22:30:00 | 000,000,886 | ---- | M] ()
User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job -> C:\Windows\tasks\User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job -> [2010/03/27 22:22:35 | 000,000,414 | -H-- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/03/27 22:21:09 | 000,000,882 | ---- | M] ()
RtlNICDiagVistaStart.job -> C:\Windows\tasks\RtlNICDiagVistaStart.job -> [2010/03/27 22:21:08 | 000,000,276 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/27 21:25:24 | 000,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/27 21:25:24 | 000,003,616 | -H-- | M] ()
Config.MPF -> C:\Windows\System32\Config.MPF -> [2010/03/27 16:26:17 | 000,025,799 | ---- | M] ()
ntuser.dat{5a3e3c2f-1bf7-11df-a765-00219b1be78d}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\tim\ntuser.dat{5a3e3c2f-1bf7-11df-a765-00219b1be78d}.TMContainer00000000000000000001.regtrans-ms -> [2010/03/27 13:53:31 | 000,524,288 | -HS- | M] ()
ntuser.dat{5a3e3c2f-1bf7-11df-a765-00219b1be78d}.TM.blf -> C:\Users\tim\ntuser.dat{5a3e3c2f-1bf7-11df-a765-00219b1be78d}.TM.blf -> [2010/03/27 13:53:31 | 000,065,536 | -HS- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/03/27 13:25:25 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/03/27 13:25:23 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/03/27 13:25:21 | 2136,133,632 | -HS- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/03/23 13:00:56 | 000,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/03/23 13:00:56 | 000,595,446 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/03/23 13:00:56 | 000,101,144 | ---- | M] ()
IconCache.db -> C:\Users\tim\AppData\Local\IconCache.db -> [2010/03/22 12:13:40 | 003,950,315 | -H-- | M] ()
d3d9caps.dat -> C:\Users\tim\AppData\Local\d3d9caps.dat -> [2010/03/16 22:04:35 | 000,005,216 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\tim\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/03/16 22:04:19 | 000,071,760 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/03/15 12:07:40 | 000,295,392 | ---- | M] ()
OpenOffice.org 3.2.lnk -> C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk -> [2010/03/15 02:08:01 | 000,000,961 | ---- | M] ()
McDefragTask.job -> C:\Windows\tasks\McDefragTask.job -> [2010/03/15 00:59:59 | 000,000,356 | ---- | M] ()
OpenOffice.org 3.2.lnk -> C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk -> [2010/03/15 00:09:57 | 000,000,986 | ---- | M] ()
system.ini -> C:\Windows\system.ini -> [2010/03/14 23:35:21 | 000,000,215 | ---- | M] ()
puppy.exe.exe -> C:\Users\tim\Desktop\puppy.exe.exe -> [2010/03/13 00:22:25 | 003,888,448 | R--- | M] ()
9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> 
49 C:\Users\tim\AppData\Local\Temp\*.tmp files -> C:\Users\tim\AppData\Local\Temp\*.tmp -> 
49 C:\Users\tim\AppData\Local\Temp\*.tmp files -> C:\Users\tim\AppData\Local\Temp\*.tmp ->

[Files - No Company Name]
OpenOffice.org 3.2.lnk -> C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk -> [2010/03/15 00:09:57 | 000,000,986 | ---- | C] ()
User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job -> C:\Windows\tasks\User_Feed_Synchronization-{71927147-F417-4F58-A945-1FEBAC686371}.job -> [2010/03/09 11:58:57 | 000,000,414 | -H-- | C] ()
MBR.exe -> C:\Windows\MBR.exe -> [2010/03/09 10:37:31 | 000,077,312 | ---- | C] ()
PEV.exe -> C:\Windows\PEV.exe -> [2010/03/09 10:37:28 | 000,261,632 | ---- | C] ()
sed.exe -> C:\Windows\sed.exe -> [2010/03/09 10:37:28 | 000,098,816 | ---- | C] ()
grep.exe -> C:\Windows\grep.exe -> [2010/03/09 10:37:28 | 000,080,412 | ---- | C] ()
zip.exe -> C:\Windows\zip.exe -> [2010/03/09 10:37:28 | 000,068,096 | ---- | C] ()
puppy.exe.exe -> C:\Users\tim\Desktop\puppy.exe.exe -> [2010/03/09 10:36:06 | 003,888,448 | R--- | C] ()
RtNicProp32.dll -> C:\Windows\System32\RtNicProp32.dll -> [2009/12/03 10:27:28 | 000,080,416 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/06/27 21:38:46 | 000,117,248 | ---- | C] ()
igklg400.dll -> C:\Windows\System32\igklg400.dll -> [2009/01/07 13:28:11 | 001,953,696 | ---- | C] ()
igklg450.dll -> C:\Windows\System32\igklg450.dll -> [2009/01/07 13:28:11 | 001,533,360 | ---- | C] ()
igfxCoIn_v1409.dll -> C:\Windows\System32\igfxCoIn_v1409.dll -> [2009/01/07 13:28:11 | 000,147,456 | ---- | C] ()
igmedcompkrn.dll -> C:\Windows\System32\igmedcompkrn.dll -> [2009/01/07 13:28:11 | 000,104,636 | ---- | C] ()
igfxCoIn_v1437.dll -> C:\Windows\System32\igfxCoIn_v1437.dll -> [2008/02/11 19:55:18 | 000,147,456 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 07:37:35 | 000,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 07:37:35 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 07:37:35 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 07:37:35 | 000,026,040 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 07:35:32 | 000,005,632 | ---- | C] ()
 atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 05:25:44 | 000,159,744 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 000,013,750 | ---- | C] ()
dlcgcoin.dll -> C:\Windows\System32\dlcgcoin.dll -> [2006/10/28 11:31:44 | 000,344,064 | ---- | C] ()
dlcginsr.dll -> C:\Windows\System32\dlcginsr.dll -> [2006/10/20 05:51:32 | 000,106,496 | ---- | C] ()
dlcgcur.dll -> C:\Windows\System32\dlcgcur.dll -> [2006/10/20 05:51:18 | 000,036,864 | ---- | C] ()
dlcgjswr.dll -> C:\Windows\System32\dlcgjswr.dll -> [2006/10/20 05:50:34 | 000,131,072 | ---- | C] ()
dlcginsb.dll -> C:\Windows\System32\dlcginsb.dll -> [2006/10/20 05:45:26 | 000,176,128 | ---- | C] ()
dlcgcub.dll -> C:\Windows\System32\dlcgcub.dll -> [2006/10/20 05:45:16 | 000,086,016 | ---- | C] ()
dlcgcu.dll -> C:\Windows\System32\dlcgcu.dll -> [2006/10/20 05:45:00 | 000,073,728 | ---- | C] ()
dlcgins.dll -> C:\Windows\System32\dlcgins.dll -> [2006/10/20 05:44:54 | 000,159,744 | ---- | C] ()
dlcgutil.dll -> C:\Windows\System32\dlcgutil.dll -> [2006/10/20 05:42:56 | 000,434,176 | ---- | C] ()
dlcgcfg.dll -> C:\Windows\System32\dlcgcfg.dll -> [2006/09/06 06:27:28 | 000,069,632 | ---- | C] ()
dlcgvs.dll -> C:\Windows\System32\dlcgvs.dll -> [2005/08/18 07:26:46 | 000,040,960 | ---- | C] ()
dlcgcnv4.dll -> C:\Windows\System32\dlcgcnv4.dll -> [2005/07/05 11:32:24 | 000,061,440 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
[/code]


----------



## Cookiegal (Aug 27, 2003)

Do you have your operating system installation CD?


----------



## lostim (Feb 24, 2010)

i have a operating system reinstallation dvd sp1.


----------



## Cookiegal (Aug 27, 2003)

I find it difficult to understand that there wouldn't be at least one copy of the cdrom.sys file on your comput. Are you sure you had files unhidden when you did the search? Can you try again?


----------



## lostim (Feb 24, 2010)

i followed step by step everything you asked me to do exactly as you asked it. now i did the search using the search that pops up when i click start and it's at the bottom of the list of things on the computer. i assumed that's the search you meant. i have also gone through and looked at everything my meager mind can think of to see about the cd drive and everything seems to indicate that it should work. the driver is functioning it says but you stick a cd in it and it doesn't register anything in it.


----------



## Cookiegal (Aug 27, 2003)

Let's run chkdsk.

Click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll
down to "Winlogon" and double-click on it to open it up. This is the log
created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## lostim (Feb 24, 2010)

Log Name: Application
Source: Microsoft-Windows-Winlogon
Date: 4/17/2010 11:28:42 AM
Event ID: 6000
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
<EventID Qualifiers="32768">6000</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-04-17T16:28:42.000Z" />
<EventRecordID>34512</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
SessionEnv
<Binary>D9060000</Binary>
</EventData>
</Event>
i'm not sure i did this right, i followed the instructions as best as i understood them but to find a winlogon i had to go to windows logs then application then take the first winlogon on the display since there was a number of them in the file for today. i'm hoping the last one on the list is the one you want since it's the one closest to the finish time of the chkdsk.


----------



## Cookiegal (Aug 27, 2003)

Be sure you've backed up any important documents, photos, music etc. if you haven't already before proceeding.

Also, let's back up the registry as well. Please go to *Start *- *Run *and copy and paste the following and then click OK:

*regedit /e c:\registrybackup.reg*

It won't appear to be doing anything and that's normal. Your mouse pointer may turn to an hour glass for a minute.

When it no longer has the hour glass, check in your C drive to be sure you have a file called* registrybackup.reg *before continuing. If you do not see that file, please let me know before doing anything else.

If you have the registry back up file created then please do the following:

I'm attaching a FixLostim.zip file to this post.

Save it to your desktop.

Unzip it and right-click on the FixLostim.reg file and select "Run As Administrator" and allow it to enter into the registry.

Let me know how that goes please.


----------



## lostim (Feb 24, 2010)

well i opened it, did not see anything like unzip and ran it. typical warnings tag and it ran. never saw a run as administrator choice. so i guess i did it right, although it didn't seem to change anything at all except give me a new icon on my desktop. does it sound like i did it right?


----------



## Cookiegal (Aug 27, 2003)

I think all you did was extract the file. Does the icon look like a bunch of blue square (like a rubic's cube) with squares coming away from it? If so, that's the regfix that you have to double-click on to run it.


----------



## lostim (Feb 24, 2010)

the icon on my desktop looks like a folder with a zipper down the front of it and when i click on it it looks like o little blue cube on a white sheet of paper. when i run it, which i did again a minute ago, it says run, then asks for my permission, then asks if i'm sure i want to do this and finally says it's been added to my registry. i did notice i lost two icons off of my desktop but i don't remember what they were for. hopefully not important. the cd-dvd still doesn't work and adobe comes up as well as a runtime error which says this application has requested the runtime to terminate it in an unusual way. when i click ok it flashes a warning that the adobe has stopped working.


----------



## Cookiegal (Aug 27, 2003)

Now go back to this MS article and try clicking on the Fix It! button again. The regfix should have fixed some entries that will now allow this fix to run properly.

http://support.microsoft.com/?kbid=886549


----------



## lostim (Feb 24, 2010)

the fix ran this time, yea. i checked the adobe and it seems to be working, i'm in the process of seeing if i can update it. when i clicked on the java it reinstalled itself and updated, i'm tickled pink so far, that's a rather humorous sight. the cd/dvd player still isn't working, doesn't know a disk is in it and i have an update for windows, a security update for microsoft works 9(KB967044), that will not update. i get a code 646 windows update encountered an unknown error however all the other windows updates have installed fine. adobe has just told me that the install on the updates was successful, yahoo. at this point in time the things that have starting working have me in such a good mood that i'm not thinking about the two problems that it has still. i am beside myself with gratitude and appreciation for you cookiegal, my computer genius hero. to just say thanks would be an understatement, unfortunately i don't know what else to say except thank you, thank you very much. maybe you could help me with these last two problems, i'd be forever in your debt.


----------



## Cookiegal (Aug 27, 2003)

Kewl. 

Let's tackle the remaining problems one at a time.

Try going to this link and see if you can download that MS update manually.

I assume you have MS Works as this is what the update is for, correct?

http://www.microsoft.com/downloads/...0e-45c6-450f-ae47-c89a06e3f762&displaylang=en

let me know if it installs properly please.


----------



## lostim (Feb 24, 2010)

last night i went to programs and features and went to microsoft works and tried to straighten it up there with the repair function and tonight with the download from microsoft you gave me i got the same request, which was to insert the microsoft work 9 disk into the cd/dvd and follow the instructions it gave. the player won't read the disk, so i guess i need to get the player working first. do you think it could be dirty and just need to be cleaned out maybe?


----------



## Cookiegal (Aug 27, 2003)

No, I believe it's because you're missing the cdrom.sys file as it was infected so it got deleted. But you should have others on the system that we could copy over.

Do you have an i386 folder?


----------



## lostim (Feb 24, 2010)

seems like i have seen that name on a folder but i'm not sure where or when or how i got to it. so could you tell me where i might could find it and i'll go look and see if i can locate it.


----------



## Cookiegal (Aug 27, 2003)

Please click on *Start *- then *My Computer* - then click on your primary hard drive which should be labeled *Local Disk (C *then click on the folder called *ServicePackFiles *and then click on the folder called* i386*.

Once you have that folder open, the files it contains are in alphabetical order. Please scroll down and see if you have *cdrom.sys *listed. If you file extensions aren't showing it may only be labeled *cdrom*.

Let me know if you find it please.


----------



## lostim (Feb 24, 2010)

i find nothing marked service pack files after i opened OS(C). might it be called something else? i looked in everything after i open OS(C) and found nothing in them marked either service pack files or i386. it's things like windows, dell, users, program files, program data and things like that.


----------



## Cookiegal (Aug 27, 2003)

OK then please do a search of *i386* and let me know what comes up.


----------



## lostim (Feb 24, 2010)

i searched it and ran it and got nothing, a big O.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
cdrom.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## lostim (Feb 24, 2010)

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:57 on 30/04/2010 by tim (Administrator - Elevation successful)
========== filefind ==========
Searching for "cdrom.sys"
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys --a--- 67072 bytes [02:23 21/01/2008] [02:23 21/01/2008] 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys --a--- 67072 bytes [02:37 28/06/2009] [04:39 11/04/2009] 6B4BFFB9BECD728097024276430DB314
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys --a--- 67072 bytes [10:25 02/11/2006] [08:51 02/11/2006] 8D1866E61AF096AE8B582454F5E4D303
C:\Windows\System32\drivers\cdrom.sys --a--- 67072 bytes [02:37 28/06/2009] [04:39 11/04/2009] 6B4BFFB9BECD728097024276430DB314
C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys --a--- 67072 bytes [02:23 21/01/2008] [02:23 21/01/2008] 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys --a--- 67072 bytes [02:37 28/06/2009] [04:39 11/04/2009] 6B4BFFB9BECD728097024276430DB314
-=End Of File=-


----------



## Cookiegal (Aug 27, 2003)

Go to the link below and upload the following file(s) for analysis and post the results please:

http://virusscan.jotti.org/

*C:\Windows\System32\drivers\cdrom.sys*


----------



## lostim (Feb 24, 2010)

File size: 67072 bytes Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit MD5: 6b4bffb9becd728097024276430db314 SHA1: 086dc96f6327451767cf4820207ec9d7a627f75c 
*Scanners*








2010-05-01 Found nothing







2010-05-01 Found nothing







2010-05-02 Found nothing







2010-05-02 Found nothing







2010-05-01 Found nothing







2010-05-01 Found nothing







2010-05-01 Found nothing







2010-05-02 Found nothing







2010-04-30 Found nothing







2010-05-01 Found nothing







2010-05-02 Found nothing







2010-05-01 Found nothing







2010-05-01 Found nothing







2010-04-29 Found nothing







2010-05-02 Found nothing







2010-05-01 Found nothing







2010-05-02 Found nothing







2010-04-29 Found nothing







2010-05-01 Found nothing







2010-05-01 Found nothing
this was all that it showed that it would let me copy and paste, is this what you wanted?


----------



## Cookiegal (Aug 27, 2003)

Yes, that's fine.

Go to *Start *- *Run *and copy and paste the following:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## lostim (Feb 24, 2010)

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:00000001
"AutoRunAlwaysDisable"=hex(7):54,00,4f,00,52,00,69,00,53,00,41,00,4e,00,20,00,\
43,00,44,00,2d,00,52,00,4f,00,4d,00,20,00,43,00,44,00,52,00,5f,00,43,00,33,\
00,36,00,00,00,4e,00,45,00,43,00,20,00,20,00,20,00,20,00,20,00,4d,00,42,00,\
52,00,2d,00,37,00,20,00,20,00,20,00,00,00,4e,00,45,00,43,00,20,00,20,00,20,\
00,20,00,20,00,4d,00,42,00,52,00,2d,00,37,00,2e,00,34,00,20,00,00,00,50,00,\
49,00,4f,00,4e,00,45,00,45,00,52,00,20,00,43,00,48,00,41,00,4e,00,47,00,52,\
00,20,00,44,00,52,00,4d,00,2d,00,31,00,38,00,30,00,34,00,58,00,00,00,50,00,\
49,00,4f,00,4e,00,45,00,45,00,52,00,20,00,43,00,44,00,2d,00,52,00,4f,00,4d,\
00,20,00,44,00,52,00,4d,00,2d,00,36,00,33,00,32,00,34,00,58,00,00,00,50,00,\
49,00,4f,00,4e,00,45,00,45,00,52,00,20,00,43,00,44,00,2d,00,52,00,4f,00,4d,\
00,20,00,44,00,52,00,4d,00,2d,00,36,00,32,00,34,00,58,00,20,00,00,00,54,00,\
4f,00,52,00,69,00,53,00,41,00,4e,00,20,00,43,00,44,00,2d,00,52,00,4f,00,4d,\
00,20,00,43,00,44,00,52,00,5f,00,43,00,33,00,36,00,00,00,00,00
"DisplayName"="CD-ROM Driver"
"Group"="SCSI CDROM Class"
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,63,00,64,00,72,00,6f,00,6d,00,2e,\
00,73,00,79,00,73,00,00,00
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
"Tag"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0"="IDE\\CdRomTSSTcorp_DVD+-RW_TS-H653F_______________D200____\\5&d30d67&0&1.0.0"
"Count"=dword:00000001
"NextInstance"=dword:00000001


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- Right-click on *My Computer* and select *Properties *then click on the *Hardware Tab* and click on *Device Manager*.

Expand *DVD/CD-ROM Drives* by clicking on the + to the left of it.

Double-click the item listed below and click on the *Driver tab* then click on *Uninstall*. This will uninstall the CD-ROM driver.

Reboot the machine and Windows will detect the CD-ROM drive and re-install the drivers.

After that please try the CD drive and let me know if it works.


----------



## lostim (Feb 24, 2010)

nothing changed, still doesn't recognize a cd.


----------



## Cookiegal (Aug 27, 2003)

When you're in the Device Manager, do you see any yellow exclamation marks beside the DVD-CD-ROM drive?

Are you sure it's not just because autoplay is disabled? If you click on the CD will it run?


----------



## lostim (Feb 24, 2010)

no exclamation marks by anything with a cd or dvd or rom by or in the name. when i put a cd in the player it says no disc in E and insert an audio cd into the cd drive.


----------



## Cookiegal (Aug 27, 2003)

Please try the CD drive again and then go into the Event Viewer and post any new errors that have occurred in the last 24 hours.


----------



## lostim (Feb 24, 2010)

Log Name: Application
Source: Microsoft-Windows-EventSystem
Date: 5/3/2010 4:50:18 PM
Event ID: 4621
Task Category: Event System
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The COM+ Event System could not remove the EventSystem.EventSubscription object {8B5ACC75-70BB-4D57-B3E9-061E3433DB95}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
<EventID Qualifiers="49152">4621</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-03T21:50:18.000Z" />
<EventRecordID>36568</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
80070005
EventSystem.EventSubscription
{8B5ACC75-70BB-4D57-B3E9-061E3433DB95}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 5/3/2010 7:30:50 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-04T00:30:50.000Z" />
<EventRecordID>36575</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B30384330373239452D334535302D313144462D394438312D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 5/3/2010 7:30:50 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-04T00:30:50.000Z" />
<EventRecordID>36576</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B30384330373239452D334535302D313144462D394438312D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 5/4/2010 1:16:47 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-04T18:16:47.000Z" />
<EventRecordID>36610</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 5/4/2010 1:30:46 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-04T18:30:46.000Z" />
<EventRecordID>36618</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B30384330373239452D334535302D313144462D394438312D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 5/4/2010 1:30:46 PM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-04T18:30:46.000Z" />
<EventRecordID>36619</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B30384330373239452D334535302D313144462D394438312D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: Application Error
Date: 5/4/2010 5:00:01 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Faulting application IEXPLORE.EXE, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000001, process id 0x1108, application start time 0x01caebd000c09053.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-04T22:00:01.000Z" />
<EventRecordID>36675</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
IEXPLORE.EXE
8.0.6001.18904
4b835fec
unknown
0.0.0.0
00000000
c0000005
00000001
1108
01caebd000c09053
</EventData>
</Event>
these were from the windows application event viewer.


----------



## Cookiegal (Aug 27, 2003)

Let's run chkdsk and see what it finds. Follow the instructions for doing that at the following link please:

http://www.windows-help-central.com/windows-vista-chkdsk.html

After rebooting you will find the log in the Event Viewer - Applications - Wininit entry. Please post that the same way you did the errors earlier.


----------



## lostim (Feb 24, 2010)

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 5/6/2010 5:10:01 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: freddie2
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.
A disk check has been scheduled.
Windows will now check the disk. 
223872 file records processed. 
597 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
80 reparse records processed. 
277934 index entries processed. 
0 unindexed files processed. 
223872 security descriptors processed. 
Cleaning up 88 unused index entries from index $SII of file 0x9.
Cleaning up 88 unused index entries from index $SDH of file 0x9.
Cleaning up 88 unused security descriptors.
27032 data files processed. 
CHKDSK is verifying Usn Journal...
36033672 USN bytes processed. 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
223856 files processed. 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
53613082 free clusters processed. 
Free space verification is complete.
Windows has checked the file system and found no problems.
297169239 KB total disk space.
82264756 KB in 188204 files.
110804 KB in 27033 indexes.
0 KB in bad sectors.
341351 KB in use by the system.
65536 KB occupied by the log file.
214452328 KB available on disk.
4096 bytes in each allocation unit.
74292309 total allocation units on disk.
53613082 allocation units available on disk.
Internal Info:
80 6a 03 00 d0 48 03 00 eb e0 05 00 00 00 00 00 .j...H..........
50 1b 00 00 50 00 00 00 00 00 00 00 00 00 00 00 P...P...........
42 00 00 00 12 75 4f 77 68 83 0f 00 68 7b 0f 00 B....uOwh...h{..
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-06T10:10:01.000Z" />
<EventRecordID>36831</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.
A disk check has been scheduled.
Windows will now check the disk. 
223872 file records processed. 
597 large file records processed. 
0 bad file records processed. 
0 EA records processed. 
80 reparse records processed. 
277934 index entries processed. 
0 unindexed files processed. 
223872 security descriptors processed. 
Cleaning up 88 unused index entries from index $SII of file 0x9.
Cleaning up 88 unused index entries from index $SDH of file 0x9.
Cleaning up 88 unused security descriptors.
27032 data files processed. 
CHKDSK is verifying Usn Journal...
36033672 USN bytes processed. 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
223856 files processed. 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
53613082 free clusters processed. 
Free space verification is complete.
Windows has checked the file system and found no problems.
297169239 KB total disk space.
82264756 KB in 188204 files.
110804 KB in 27033 indexes.
0 KB in bad sectors.
341351 KB in use by the system.
65536 KB occupied by the log file.
214452328 KB available on disk.
4096 bytes in each allocation unit.
74292309 total allocation units on disk.
53613082 allocation units available on disk.
Internal Info:
80 6a 03 00 d0 48 03 00 eb e0 05 00 00 00 00 00 .j...H..........
50 1b 00 00 50 00 00 00 00 00 00 00 00 00 00 00 P...P...........
42 00 00 00 12 75 4f 77 68 83 0f 00 68 7b 0f 00 B....uOwh...h{..
Windows has finished checking your disk.
Please wait while your computer restarts.

</EventData>
</Event>


----------



## Cookiegal (Aug 27, 2003)

I take it that didn't fix the CD-ROM drive problem.

What is the brand of the CD-ROM drive? You can find that information in the Device Manager.


----------



## lostim (Feb 24, 2010)

TSST corp DVD+-RW TS-H653F ATA Device is the dvd/cd rom drives and 
WDC WD3200AAKS-75L9A0 ATA Device is the disk drive. it's a dell inspiron 518 system.


----------



## Cookiegal (Aug 27, 2003)

Do you have the tag number on that Dell computer? You could go to the Dell website and enter the tag number and download the CD-ROM driver from there.


----------



## lostim (Feb 24, 2010)

i did that and stuck a new disk in to see if it reconized it and it did, then i tried to download some music on it and it wouldn't and now it's back to not even reconizing a disk is in it.


----------



## Cookiegal (Aug 27, 2003)

OK, please post any errors that have been logged around the time you did that from both Application and System.


----------



## lostim (Feb 24, 2010)

Log Name: Application
Source: Application Hang
Date: 5/8/2010 9:16:39 PM
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The program IEXPLORE.EXE version 8.0.6001.18904 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 10bc Start Time: 01caef18aefaa499 Termination Time: 18
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-09T02:16:39.000Z" />
<EventRecordID>37146</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
IEXPLORE.EXE
8.0.6001.18904
10bc
01caef18aefaa499
18
<Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
</EventData>
</Event>
Log Name: Application
Source: Application Hang
Date: 5/8/2010 8:55:37 PM
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The program wmplayer.exe version 11.0.6002.18111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1694 Start Time: 01caef1a8e29e859 Termination Time: 8157
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-09T01:55:37.000Z" />
<EventRecordID>37144</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
wmplayer.exe
11.0.6002.18111
1694
01caef1a8e29e859
8157
<Binary>55006E006B006E006F0077006E0000000000</Binary>
</EventData>
</Event>
( i had 34 of these in that time frame, all alike except for the time stamp.)
Log Name: System
Source: cdrom
Date: 5/8/2010 10:04:39 PM
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The device, \Device\CdRom0, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="cdrom" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-09T03:04:39.673Z" />
<EventRecordID>172817</EventRecordID>
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
\Device\CdRom0
<Binary>0E0068000100000000000000070004C0000100009C0000C0000000003E400200000000000000000024D9300000000000FFFFFFFF00000000400000C40201000000000C12480000000000000004010000D8CDD60408DD568500000000083077870000000000000000BE0400000087000001F0000000000000700003000000000A00000000110500000000000000000000</Binary>
</EventData>
</Event>


----------



## Cookiegal (Aug 27, 2003)

Did you only try one CD? Can you try another one as there could be a problem with the CD.


----------



## lostim (Feb 24, 2010)

well the first cd was a blank one that i was going to try and download some music on since it reconized the disk but the two disks after that it didn't even know they were in there.


----------



## Cookiegal (Aug 27, 2003)

Try installing the driver again, since it did work after you did that, and then try PLAYING a CD (not burning) and see if it gets recognized please.


----------



## lostim (Feb 24, 2010)

did not reconize it at all, as a matter of fact i had to bring the media player up 5 or 6 times just to get it to come up all the way. it would either say not responding or just stay blank.


----------



## Cookiegal (Aug 27, 2003)

I think we're talking about two different things here. If you click on My Computer, do you see a drive letter there for your CD-ROM optical drive, which would probably be the E drive? 

Is the problem with Media Player rather than with the optical drive? 

What version of Media Player do you have?


----------



## lostim (Feb 24, 2010)

yes it says DVD RW Drive (E, that's the only place i have to insert a disk and see what's on it is the media player, as far as i know. come to think of it one time my daughter put a game disk in it and it popped up in a different place and made an icon on the desktop. that's the only way i know to see if the disk drive is working was to put a cd into it and see if it popped up on the media player. i'm not sure how to tell what version i have, i got the computer in january 2009.


----------



## Cookiegal (Aug 27, 2003)

OK, let's try this.

I'm attaching a FixLostim2.zip file to this post. Save it to your desktop. Unzip it and double-click on the FixLostim2.reg file and allow it to merge into the registry.

Then reboot the machine and let me know if you can play a CD.


----------



## lostim (Feb 24, 2010)

nothings changes, could it be maybe the eye is dirty or something and that's why it can't tell a disk is in it?


----------



## Cookiegal (Aug 27, 2003)

It's possible. When did you first notice it wasn't working?

Please check the Event Viewer again and post any new errors under Application and System from the last two days.


----------



## lostim (Feb 24, 2010)

shortly before you started helping me straighten all this mess out.
Log Name: Application
Source: Application Error
Date: 5/15/2010 1:09:27 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Faulting application IEXPLORE.EXE, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x7301fe83, process id 0xca0, application start time 0x01caf458fc84a55e.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-15T18:09:27.000Z" />
<EventRecordID>37647</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
IEXPLORE.EXE
8.0.6001.18904
4b835fec
unknown
0.0.0.0
00000000
c0000005
7301fe83
ca0
01caf458fc84a55e
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 5/15/2010 11:01:15 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-15T16:01:15.000Z" />
<EventRecordID>37636</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-EventSystem
Date: 5/14/2010 11:18:42 PM
Event ID: 4621
Task Category: Event System
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The COM+ Event System could not remove the EventSystem.EventSubscription object {AD7A0B36-7BD2-44B9-B37E-E22EC7250EE6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
<EventID Qualifiers="49152">4621</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-15T04:18:42.000Z" />
<EventRecordID>37611</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
80070005
EventSystem.EventSubscription
{AD7A0B36-7BD2-44B9-B37E-E22EC7250EE6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
</EventData>
</Event>
2 of these Log Name: Application
Source: Application Error
Date: 5/14/2010 5:16:01 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module yt.dll, version 2010.3.23.1, time stamp 0x4ba87104, exception code 0xc0000005, fault offset 0x00077261, process id 0xf38, application start time 0x01caf3b17b9c6340.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-14T22:16:01.000Z" />
<EventRecordID>37608</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
iexplore.exe
8.0.6001.18904
4b835fec
yt.dll
2010.3.23.1
4ba87104
c0000005
00077261
f38
01caf3b17b9c6340
</EventData>
</Event>
Log Name: Application
Source: MsiInstaller
Date: 5/14/2010 7:34:55 AM
Event ID: 11606
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: freddie2
Description:
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MsiInstaller" />
<EventID Qualifiers="0">11606</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-14T12:34:55.000Z" />
<EventRecordID>37591</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
Product: Google Earth -- Error 1606.Could not access network location %APPDATA%\.
(NULL)
(NULL)
(NULL)
(NULL)

<Binary>7B46374230393339452D353844462D313144462D423341362D3030353035363830363436367D</Binary>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 5/14/2010 7:23:57 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-14T12:23:57.000Z" />
<EventRecordID>37585</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>
3 of thLog Name: Application
Source: Application Error
Date: 5/13/2010 10:35:03 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Faulting application IEXPLORE.EXE, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module mshtml.dll, version 8.0.6001.18904, time stamp 0x4b837769, exception code 0xc0000005, fault offset 0x00331b8a, process id 0x1628, application start time 0x01caf308c347ce89.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-14T03:35:03.000Z" />
<EventRecordID>37549</EventRecordID>
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
IEXPLORE.EXE
8.0.6001.18904
4b835fec
mshtml.dll
8.0.6001.18904
4b837769
c0000005
00331b8a
1628
01caf308c347ce89
</EventData>
</Event>ese.

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 5/13/2010 8:54:42 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-14T01:54:42.000Z" />
<EventRecordID>37545</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
//./root/CIMV2
SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99
0x80041003
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-EventSystem
Date: 5/13/2010 8:51:22 PM
Event ID: 4621
Task Category: Event System
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The COM+ Event System could not remove the EventSystem.EventSubscription object {6A0832D4-3003-4FDD-AF45-47712C0BE50F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
<EventID Qualifiers="49152">4621</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-14T01:51:22.000Z" />
<EventRecordID>37518</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
80070005
EventSystem.EventSubscription
{6A0832D4-3003-4FDD-AF45-47712C0BE50F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
</EventData>
</Event>
5 of these. Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 5/13/2010 11:26:48 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: freddie2
Description:
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-14T04:26:48.000Z" />
<EventRecordID>174197</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>freddie2</Computer>
<Security />
</System>
<EventData>
{C2BFE331-6739-4270-86C9-493D9A04CD38}
</EventData>
</Event>


----------



## Cookiegal (Aug 27, 2003)

There seem to be some problems with your installation. I would recommend doing a repair installation.


----------



## lostim (Feb 24, 2010)

how do i do a repair installation?


----------



## Cookiegal (Aug 27, 2003)

I would recommend posting for assistance with that in the Vista forum.


----------

