# Looks Like 2 Wacky Trojans Need Help!!!!!!



## kena0903 (Jan 24, 2008)

Just started having problems I scanned with avg and nothing was detected then about 5 min later popups come out of nowhere and then avg detects the following Trojan horse SHeur2.CMOJ and Trojan horse Hiloti.V your help is greatly appreciated.
Here is my hijackthis log:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:24 PM, on 2/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgui.exe
C:\DOCUME~1\William\LOCALS~1\Temp\rasesnet.tmp
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\net.net
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD X Ghost\DVDXGhost.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Policies\Explorer\Run: [QEnekv3m20] C:\WINDOWS\nijgtcnu.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .jav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE}: NameServer = 68.87.74.166,68.87.68.166
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9576 bytes


----------



## Cookiegal (Aug 27, 2003)

I received your e-mail. I see this is the third time you've been infected and both previous times you never followed through with the clean up to the end so tell me why I should think this time would be any different. Abandoning a clean up is a total waste of the helpers time. I will help you but if you fail to see this through to the end there will be no more assistance provided by this site.

What are you using this computer for that keeps getting you infected? Are you keeping up to date on MS critical updates and patches?

What are the names of the files detected?

I see some outdated programs you are running that leave you more vulnerable as well.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## kena0903 (Jan 24, 2008)

I am sorry and will ensure I continue the process to the end. Here is the uninstall list:

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.2
Advertisement Service
AOLIcon
AVG Free 8.5
Azureus
Banctec Service Agreement
Bodog Poker Version 2.16.3.49
CCScore
Comcast High-Speed Internet Install Wizard
ComcastSUPPORT
CopySafe Plugin
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 3.1
DVD Shrink 3.2
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
G15A922EN
GrabIt 1.7.1 Beta (build 960)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
InFlac 1.1.1
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iSkysoft Video Converter(Build 2.2.1.0)
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Online Scanner
kgcbase
Kodak EasyShare software
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
Napster
Need2Find Bar
Nero Suite
netbrdg
OfotoXMI
Photo Click
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickPar 0.9
QuickTime
QuickTime Alternative 1.67
RealPlayer
Roxio Burn Engine
Roxio Easy Media Creator 7
Seagate Manager Installer
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SHASTA
Shockwave
Sierra Print Artist
Sierra Utilities
skin0001
SKINXSDK
Sonic Update Manager
SPBBC
staticcr
SUPERAntiSpyware Free Edition
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
USB Storage Adapter FX (SM1)
VideoLAN VLC media player 0.8.6c
VPRINTOL
Vuze
WebCyberCoach 3.2 Dell
WebEx Support Manager for Internet Explorer
WinAVI VideoConverter
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
WinRAR archiver
WIRELESS
ZoneAlarm


----------



## Cookiegal (Aug 27, 2003)

Cookiegal said:


> What are the names of the files detected?


Please answer this question.

Also, your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 18 *.
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 17 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Thease are the older versions of Java that you need to uninstall via the Control Panel - Add or Remove programs:

Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Also, uninstall this:

Need2Find Bar


----------



## kena0903 (Jan 24, 2008)

One of the files showed up after an avg scan was trojan horse SHeur2.CMOJ and Hiloti.v and worm.Win32.netsky


----------



## Cookiegal (Aug 27, 2003)

I need to know the file names and the entire path to their location please.


----------



## kena0903 (Jan 24, 2008)

I could not remove the older versions of java because I can only boot up in safe mode. How do I retrieve the full path?


----------



## Cookiegal (Aug 27, 2003)

Check your AVG log or look in the quarantine to see what it says there.

You can remove the older versions of Java when we're finished the cleanup.


----------



## kena0903 (Jan 24, 2008)

I tried to llook in the virus vault but for some reason it wont allow me to open that or avg in the safe mode.


----------



## Cookiegal (Aug 27, 2003)

Don't worry about it. You are obviously infected so let's continue.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.

*Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.*


----------



## kena0903 (Jan 24, 2008)

Here is the conbofix log and new hijackthis log

ComboFix 10-02-27.04 - Administrator 02/28/2010 17:20:39.5.2 - x86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\14.tmp
C:\40F.tmp
c:\documents and settings\Administrator\Desktop\Security essentials 2010.lnk
c:\documents and settings\Administrator\Start Menu\Security essentials 2010.lnk
c:\program files\Bat
c:\program files\Bat\Bat.dll.intermediate.manifest
c:\program files\Bat\Bat.original
c:\program files\Bat\un_BatSetup_15041.exe
c:\program files\Bat\un_BatSetup_15041.txt
c:\program files\Bat\X_Bat.log
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\00356CF0
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\Securityessentials2010
c:\program files\Securityessentials2010\SE2010.exe
c:\windows\123messenger.per
c:\windows\FLEOK
c:\windows\licencia.txt
c:\windows\run.log
c:\windows\smdat32m.sys
c:\windows\system32\_003510_.tmp.dll
c:\windows\system32\_003511_.tmp.dll
c:\windows\system32\_003512_.tmp.dll
c:\windows\system32\_003513_.tmp.dll
c:\windows\system32\_003518_.tmp.dll
c:\windows\system32\_003519_.tmp.dll
c:\windows\system32\_003520_.tmp.dll
c:\windows\system32\_003521_.tmp.dll
c:\windows\system32\_003522_.tmp.dll
c:\windows\system32\_003523_.tmp.dll
c:\windows\system32\_003524_.tmp.dll
c:\windows\system32\_003525_.tmp.dll
c:\windows\system32\_003526_.tmp.dll
c:\windows\system32\_003527_.tmp.dll
c:\windows\system32\_003528_.tmp.dll
c:\windows\system32\_003529_.tmp.dll
c:\windows\system32\_003530_.tmp.dll
c:\windows\system32\_003531_.tmp.dll
c:\windows\system32\_003532_.tmp.dll
c:\windows\system32\_003533_.tmp.dll
c:\windows\system32\_003534_.tmp.dll
c:\windows\system32\_003535_.tmp.dll
c:\windows\system32\_003536_.tmp.dll
c:\windows\system32\_003537_.tmp.dll
c:\windows\system32\_003539_.tmp.dll
c:\windows\system32\_003540_.tmp.dll
c:\windows\system32\_003542_.tmp.dll
c:\windows\system32\_003543_.tmp.dll
c:\windows\system32\_003544_.tmp.dll
c:\windows\system32\_003545_.tmp.dll
c:\windows\system32\_003546_.tmp.dll
c:\windows\system32\_003547_.tmp.dll
c:\windows\system32\_003549_.tmp.dll
c:\windows\system32\_003550_.tmp.dll
c:\windows\system32\_003551_.tmp.dll
c:\windows\system32\_003552_.tmp.dll
c:\windows\system32\_003553_.tmp.dll
c:\windows\system32\_003554_.tmp.dll
c:\windows\system32\_003555_.tmp.dll
c:\windows\system32\_003556_.tmp.dll
c:\windows\system32\_003559_.tmp.dll
c:\windows\system32\_003560_.tmp.dll
c:\windows\system32\_003561_.tmp.dll
c:\windows\system32\_003562_.tmp.dll
c:\windows\system32\_003563_.tmp.dll
c:\windows\system32\_003564_.tmp.dll
c:\windows\system32\_003565_.tmp.dll
c:\windows\system32\_003567_.tmp.dll
c:\windows\system32\_003568_.tmp.dll
c:\windows\system32\_003569_.tmp.dll
c:\windows\system32\_003570_.tmp.dll
c:\windows\system32\_003571_.tmp.dll
c:\windows\system32\_003572_.tmp.dll
c:\windows\system32\_003573_.tmp.dll
c:\windows\system32\_003574_.tmp.dll
c:\windows\system32\_003575_.tmp.dll
c:\windows\system32\_003576_.tmp.dll
c:\windows\system32\_003577_.tmp.dll
c:\windows\system32\_003578_.tmp.dll
c:\windows\system32\_003579_.tmp.dll
c:\windows\system32\_003581_.tmp.dll
c:\windows\system32\_003582_.tmp.dll
c:\windows\system32\_003583_.tmp.dll
c:\windows\system32\_003584_.tmp.dll
c:\windows\system32\_003585_.tmp.dll
c:\windows\system32\_003588_.tmp.dll
c:\windows\system32\_003589_.tmp.dll
c:\windows\system32\_003590_.tmp.dll
c:\windows\system32\_003591_.tmp.dll
c:\windows\system32\_003592_.tmp.dll
c:\windows\system32\_003593_.tmp.dll
c:\windows\system32\_003594_.tmp.dll
c:\windows\system32\_003596_.tmp.dll
c:\windows\system32\_003597_.tmp.dll
c:\windows\system32\_003598_.tmp.dll
c:\windows\system32\_003599_.tmp.dll
c:\windows\system32\_003600_.tmp.dll
c:\windows\system32\_003601_.tmp.dll
c:\windows\system32\_003602_.tmp.dll
c:\windows\system32\_003603_.tmp.dll
c:\windows\system32\_003605_.tmp.dll
c:\windows\system32\_003606_.tmp.dll
c:\windows\system32\_003607_.tmp.dll
c:\windows\system32\_003610_.tmp.dll
c:\windows\system32\_003611_.tmp.dll
c:\windows\system32\_003615_.tmp.dll
c:\windows\system32\_003616_.tmp.dll
c:\windows\system32\_003618_.tmp.dll
c:\windows\system32\_003621_.tmp.dll
c:\windows\system32\_003623_.tmp.dll
c:\windows\system32\_003624_.tmp.dll
c:\windows\system32\_003625_.tmp.dll
c:\windows\system32\_003626_.tmp.dll
c:\windows\system32\_003629_.tmp.dll
c:\windows\system32\_003630_.tmp.dll
c:\windows\system32\_003631_.tmp.dll
c:\windows\system32\_003632_.tmp.dll
c:\windows\system32\_003633_.tmp.dll
c:\windows\system32\_003638_.tmp.dll
c:\windows\system32\_003640_.tmp.dll
c:\windows\system32\1012.exe
c:\windows\system32\14275.exe
c:\windows\system32\17183.exe
c:\windows\system32\17484.exe
c:\windows\system32\19990.exe
c:\windows\system32\20157.exe
c:\windows\system32\21542.exe
c:\windows\system32\22726.exe
c:\windows\system32\23224.exe
c:\windows\system32\24382.exe
c:\windows\system32\26269.exe
c:\windows\system32\28385.exe
c:\windows\system32\3546.exe
c:\windows\system32\41.exe
c:\windows\system32\ATHPRXY(2).DLL
c:\windows\system32\dumphive.exe
c:\windows\system32\helpers32.dll
c:\windows\system32\Process.exe
c:\windows\system32\smss32.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\SYSTEM32\tstwa.tmp2
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winlogon32.exe
c:\windows\system32\WS2Fix.exe
c:\windows\telefonos.txt
c:\windows\textos.txt
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-27 23:53 . 2010-02-27 23:53	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-02-20 17:17 . 2010-02-20 17:17	--------	d-s---w-	c:\documents and settings\Administrator\UserData
2010-02-20 02:32 . 2010-02-20 02:32	--------	d-s---w-	c:\documents and settings\NetworkService\UserData
2010-02-15 22:53 . 2010-02-15 22:53	--------	d-----w-	c:\program files\Seagate
2010-02-15 22:53 . 2010-02-15 22:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Seagate
2010-02-15 22:50 . 2010-02-15 22:50	--------	d-----w-	c:\documents and settings\William\Local Settings\Application Data\Downloaded Installations
2010-02-15 22:50 . 2010-02-15 22:50	--------	d-sh--w-	c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 12:53 . 2010-02-22 21:49	22016	----a-w-	c:\windows\Internet Logs\xDBF.tmp
2010-02-20 11:25 . 2010-02-20 12:19	9216	----a-w-	c:\windows\Internet Logs\xDBE.tmp
2010-02-20 11:22 . 2010-02-20 11:25	4559360	----a-w-	c:\windows\Internet Logs\xDBD.tmp
2010-02-20 06:21 . 2008-10-01 00:29	13141664	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-02-20 06:21 . 2008-10-01 00:29	1132621856	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-02-20 01:48 . 2010-02-20 01:48	52224	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-20 01:48 . 2009-03-12 21:39	117760	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-15 22:53 . 2005-08-05 16:05	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-02-13 23:29 . 2005-08-13 21:34	--------	d-----w-	c:\program files\Dl_cats
2010-02-12 21:50 . 2006-10-20 00:39	--------	d-----w-	c:\documents and settings\William\Application Data\Azureus
2010-02-10 08:15 . 2009-04-20 00:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-23 17:24 . 2006-10-20 00:39	--------	d-----w-	c:\program files\Azureus
2010-01-23 10:50 . 2010-01-23 10:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Azureus
2010-01-19 08:21 . 2005-08-11 02:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-09 00:02 . 2005-08-11 02:19	7998	----a-w-	c:\documents and settings\William\Application Data\wklnhst.dat
2009-12-31 16:14 . 2008-10-20 20:33	352640	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2004-08-04 10:00	662016	----a-w-	c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 10:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2004-08-04 10:00	343040	----a-w-	c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2008-10-20 20:33	33280	----a-w-	c:\windows\system32\csrsrv.dll
2009-12-08 18:53 . 2008-10-20 20:33	2136064	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2008-10-20 20:33	2015744	----a-w-	c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2008-10-20 20:33	453760	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2003-08-27 18:19 . 2005-08-11 03:28	36963	-c--a-r-	c:\program files\Common Files\SM1updtr.dll
2005-05-13 21:12 . 2005-05-13 21:12	217073	--sha-r-	c:\windows\meta4.exe
2005-10-24 15:13 . 2005-10-24 15:13	66560	--sha-r-	c:\windows\MOTA113.exe
2008-06-05 00:58 . 2008-06-05 00:58	0	--sh--w-	c:\windows\S2694E61D.tmp
2005-10-14 01:27 . 2005-10-14 01:27	422400	--sha-r-	c:\windows\x2.64.exe
2005-10-07 23:14 . 2005-10-07 23:14	308224	--sha-r-	c:\windows\SYSTEM32\avisynth.dll
2005-07-14 16:31 . 2005-07-14 16:31	27648	--sha-r-	c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 19:32 . 2005-06-26 19:32	616448	--sha-r-	c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 02:37 . 2005-06-22 02:37	45568	--sha-r-	c:\windows\SYSTEM32\cygz.dll
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\i420vfw.dll
2006-04-27 14:24 . 2006-04-27 14:24	2945024	--sha-r-	c:\windows\SYSTEM32\Smab.dll
2005-02-28 17:16 . 2005-02-28 17:16	240128	--sha-r-	c:\windows\SYSTEM32\x.264.exe
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-09 1695744]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-11 10:13	356352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 11:23	11952	----a-w-	c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-19 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-19 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-17 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2008-10-07 192512]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-25 108552]

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mWindow Title = Microsoft Internet Explorer presented by Comcast
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
TCP: {F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE} = 68.87.74.166,68.87.68.166
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-smss32.exe - c:\windows\system32\smss32.exe
HKCU-Run-Security essentials 2010 - c:\program files\Securityessentials2010\SE2010.exe
HKCU-RunOnce-NeroHomeFirstStart - c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Explorer_Run-QEnekv3m20 - c:\windows\nijgtcnu.exe
SafeBoot-AVG Anti-Spyware Guard
AddRemove-InFlac - c:\program files\Winamp\InFlac-Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 17:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-02-28 17:43:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-28 22:43
ComboFix2.txt 2008-01-30 22:01
ComboFix3.txt 2008-01-29 22:00
ComboFix4.txt 2008-01-29 23:29
ComboFix5.txt 2010-02-28 22:19

Pre-Run: 92,090,978,304 bytes free
Post-Run: 92,799,848,448 bytes free

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 30AF709321CA8C0854D901A72307E879

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:40 PM, on 2/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\restore\rstrui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .jav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE}: NameServer = 68.87.74.166,68.87.68.166
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7849 bytes


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
c:\windows\S2694E61D.tmp

DDS::
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## kena0903 (Jan 24, 2008)

Here is the combofix txt. and new hijack this

ComboFix 10-02-27.04 - Administrator 03/02/2010 4:07.6.2 - x86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

FILE ::
"c:\windows\S2694E61D.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\S2694E61D.tmp

.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-02-27 23:53 . 2010-02-27 23:53	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-02-20 17:17 . 2010-02-20 17:17	--------	d-s---w-	c:\documents and settings\Administrator\UserData
2010-02-20 02:32 . 2010-02-20 02:32	--------	d-s---w-	c:\documents and settings\NetworkService\UserData
2010-02-20 01:48 . 2010-02-20 01:48	52224	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-15 22:53 . 2010-02-15 22:53	--------	d-----w-	c:\program files\Seagate
2010-02-15 22:53 . 2010-02-15 22:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Seagate
2010-02-15 22:50 . 2010-02-15 22:50	--------	d-----w-	c:\documents and settings\William\Local Settings\Application Data\Downloaded Installations
2010-02-15 22:50 . 2010-02-15 22:50	--------	d-sh--w-	c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 12:53 . 2010-02-22 21:49	22016	----a-w-	c:\windows\Internet Logs\xDBF.tmp
2010-02-20 11:25 . 2010-02-20 12:19	9216	----a-w-	c:\windows\Internet Logs\xDBE.tmp
2010-02-20 11:22 . 2010-02-20 11:25	4559360	----a-w-	c:\windows\Internet Logs\xDBD.tmp
2010-02-20 06:21 . 2008-10-01 00:29	13141664	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-02-20 06:21 . 2008-10-01 00:29	1132621856	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-02-20 01:48 . 2009-03-12 21:39	117760	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-15 22:53 . 2005-08-05 16:05	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-02-13 23:29 . 2005-08-13 21:34	--------	d-----w-	c:\program files\Dl_cats
2010-02-12 21:50 . 2006-10-20 00:39	--------	d-----w-	c:\documents and settings\William\Application Data\Azureus
2010-02-10 08:15 . 2009-04-20 00:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-23 17:24 . 2006-10-20 00:39	--------	d-----w-	c:\program files\Azureus
2010-01-23 10:50 . 2010-01-23 10:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\Azureus
2010-01-19 08:21 . 2005-08-11 02:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-09 00:02 . 2005-08-11 02:19	7998	----a-w-	c:\documents and settings\William\Application Data\wklnhst.dat
2009-12-31 16:14 . 2008-10-20 20:33	352640	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2004-08-04 10:00	662016	------w-	c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 10:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2004-08-04 10:00	343040	----a-w-	c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2008-10-20 20:33	33280	----a-w-	c:\windows\system32\csrsrv.dll
2009-12-08 18:53 . 2008-10-20 20:33	2136064	------w-	c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2008-10-20 20:33	2015744	------w-	c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2008-10-20 20:33	453760	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2003-08-27 18:19 . 2005-08-11 03:28	36963	-c--a-r-	c:\program files\Common Files\SM1updtr.dll
2005-05-13 21:12 . 2005-05-13 21:12	217073	--sha-r-	c:\windows\meta4.exe
2005-10-24 15:13 . 2005-10-24 15:13	66560	--sha-r-	c:\windows\MOTA113.exe
2005-10-14 01:27 . 2005-10-14 01:27	422400	--sha-r-	c:\windows\x2.64.exe
2005-10-07 23:14 . 2005-10-07 23:14	308224	--sha-r-	c:\windows\SYSTEM32\avisynth.dll
2005-07-14 16:31 . 2005-07-14 16:31	27648	--sha-r-	c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 19:32 . 2005-06-26 19:32	616448	--sha-r-	c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 02:37 . 2005-06-22 02:37	45568	--sha-r-	c:\windows\SYSTEM32\cygz.dll
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\i420vfw.dll
2006-04-27 14:24 . 2006-04-27 14:24	2945024	--sha-r-	c:\windows\SYSTEM32\Smab.dll
2005-02-28 17:16 . 2005-02-28 17:16	240128	--sha-r-	c:\windows\SYSTEM32\x.264.exe
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-09 1695744]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-11 10:13	356352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 11:23	11952	----a-w-	c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-19 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-19 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-17 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2008-10-07 192512]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-25 108552]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mWindow Title = Microsoft Internet Explorer presented by Comcast
TCP: {F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE} = 68.87.74.166,68.87.68.166
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 04:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-03-02 04:19:43
ComboFix-quarantined-files.txt 2010-03-02 09:19
ComboFix2.txt 2010-02-28 22:43
ComboFix3.txt 2008-01-30 22:01
ComboFix4.txt 2008-01-29 22:00
ComboFix5.txt 2010-03-02 09:05

Pre-Run: 92,776,247,296 bytes free
Post-Run: 92,747,390,976 bytes free

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 81B1D5BFD113A85DD9048D54DE17EA98

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:31 AM, on 3/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .jav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE}: NameServer = 68.87.74.166,68.87.68.166
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7453 bytes


----------



## Cookiegal (Aug 27, 2003)

I apologize for the delay in getting back to you.

Please update MalwareBytes and then run a full system scan and post the log.

Also, do this please:

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

*JRE 6 Update 18 *

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## kena0903 (Jan 24, 2008)

Computer still only boots in safe mode. I tried to update malwarebytes but would not let me. I was not able to perform Kaparsky through the provided link either. It would not load.


----------



## Cookiegal (Aug 27, 2003)

Let's try this one instead:

Please run the *F-Secure Online Scanner*

Note: *You must use Internet Explorer for this scan!*


Accept the License Agreement. 
Once the ActiveX installs click *Full System Scan* 
Once the download completes, the scan will begin automatically. 
The scan will take some time to finish, so please be patient. 
When the scan completes, click the *Automatic cleaning (recommended)* button. 
Click the *Show Report* button and copy and paste the entire report in your next reply.


----------



## kena0903 (Jan 24, 2008)

Cookie its not even allowing me to do this scan


----------



## Cookiegal (Aug 27, 2003)

What happens? Are you able to access the site at all?


----------



## kena0903 (Jan 24, 2008)

Page loads but nothing is in dropdown menu and at bottom it says : JavaScript needs to be enabled, and you need to have at least Version 6 Update 10 of Java Runtime Environment installed.


----------



## Cookiegal (Aug 27, 2003)

Please do this again.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## kena0903 (Jan 24, 2008)

Here is the list:

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.2
AOLIcon
AVG Free 8.5
Azureus
Banctec Service Agreement
Bodog Poker Version 2.16.3.49
CCScore
Comcast High-Speed Internet Install Wizard
ComcastSUPPORT
CopySafe Plugin
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 3.1
DVD Shrink 3.2
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
G15A922EN
GrabIt 1.7.1 Beta (build 960)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iSkysoft Video Converter(Build 2.2.1.0)
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Online Scanner
kgcbase
Kodak EasyShare software
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
Napster
Need2Find Bar
Nero Suite
netbrdg
OfotoXMI
Photo Click
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickPar 0.9
QuickTime
QuickTime Alternative 1.67
RealPlayer
Roxio Burn Engine
Roxio Easy Media Creator 7
Seagate Manager Installer
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SHASTA
Shockwave
Sierra Print Artist
Sierra Utilities
skin0001
SKINXSDK
Sonic Update Manager
SPBBC
staticcr
SUPERAntiSpyware Free Edition
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
USB Storage Adapter FX (SM1)
VideoLAN VLC media player 0.8.6c
VPRINTOL
Vuze
WebEx Support Manager for Internet Explorer
WinAVI VideoConverter
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
WinRAR archiver
WIRELESS
ZoneAlarm


----------



## Cookiegal (Aug 27, 2003)

Did you not install the latest version of Java as per earlier instructions?

Also, you didn't uninstall this:

*Need2Find Bar*


----------



## kena0903 (Jan 24, 2008)

As earlier posted I could not remove the earlier versions of java. Here is the message: The windows Installer service could not be accessed. This can occur if you are running windows in safe mode, or if the windows installer is not correctly installed. Contact your support personal for assistance.
As for need Need2Find Bar unsuccesful as well message is as follows: Error loading C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll


----------



## Cookiegal (Aug 27, 2003)

Yes but can you at least install the latest version of Java? Then you should be able to do the scans.


----------



## kena0903 (Jan 24, 2008)

I tried to install the latest version but receive an error stating the following: The system administrator has set policies to prevent this installation.


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop and double-click on it to extract the files. It will create a folder named *OTS* on your desktop.

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Open the *OTS* folder and double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## kena0903 (Jan 24, 2008)

will not allow me to attatch


----------



## kena0903 (Jan 24, 2008)

Here is Part 1 of log:
OTS logfile created on: 3/9/2010 3:52:10 AM - Run 1
OTS by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 795.00 Mb Available Physical Memory | 78.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.67 Gb Total Space | 86.30 Gb Free Space | 59.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 378.45 Gb Free Space | 81.25% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MRANDMRSGREEN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/03/09 03:45:13 | 000,636,928 | ---- | M] (OldTimer Tools)
vsmon.exe -> C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/03/09 03:45:13 | 000,636,928 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll -> [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(PEVSystemStart) PEVSystemStart [Auto | Stopped] -> -> File not found
(avg8wd) AVG Free8 WatchDog [Auto | Stopped] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/17 06:22:53 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8emc) AVG Free8 E-mail Scanner [Auto | Stopped] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/17 06:22:46 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
(CSHelper) CopySafe Helper Service [Auto | Stopped] -> C:\WINDOWS\SYSTEM32\CSHelper.exe -> [2008/10/07 16:51:15 | 000,192,512 | ---- | M] ()
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC)
(LinksysUpdater) Linksys Updater [Auto | Stopped] -> C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -> [2008/04/18 04:30:43 | 000,204,800 | ---- | M] ()
(nmservice) Pure Networks Platform Service [Auto | Stopped] -> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -> [2008/04/08 23:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/01/19 10:29:52 | 002,041,536 | ---- | M] (Symantec Corporation)
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Stopped] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> [2006/01/19 10:29:52 | 000,100,032 | ---- | M] (Symantec Corporation)
(SPBBCSvc) SPBBCSvc [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -> [2005/03/15 15:56:08 | 000,992,864 | ---- | M] (Symantec Corporation)
(dlbt_device) dlbt_device [On_Demand | Stopped] -> C:\WINDOWS\System32\dlbtcoms.exe -> [2004/10/25 21:01:52 | 000,421,888 | ---- | M] (Dell)

[Driver Services - Safe List]
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2009/08/19 16:12:39 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/08/19 16:12:39 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Stopped] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/08/17 06:23:09 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Stopped] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/08/17 06:23:09 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/07/25 18:07:00 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2008/09/03 13:07:16 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\vsdatant.sys -> [2008/07/09 08:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC)
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys -> [2008/05/28 05:45:24 | 000,099,264 | ---- | M] (SlySoft, Inc.)
(pnarp) Pure Networks Device Discovery Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -> [2008/04/08 23:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.)
(purendis) Pure Networks Wireless Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -> [2008/04/08 23:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.)
(MBAMCatchMe) MBAMCatchMe [Kernel | On_Demand | Stopped] -> C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys -> [2008/03/09 16:29:14 | 000,027,136 | ---- | M] ()
(srescan) srescan [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\ZoneLabs\srescan.sys -> [2008/02/27 02:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC)
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys -> [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG)
(KLIF) KLIF [File_System | System | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -> [2007/07/19 14:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -> [2007/02/02 02:00:00 | 000,009,464 | ---- | M] (Sonic Solutions)
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -> [2007/02/02 02:00:00 | 000,009,336 | ---- | M] (Sonic Solutions)
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> C:\Program Files\Symantec\SYMEVENT.SYS -> [2006/01/06 17:54:54 | 000,107,696 | ---- | M] (Symantec Corporation)
(cdudf_xp) cdudf_xp [File_System | System | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\Cdudf_xp.sys -> [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions)
(dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\dvd_2k.sys -> [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions)
(DVDVRRdr_xp) DVDVRRdr_xp [File_System | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\DVDVRRdr_xp.sys -> [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider)
(UDFReadr) UDFReadr [File_System | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\Udfreadr.sys -> [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions)
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\mmc_2k.sys -> [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions)
(pwd_2k) pwd_2k [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\Pwd_2k.sys -> [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\drvmcdb.sys -> [2005/01/27 03:22:00 | 000,088,016 | ---- | M] (Sonic Solutions)
(senfilt) senfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -> [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(IntelC53) IntelC53 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -> [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation)
(IntelC52) IntelC52 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -> [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation)
(IntelC51) IntelC51 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -> [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation)
(mohfilt) mohfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -> [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation)
(Cinemsup) Cinemsup [Kernel | System | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\cinemsup.sys -> [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions)
(Sparrow) Sparrow [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -> [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
(ultra) ultra [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.dell4me.com/myway -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" -> -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{4D25F926-B9FE-4682-BF72-8AB8210D6D75}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2010/02/28 17:33:58 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts -> 
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 000,509,328 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/08/17 06:23:01 | 002,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
"DLBTCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]] -> [2004/11/09 21:41:32 | 000,069,632 | ---- | M] ()
"LELA" -> C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe ["C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized] -> [2008/05/01 06:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems)
"MaxMenuMgr" -> C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe ["C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"] -> [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC)
"nmctxth" -> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe ["C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"] -> [2008/04/08 23:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.)
"RoxioDragToDisc" -> C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe ["C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"] -> [2005/03/08 21:13:56 | 001,695,744 | ---- | M] (Sonic Solutions)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 03:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.)
"ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2008/07/09 08:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" -> C:\Program Files\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> [2005/05/15 02:04:12 | 000,332,800 | ---- | M] (Gteko Ltd.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe -> [2008/05/10 06:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2004/11/11 11:59:36 | 000,806,912 | ---- | M] (Intuit, Inc.)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll [Menu: Sun Java Console] -> [2008/02/22 03:25:19 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Button: Create Mobile Favorite] -> [2006/06/20 21:35:56 | 000,142,120 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Menu: Create Mobile Favorite...] -> [2006/06/20 21:35:56 | 000,142,120 | ---- | M] (Microsoft Corporation)
{669B269B-0D4E-41FB-A3D8-FD67CA94F646}:Exec [HKLM] -> [Button: ComcastHSI] -> File not found
{8828075D-D097-4055-AA02-2DBFA9D85E8A}:Exec [HKLM] -> [Button: Support] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{97809617-3937-4F84-B335-9BB05EF1A8D4}:Exec [HKLM] -> [Button: Help] -> File not found
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}:Exec [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Button: Bodog Poker] -> [2009/01/20 11:34:06 | 003,688,448 | ---- | M] (Bodog)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/06/20 21:35:56 | 000,142,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/06/20 21:35:56 | 000,142,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{669B269B-0D4E-41FB-A3D8-FD67CA94F646}" [HKLM] -> [ComcastHSI] -> File not found
CmdMapping\\"{8828075D-D097-4055-AA02-2DBFA9D85E8A}" [HKLM] -> [Support] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{97809617-3937-4F84-B335-9BB05EF1A8D4}" [HKLM] -> [Help] -> File not found
CmdMapping\\"{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}" [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Bodog Poker] -> [2009/01/20 11:34:06 | 003,688,448 | ---- | M] (Bodog)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
Extension\.avi -> C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll [QuickTime Plug-in 6.5] -> [2005/10/23 00:39:58 | 000,106,496 | ---- | M] (Apple Computer, Inc.)
Extension\.jav -> C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll [QuickTime Plug-in 6.5] -> [2005/10/23 00:39:58 | 000,106,496 | ---- | M] (Apple Computer, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01012101-5E80-11D8-9E86-0007E96C65AE} [HKLM] -> http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab [SupportSoft Script Runner Class] -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [HKLM] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab [CKAVWebScan Object] -> 
{11260943-421B-11D0-8EAC-0000C07D88CF} [HKLM] -> http://www.ipix.com/download/ipixx.cab [iPIX ActiveX Control] -> 
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab [Symantec AntiVirus scanner] -> 
{3451DEDE-631F-421C-8127-FD793AFC6CC8} [HKLM] -> http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab [ActiveDataInfo Class] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] -> 
{44990200-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab [Symantec SmartIssue] -> 
{44990301-3C9D-426D-81DF-AAB636FA4345} [HKLM] -> http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab [Symantec Script Runner Class] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab [Reg Error: Key error.] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{97770E5B-2028-48AC-B4DA-1F991376D2B6} [HKLM] -> http://download.copysafe.net/plugins5/installers/Copysafe.cab [Reg Error: Key error.] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [HKLM] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> [Reg Error: Value error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE}\\NameServer -> 68.87.74.166,68.87.68.166 (Intel(R) PRO/100 VE Network Connection) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2009/03/11 05:13:45 | 000,356,352 | ---- | M] (SUPERAntiSpyware.com)
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/17 06:23:10 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/09/20 09:31:28 | 000,135,168 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/06/20 21:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/06/20 21:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/06/20 21:36:24 | 001,977,128 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2009/08/17 06:22:46 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/11/08 08:32:12 | 001,142,552 | ---- | M] (AVG Technologies CZ, s.r.o.)


----------



## kena0903 (Jan 24, 2008)

Part 2 of log:

"C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> [2009/06/22 18:45:12 | 000,199,616 | ---- | M] (Vuze Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" -> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabledure Networks Platform Service] -> [2008/04/08 23:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2008/05/10 06:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/06/20 21:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/06/20 21:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/06/20 21:36:24 | 001,977,128 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 21:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->

[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2/11/2010 5:31:56 PM Computer Name = MRANDMRSGREEN | Source = Application Error | ID = 1000 -> Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libffmpeg_plugin.dll, version 0.0.0.0, fault address 0x002f25e4.
Application [ Error ] 2/19/2010 4:54:40 PM Computer Name = MRANDMRSGREEN | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/19/2010 4:54:43 PM Computer Name = MRANDMRSGREEN | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/19/2010 8:16:53 PM Computer Name = MRANDMRSGREEN | Source = Application Hang | ID = 1002 -> Description = Hanging application avgui.exe, version 8.5.0.408, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/19/2010 8:16:53 PM Computer Name = MRANDMRSGREEN | Source = Application Hang | ID = 1002 -> Description = Hanging application avgui.exe, version 8.5.0.408, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/19/2010 8:29:51 PM Computer Name = MRANDMRSGREEN | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.3653, fault address 0x0002c428.
Application [ Error ] 2/19/2010 9:47:58 PM Computer Name = MRANDMRSGREEN | Source = Application Hang | ID = 1002 -> Description = Hanging application SUPERAntiSpyware.exe, version 4.27.0.1002, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/19/2010 9:52:47 PM Computer Name = MRANDMRSGREEN | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.3653, fault address 0x0002c428.
Application [ Error ] 3/4/2010 6:57:08 PM Computer Name = MRANDMRSGREEN | Source = MsiInstaller | ID = 1008 -> Description = The installation of C:\Documents and Settings\William\Application Data\Sun\Java\jre1.6.0_18\jre1.6.0_18.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Application [ Error ] 3/8/2010 4:44:39 AM Computer Name = MRANDMRSGREEN | Source = MsiInstaller | ID = 1008 -> Description = The installation of C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_18\jre1.6.0_18.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
OSession [ Error ] 7/31/2009 4:41:39 PM Computer Name = MRANDMRSGREEN | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 250 seconds with 180 seconds of active time. This session ended with a crash.
OSession [ Error ] 7/31/2009 4:45:18 PM Computer Name = MRANDMRSGREEN | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 196 seconds with 60 seconds of active time. This session ended with a crash.
System [ Error ] 3/7/2010 9:39:55 PM Computer Name = MRANDMRSGREEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 3/8/2010 4:42:36 AM Computer Name = MRANDMRSGREEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 3/8/2010 4:43:22 AM Computer Name = MRANDMRSGREEN | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cdudf_xp Cinemsup ElbyCDIO Fips intelppm KLIF SASDIFSV SASKUTIL
System [ Error ] 3/8/2010 4:45:04 AM Computer Name = MRANDMRSGREEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
System [ Error ] 3/8/2010 4:45:52 AM Computer Name = MRANDMRSGREEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 3/8/2010 7:24:11 PM Computer Name = MRANDMRSGREEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 3/8/2010 7:25:00 PM Computer Name = MRANDMRSGREEN | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cdudf_xp Cinemsup ElbyCDIO Fips intelppm KLIF SASDIFSV SASKUTIL
System [ Error ] 3/8/2010 7:54:16 PM Computer Name = MRANDMRSGREEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 3/8/2010 8:16:03 PM Computer Name = MRANDMRSGREEN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 3/8/2010 8:16:48 PM Computer Name = MRANDMRSGREEN | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cdudf_xp Cinemsup ElbyCDIO Fips intelppm KLIF SASDIFSV SASKUTIL

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/03/09 03:45:12 | 000,636,928 | ---- | C] (OldTimer Tools)
Malwarebytes -> C:\Documents and Settings\Administrator\Application Data\Malwarebytes -> [2010/03/04 03:52:30 | 000,000,000 | ---D | C]
temp -> C:\WINDOWS\temp -> [2010/02/28 17:43:37 | 000,000,000 | ---D | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/02/28 17:19:33 | 000,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/02/28 17:19:33 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/02/28 17:19:33 | 000,136,704 | ---- | C] (SteelWerX)
BVRP Software -> C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software -> [2010/02/27 18:53:49 | 000,000,000 | ---D | C]
jre-6u18-windows-i586.exe -> C:\Documents and Settings\Administrator\Desktop\jre-6u18-windows-i586.exe -> [2010/02/27 18:49:56 | 016,258,848 | ---- | C] (Sun Microsystems, Inc.)
HijackThisInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe -> [2010/02/27 15:12:21 | 000,812,344 | ---- | C] (Trend Micro Inc.)
UserData -> C:\Documents and Settings\Administrator\UserData -> [2010/02/20 12:17:56 | 000,000,000 | --SD | C]
Macromedia -> C:\Documents and Settings\Administrator\Application Data\Macromedia -> [2010/02/20 07:21:52 | 000,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\Administrator\Application Data\Adobe -> [2010/02/20 07:21:50 | 000,000,000 | ---D | C]
Jasc Software Inc -> C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc -> [2010/02/20 06:26:37 | 000,000,000 | ---D | C]
Identities -> C:\Documents and Settings\Administrator\Application Data\Identities -> [2010/02/20 06:26:37 | 000,000,000 | ---D | C]
Gtek -> C:\Documents and Settings\Administrator\Application Data\Gtek -> [2010/02/20 06:26:37 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [2010/02/20 06:26:36 | 000,000,000 | --SD | C]
Cookies -> C:\Documents and Settings\Administrator\Cookies -> [2010/02/20 06:26:35 | 000,000,000 | --SD | C]
Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2010/02/20 06:26:35 | 000,000,000 | RH-D | C]
Favorites -> C:\Documents and Settings\Administrator\Favorites -> [2010/02/20 06:26:35 | 000,000,000 | R--D | C]
Symantec -> C:\Documents and Settings\Administrator\Application Data\Symantec -> [2010/02/20 06:26:35 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\Administrator\Application Data\Sun -> [2010/02/20 06:26:35 | 000,000,000 | ---D | C]
Desktop -> C:\Documents and Settings\Administrator\Desktop -> [2010/02/20 06:26:35 | 000,000,000 | ---D | C]
ApplicationHistory -> C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory -> [2010/02/20 06:26:35 | 000,000,000 | ---D | C]
My Pictures -> C:\Documents and Settings\Administrator\My Documents\My Pictures -> [2010/02/20 06:26:34 | 000,000,000 | R--D | C]
My Music -> C:\Documents and Settings\Administrator\My Documents\My Music -> [2010/02/20 06:26:34 | 000,000,000 | R--D | C]
My Documents -> C:\Documents and Settings\Administrator\My Documents -> [2010/02/20 06:26:34 | 000,000,000 | R--D | C]
NetHood -> C:\Documents and Settings\Administrator\NetHood -> [2010/02/20 06:26:34 | 000,000,000 | -H-D | C]
Local Settings -> C:\Documents and Settings\Administrator\Local Settings -> [2010/02/20 06:26:34 | 000,000,000 | -H-D | C]
Microsoft Help -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help -> [2010/02/20 06:26:34 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft -> [2010/02/20 06:26:34 | 000,000,000 | ---D | C]
{7148F0A6-6813-11D6-A77B-00B0D0142030} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} -> [2010/02/20 06:26:34 | 000,000,000 | ---D | C]
SendTo -> C:\Documents and Settings\Administrator\SendTo -> [2010/02/20 06:26:33 | 000,000,000 | RH-D | C]
Recent -> C:\Documents and Settings\Administrator\Recent -> [2010/02/20 06:26:33 | 000,000,000 | RH-D | C]
Start Menu -> C:\Documents and Settings\Administrator\Start Menu -> [2010/02/20 06:26:33 | 000,000,000 | R--D | C]
Templates -> C:\Documents and Settings\Administrator\Templates -> [2010/02/20 06:26:33 | 000,000,000 | -H-D | C]
PrintHood -> C:\Documents and Settings\Administrator\PrintHood -> [2010/02/20 06:26:33 | 000,000,000 | -H-D | C]
Real -> C:\Documents and Settings\NetworkService\Application Data\Real -> [2010/02/20 04:28:00 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2010/02/19 19:14:52 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2010/02/19 19:14:45 | 000,000,000 | --SD | M]
Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/02/18 02:32:37 | 000,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/02/18 02:32:34 | 000,000,000 | ---D | M]
Seagate -> C:\Program Files\Seagate -> [2010/02/15 17:53:20 | 000,000,000 | ---D | C]
Seagate -> C:\Documents and Settings\All Users\Application Data\Seagate -> [2010/02/15 17:53:20 | 000,000,000 | ---D | C]
ftpcache -> C:\WINDOWS\ftpcache -> [2010/02/15 17:50:42 | 000,000,000 | -HSD | C]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/07/25 18:05:40 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/07/25 18:05:40 | 000,000,000 | ---D | M]
Help -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Help -> [2005/09/11 13:21:09 | 000,000,000 | ---D | M]
Help -> C:\Documents and Settings\LocalService\Application Data\Help -> [2005/09/11 13:21:09 | 000,000,000 | ---D | M]
718 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp ->

[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2010/03/09 03:45:13 | 000,636,928 | ---- | M] (OldTimer Tools)
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2010/03/08 19:17:21 | 001,048,576 | -H-- | M] ()
vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2010/03/08 19:16:05 | 000,352,918 | ---- | M] ()
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [2010/03/08 19:15:10 | 000,002,048 | --S- | M] ()
NTUSER.INI -> C:\Documents and Settings\Administrator\NTUSER.INI -> [2010/03/08 18:54:17 | 000,000,178 | -HS- | M] ()
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [2010/03/08 03:45:39 | 000,002,206 | ---- | M] ()
uninstall_list2 -> C:\Documents and Settings\Administrator\Desktop\uninstall_list2 -> [2010/03/06 20:51:51 | 000,015,717 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2010/03/02 04:16:54 | 000,000,227 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\ETC\hosts -> [2010/02/28 17:33:58 | 000,000,027 | ---- | M] ()
puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2010/02/28 17:18:02 | 003,874,477 | R--- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/27 19:03:19 | 000,000,006 | -H-- | M] ()
jre-6u18-windows-i586.exe -> C:\Documents and Settings\Administrator\Desktop\jre-6u18-windows-i586.exe -> [2010/02/27 18:49:56 | 016,258,848 | ---- | M] (Sun Microsystems, Inc.)
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/27 15:13:40 | 000,001,734 | ---- | M] ()
HijackThisInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThisInstaller.exe -> [2010/02/27 15:12:22 | 000,812,344 | ---- | M] (Trend Micro Inc.)
fidbox.dat -> C:\WINDOWS\System32\drivers\fidbox.dat -> [2010/02/20 01:21:45 | 1132,621,856 | -HS- | M] ()
fidbox.idx -> C:\WINDOWS\System32\drivers\fidbox.idx -> [2010/02/20 01:21:45 | 013,141,664 | -HS- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/02/19 19:14:59 | 055,938,014 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/02/17 16:35:04 | 000,000,049 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/02/15 18:26:40 | 000,142,495 | ---- | M] ()
Seagate Manager.lnk -> C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk -> [2010/02/15 17:53:33 | 000,001,863 | ---- | M] ()
dellstat.ini -> C:\WINDOWS\dellstat.ini -> [2010/02/13 18:29:09 | 000,000,954 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/02/10 03:32:28 | 000,001,374 | ---- | M] ()
718 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
uninstall_list2 -> C:\Documents and Settings\Administrator\Desktop\uninstall_list2 -> [2010/03/06 20:51:51 | 000,015,717 | ---- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/02/28 17:19:33 | 000,261,632 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/02/28 17:19:33 | 000,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/02/28 17:19:33 | 000,080,412 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/02/28 17:19:33 | 000,077,312 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/02/28 17:19:33 | 000,068,096 | ---- | C] ()
puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2010/02/28 17:17:56 | 003,874,477 | R--- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2010/02/27 15:13:40 | 000,001,734 | ---- | C] ()
DESKTOP.INI -> C:\Documents and Settings\Administrator\Application Data\DESKTOP.INI -> [2010/02/20 06:26:54 | 000,000,062 | -HS- | C] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2010/02/20 06:26:48 | 003,742,002 | -H-- | C] ()
NTUSER.INI -> C:\Documents and Settings\Administrator\NTUSER.INI -> [2010/02/20 06:26:33 | 000,000,178 | -HS- | C] ()
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2010/02/20 06:26:32 | 001,048,576 | -H-- | C] ()
Seagate Manager.lnk -> C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk -> [2010/02/15 17:53:33 | 000,001,863 | ---- | C] ()
FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2009/11/28 05:36:51 | 000,233,176 | ---- | C] ()
libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2008/09/30 19:09:49 | 000,796,048 | ---- | C] ()
$_hpcst$.hpc -> C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc -> [2008/01/22 23:09:20 | 000,002,508 | ---- | C] ()
BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [2007/01/13 23:25:56 | 000,014,848 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2006/10/26 20:56:38 | 000,000,547 | ---- | C] ()
ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2006/10/26 20:56:36 | 000,006,144 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/09/07 13:31:48 | 000,000,002 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 000,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 000,026,040 | ---- | C] ()
AviSplitter.INI -> C:\WINDOWS\AviSplitter.INI -> [2006/03/17 22:55:26 | 000,000,038 | ---- | C] ()
DVDXRestrictionFree.ini -> C:\WINDOWS\DVDXRestrictionFree.ini -> [2006/01/02 17:17:50 | 000,000,164 | ---- | C] ()
SysEngine.SYS -> C:\WINDOWS\System32\SysEngine.SYS -> [2006/01/02 16:53:34 | 000,000,014 | ---- | C] ()
cdPlayer.ini -> C:\WINDOWS\cdPlayer.ini -> [2005/09/28 21:33:25 | 000,012,586 | ---- | C] ()
ipixActivex.ini -> C:\WINDOWS\ipixActivex.ini -> [2005/08/19 12:44:11 | 000,000,037 | ---- | C] ()
SIERRA.INI -> C:\WINDOWS\SIERRA.INI -> [2005/08/17 16:12:40 | 000,000,402 | ---- | C] ()
dellstat.ini -> C:\WINDOWS\dellstat.ini -> [2005/08/13 16:34:14 | 000,000,954 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2005/08/10 23:29:55 | 000,000,049 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2005/08/09 17:12:28 | 003,596,288 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005/08/05 11:22:14 | 000,000,061 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/08/05 11:14:05 | 000,000,138 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/08/05 11:10:14 | 000,000,376 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/08/05 10:37:28 | 000,000,370 | ---- | C] ()
AVSredirect.dll -> C:\WINDOWS\System32\AVSredirect.dll -> [2005/07/14 11:31:20 | 000,027,648 | RHS- | C] ()
cygz.dll -> C:\WINDOWS\System32\cygz.dll -> [2005/06/21 21:37:42 | 000,045,568 | RHS- | C] ()
DLBTPLC.INI -> C:\WINDOWS\System32\DLBTPLC.INI -> [2005/03/28 16:45:46 | 000,000,430 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/02/28 14:17:16 | 000,000,000 | ---- | C] ()
besched.dll -> C:\WINDOWS\System32\besched.dll -> [2004/11/30 04:10:00 | 000,028,672 | ---- | C] ()
dlbtcur.dll -> C:\WINDOWS\System32\dlbtcur.dll -> [2004/11/09 18:11:08 | 000,114,688 | ---- | C] ()
dlbtjswr.dll -> C:\WINDOWS\System32\dlbtjswr.dll -> [2004/11/09 18:10:28 | 000,573,440 | ---- | C] ()
dlbtcu.dll -> C:\WINDOWS\System32\dlbtcu.dll -> [2004/11/09 18:05:58 | 000,069,632 | ---- | C] ()
dlbtutil.dll -> C:\WINDOWS\System32\dlbtutil.dll -> [2004/11/09 17:59:26 | 000,405,504 | ---- | C] ()
dlbtsnls.dll -> C:\WINDOWS\System32\dlbtsnls.dll -> [2004/08/23 14:42:30 | 000,131,072 | ---- | C] ()
dlbtcoin.dll -> C:\WINDOWS\System32\dlbtcoin.dll -> [2004/08/23 14:40:14 | 000,143,360 | ---- | C] ()
ORUN32.INI -> C:\WINDOWS\ORUN32.INI -> [2004/08/10 13:13:12 | 000,000,780 | ---- | C] ()
FXSPERF.INI -> C:\WINDOWS\System32\FXSPERF.INI -> [2004/08/04 05:00:00 | 000,001,793 | ---- | C] ()
CinemSup.sys -> C:\WINDOWS\System32\CinemSup.sys -> [2003/12/19 02:00:00 | 000,013,387 | ---- | C] ()
dlbtvs.dll -> C:\WINDOWS\System32\dlbtvs.dll -> [2003/10/08 14:09:46 | 000,040,960 | ---- | C] ()
lockout.dll -> C:\WINDOWS\System32\lockout.dll -> [2003/10/02 01:00:00 | 000,208,896 | ---- | C] ()
lockres.dll -> C:\WINDOWS\System32\lockres.dll -> [2003/10/02 01:00:00 | 000,045,056 | ---- | C] ()
e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [1980/01/01 00:00:00 | 000,012,288 | ---- | C] ()
< End of report >
[/code]


----------



## Cookiegal (Aug 27, 2003)

kena0903 said:


> will not allow me to attatch


What happens when you try to attach it? I need it to be attached to get the proper format to prepare a fix.


----------



## kena0903 (Jan 24, 2008)

When I scroll down no attatchment available. Am I doing something wrong?


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download ATF Cleaner by Atribune and save it to your desktop.
Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*
[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.


----------



## Cookiegal (Aug 27, 2003)

Please download to Desktop: DDS by sUBs from one of these locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click DDS.scr to run.

When complete, DDS.txt will open.

Click Yes for Optional Scan.
Save both reports to your desktop.
DDS.txt
Attach.txt

Please post the DDS.txt and the Attach.txt report in the reply itself.


----------



## kena0903 (Jan 24, 2008)

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK 
Run by Administrator at 6:42:02.28 on Sat 03/13/2010
Internet Explorer: 6.0.2900.2180

============== Running Processes ===============

C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
mWindow Title = Microsoft Internet Explorer presented by Comcast
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,[email protected]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\npjpi160_05.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
TCP: {F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE} = 68.87.74.166,68.87.68.166
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R? avg8emc;AVG Free8 E-mail Scanner
R? avg8wd;AVG Free8 WatchDog
R? AvgLdx86;AVG Free AVI Loader Driver x86
R? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
R? CSHelper;CopySafe Helper Service
R? KLIF;KLIF
R? LinksysUpdater;Linksys Updater
R? MBAMCatchMe;MBAMCatchMe
R? PEVSystemStart;PEVSystemStart
R? SASDIFSV;SASDIFSV
R? SASENUM;SASENUM
R? SASKUTIL;SASKUTIL
S? AvgTdiX;AVG Free8 Network Redirector
S? vsdatant;vsdatant
S? vsmon;TrueVector Internet Monitor

=============== Created Last 30 ================

2010-03-04 08:52:30	0	d-----w-	c:\docume~1\admini~1\applic~1\Malwarebytes
2010-02-28 22:19:33	98816	----a-w-	c:\windows\sed.exe
2010-02-28 22:19:33	77312	----a-w-	c:\windows\MBR.exe
2010-02-28 22:19:33	261632	----a-w-	c:\windows\PEV.exe
2010-02-28 22:19:33	161792	----a-w-	c:\windows\SWREG.exe
2010-02-20 17:17:56	0	d-s---w-	c:\documents and settings\administrator\UserData
2010-02-20 11:26:35	0	d-----w-	c:\docume~1\admini~1\applic~1\Symantec
2010-02-15 22:53:20	0	d-----w-	c:\program files\Seagate
2010-02-15 22:53:20	0	d-----w-	c:\docume~1\alluse~1\applic~1\Seagate
2010-02-15 22:50:42	0	d-sh--w-	c:\windows\ftpcache

==================== Find3M ====================

2010-02-20 06:21:45	13141664	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-02-20 06:21:45	1132621856	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-12-31 16:14:12	352640	----a-w-	c:\windows\system32\dllcache\srv.sys
2009-12-16 12:58:04	343040	----a-w-	c:\windows\system32\mspaint.exe
2009-12-16 12:58:04	343040	------w-	c:\windows\system32\dllcache\mspaint.exe
2009-12-16 12:57:07	18432	----a-w-	c:\windows\system32\dllcache\iedw.exe
2009-12-14 07:35:35	33280	----a-w-	c:\windows\system32\csrsrv.dll
2009-12-14 07:35:35	33280	------w-	c:\windows\system32\dllcache\csrsrv.dll
2003-08-27 18:19:18	36963	-c--a-r-	c:\program files\common files\SM1updtr.dll
2005-05-13 21:12:00	217073	--sha-r-	c:\windows\meta4.exe
2005-10-24 15:13:58	66560	--sha-r-	c:\windows\MOTA113.exe
2005-10-14 01:27:00	422400	--sha-r-	c:\windows\x2.64.exe
2005-10-07 23:14:52	308224	--sha-r-	c:\windows\system32\avisynth.dll
2005-07-14 16:31:20	27648	--sha-r-	c:\windows\system32\AVSredirect.dll
2005-06-26 19:32:28	616448	--sha-r-	c:\windows\system32\cygwin1.dll
2005-06-22 02:37:42	45568	--sha-r-	c:\windows\system32\cygz.dll
2004-01-25 04:00:00	70656	--sha-r-	c:\windows\system32\i420vfw.dll
2006-04-27 14:24:24	2945024	--sha-r-	c:\windows\system32\Smab.dll
2005-02-28 17:16:22	240128	--sha-r-	c:\windows\system32\x.264.exe
2004-01-25 04:00:00	70656	--sha-r-	c:\windows\system32\yv12vfw.dll

============= FINISH: 6:43:01.95 ===============

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.2
AOLIcon
AVG Free 8.5
Azureus
Banctec Service Agreement
Bodog Poker Version 2.16.3.49
CCScore
Comcast High-Speed Internet Install Wizard
ComcastSUPPORT
CopySafe Plugin
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 3.1
Dell System Restore
DVD Shrink 3.2
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
G15A922EN
GrabIt 1.7.1 Beta (build 960)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iSkysoft Video Converter(Build 2.2.1.0)
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Online Scanner
kgcbase
Kodak EasyShare software
Linksys EasyLink Advisor
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
Napster
Need2Find Bar
Nero Suite
netbrdg
OfotoXMI
Photo Click
PowerDVD 5.5
Pure Networks Platform
QuickBooks Simple Start Special Edition
QuickPar 0.9
QuickTime
QuickTime Alternative 1.67
RealPlayer
Roxio Burn Engine
Roxio Easy Media Creator 7
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SHASTA
Shockwave
Sierra Print Artist
Sierra Utilities
skin0001
SKINXSDK
Sonic Update Manager
SPBBC
staticcr
SUPERAntiSpyware Free Edition
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
USB Storage Adapter FX (SM1)
VideoLAN VLC media player 0.8.6c
VPRINTOL
Vuze
WebEx Support Manager for Internet Explorer
WebFldrs XP
WinAVI VideoConverter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
WIRELESS
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm

==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Please update SuperAntiSpyware and then run a scan and post the log.


----------



## kena0903 (Jan 24, 2008)

I was unable to update but here is the scan log.

http://www.superantispyware.com

Generated 03/14/2010 at 04:49 PM

Application Version : 4.27.1002

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 01:08:04

Memory items scanned : 282
Memory threats detected : 0
Registry items scanned : 7265
Registry threats detected : 0
File items scanned : 31649
File threats detected : 455

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]atwola[1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]****theyoung[1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\will[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]****afan[2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]somniture[1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]****ingmachines[1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt


----------



## kena0903 (Jan 24, 2008)

part 2 of super log

F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]****inga******[1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]****ingmachines[2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]****inga******[1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]movie[1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]_js[2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected]et[1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][3].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][1].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt
F:\Seagate Backup\MRANDMRSGREEN\C\Documents and Settings\William\Cookies\[email protected][2].txt

Trojan.Downloader-Gen/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1541\A0524708.EXE
C:\WINDOWS\MBR.EXE


----------



## Cookiegal (Aug 27, 2003)

What is your F drive?

Download GMER from: http://gmer.net/index.php

Click on the Download exe button and save it on your desktop. It will create a oddly named exe file on your desktop. Double click that file to run it and select the rootkit tab and then press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## kena0903 (Jan 24, 2008)

Downloaded gamer and started scan after about ten minutes it freezes. Thought it was just slow so just waited overnight sure enough it froze. Tried several additional times in the last two days same outcome.


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and run TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Please post the log back here.


----------



## kena0903 (Jan 24, 2008)

19:53:08:046 1300	TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
19:53:08:046 1300	================================================================================
19:53:08:046 1300	SystemInfo:

19:53:08:046 1300	OS Version: 5.1.2600 ServicePack: 2.0
19:53:08:046 1300	Product type: Workstation
19:53:08:046 1300	ComputerName: MRANDMRSGREEN
19:53:08:046 1300	UserName: Administrator
19:53:08:046 1300	Windows directory: C:\WINDOWS
19:53:08:046 1300	Processor architecture: Intel x86
19:53:08:046 1300	Number of processors: 2
19:53:08:046 1300	Page size: 0x1000
19:53:08:046 1300	Boot type: Safe boot with network
19:53:08:046 1300	================================================================================
19:53:08:046 1300	UnloadDriverW: NtUnloadDriver error 2
19:53:08:046 1300	ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:53:08:046 1300	wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
19:53:08:046 1300	wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:53:08:046 1300	wfopen_ex: Trying to KLMD file open
19:53:08:046 1300	wfopen_ex: File opened ok (Flags 2)
19:53:08:046 1300	wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
19:53:08:046 1300	wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:53:08:046 1300	wfopen_ex: Trying to KLMD file open
19:53:08:046 1300	wfopen_ex: File opened ok (Flags 2)
19:53:08:046 1300	Initialize success
19:53:08:046 1300	
19:53:08:062 1300	Scanning	Services ...
19:53:08:609 1300	GetAdvancedServicesInfo: Raw services enum returned 356 services
19:53:08:609 1300	
19:53:08:609 1300	Scanning	Kernel memory ...
19:53:08:609 1300	Devices to scan: 6
19:53:08:609 1300	
19:53:08:609 1300	Driver Name: Disk
19:53:08:609 1300	IRP_MJ_CREATE : F779DC30
19:53:08:609 1300	IRP_MJ_CREATE_NAMED_PIPE : 804F9729
19:53:08:609 1300	IRP_MJ_CLOSE : F779DC30
19:53:08:609 1300	IRP_MJ_READ : F7797D9B
19:53:08:609 1300	IRP_MJ_WRITE : F7797D9B
19:53:08:609 1300	IRP_MJ_QUERY_INFORMATION : 804F9729
19:53:08:609 1300	IRP_MJ_SET_INFORMATION : 804F9729
19:53:08:609 1300	IRP_MJ_QUERY_EA : 804F9729
19:53:08:609 1300	IRP_MJ_SET_EA : 804F9729
19:53:08:609 1300	IRP_MJ_FLUSH_BUFFERS : F7798366
19:53:08:609 1300	IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9729
19:53:08:609 1300	IRP_MJ_SET_VOLUME_INFORMATION : 804F9729
19:53:08:609 1300	IRP_MJ_DIRECTORY_CONTROL : 804F9729
19:53:08:609 1300	IRP_MJ_FILE_SYSTEM_CONTROL : 804F9729
19:53:08:609 1300	IRP_MJ_DEVICE_CONTROL : F779844D
19:53:08:609 1300	IRP_MJ_INTERNAL_DEVICE_CONTROL : F779BFC3
19:53:08:609 1300	IRP_MJ_SHUTDOWN : F7798366
19:53:08:609 1300	IRP_MJ_LOCK_CONTROL : 804F9729
19:53:08:609 1300	IRP_MJ_CLEANUP : 804F9729
19:53:08:609 1300	IRP_MJ_CREATE_MAILSLOT : 804F9729
19:53:08:609 1300	IRP_MJ_QUERY_SECURITY : 804F9729
19:53:08:609 1300	IRP_MJ_SET_SECURITY : 804F9729
19:53:08:609 1300	IRP_MJ_POWER : F7799EF3
19:53:08:609 1300	IRP_MJ_SYSTEM_CONTROL : F779EA24
19:53:08:625 1300	IRP_MJ_DEVICE_CHANGE : 804F9729
19:53:08:625 1300	IRP_MJ_QUERY_QUOTA : 804F9729
19:53:08:625 1300	IRP_MJ_SET_QUOTA : 804F9729
19:53:08:656 1300	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:53:08:656 1300	
19:53:08:656 1300	Driver Name: USBSTOR
19:53:08:656 1300	IRP_MJ_CREATE : F7A04218
19:53:08:656 1300	IRP_MJ_CREATE_NAMED_PIPE : 804F9729
19:53:08:656 1300	IRP_MJ_CLOSE : F7A04218
19:53:08:656 1300	IRP_MJ_READ : F7A0423C
19:53:08:656 1300	IRP_MJ_WRITE : F7A0423C
19:53:08:656 1300	IRP_MJ_QUERY_INFORMATION : 804F9729
19:53:08:656 1300	IRP_MJ_SET_INFORMATION : 804F9729
19:53:08:656 1300	IRP_MJ_QUERY_EA : 804F9729
19:53:08:656 1300	IRP_MJ_SET_EA : 804F9729
19:53:08:656 1300	IRP_MJ_FLUSH_BUFFERS : 804F9729
19:53:08:656 1300	IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9729
19:53:08:656 1300	IRP_MJ_SET_VOLUME_INFORMATION : 804F9729
19:53:08:656 1300	IRP_MJ_DIRECTORY_CONTROL : 804F9729
19:53:08:656 1300	IRP_MJ_FILE_SYSTEM_CONTROL : 804F9729
19:53:08:656 1300	IRP_MJ_DEVICE_CONTROL : F7A04180
19:53:08:656 1300	IRP_MJ_INTERNAL_DEVICE_CONTROL : F79FF9E6
19:53:08:656 1300	IRP_MJ_SHUTDOWN : 804F9729
19:53:08:656 1300	IRP_MJ_LOCK_CONTROL : 804F9729
19:53:08:656 1300	IRP_MJ_CLEANUP : 804F9729
19:53:08:656 1300	IRP_MJ_CREATE_MAILSLOT : 804F9729
19:53:08:656 1300	IRP_MJ_QUERY_SECURITY : 804F9729
19:53:08:656 1300	IRP_MJ_SET_SECURITY : 804F9729
19:53:08:656 1300	IRP_MJ_POWER : F7A035F0
19:53:08:656 1300	IRP_MJ_SYSTEM_CONTROL : F7A01A6E
19:53:08:656 1300	IRP_MJ_DEVICE_CHANGE : 804F9729
19:53:08:656 1300	IRP_MJ_QUERY_QUOTA : 804F9729
19:53:08:656 1300	IRP_MJ_SET_QUOTA : 804F9729
19:53:08:687 1300	C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
19:53:08:687 1300	
19:53:08:687 1300	Driver Name: Disk
19:53:08:687 1300	IRP_MJ_CREATE : F779DC30
19:53:08:687 1300	IRP_MJ_CREATE_NAMED_PIPE : 804F9729
19:53:08:687 1300	IRP_MJ_CLOSE : F779DC30
19:53:08:687 1300	IRP_MJ_READ : F7797D9B
19:53:08:687 1300	IRP_MJ_WRITE : F7797D9B
19:53:08:687 1300	IRP_MJ_QUERY_INFORMATION : 804F9729
19:53:08:687 1300	IRP_MJ_SET_INFORMATION : 804F9729
19:53:08:687 1300	IRP_MJ_QUERY_EA : 804F9729
19:53:08:687 1300	IRP_MJ_SET_EA : 804F9729
19:53:08:687 1300	IRP_MJ_FLUSH_BUFFERS : F7798366
19:53:08:687 1300	IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9729
19:53:08:687 1300	IRP_MJ_SET_VOLUME_INFORMATION : 804F9729
19:53:08:687 1300	IRP_MJ_DIRECTORY_CONTROL : 804F9729
19:53:08:687 1300	IRP_MJ_FILE_SYSTEM_CONTROL : 804F9729
19:53:08:687 1300	IRP_MJ_DEVICE_CONTROL : F779844D
19:53:08:687 1300	IRP_MJ_INTERNAL_DEVICE_CONTROL : F779BFC3
19:53:08:687 1300	IRP_MJ_SHUTDOWN : F7798366
19:53:08:687 1300	IRP_MJ_LOCK_CONTROL : 804F9729
19:53:08:687 1300	IRP_MJ_CLEANUP : 804F9729
19:53:08:687 1300	IRP_MJ_CREATE_MAILSLOT : 804F9729
19:53:08:687 1300	IRP_MJ_QUERY_SECURITY : 804F9729
19:53:08:687 1300	IRP_MJ_SET_SECURITY : 804F9729
19:53:08:687 1300	IRP_MJ_POWER : F7799EF3
19:53:08:687 1300	IRP_MJ_SYSTEM_CONTROL : F779EA24
19:53:08:687 1300	IRP_MJ_DEVICE_CHANGE : 804F9729
19:53:08:687 1300	IRP_MJ_QUERY_QUOTA : 804F9729
19:53:08:687 1300	IRP_MJ_SET_QUOTA : 804F9729
19:53:08:687 1300	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:53:08:687 1300	
19:53:08:687 1300	Driver Name: Disk
19:53:08:687 1300	IRP_MJ_CREATE : F779DC30
19:53:08:687 1300	IRP_MJ_CREATE_NAMED_PIPE : 804F9729
19:53:08:687 1300	IRP_MJ_CLOSE : F779DC30
19:53:08:687 1300	IRP_MJ_READ : F7797D9B
19:53:08:687 1300	IRP_MJ_WRITE : F7797D9B
19:53:08:687 1300	IRP_MJ_QUERY_INFORMATION : 804F9729
19:53:08:687 1300	IRP_MJ_SET_INFORMATION : 804F9729
19:53:08:687 1300	IRP_MJ_QUERY_EA : 804F9729
19:53:08:687 1300	IRP_MJ_SET_EA : 804F9729
19:53:08:687 1300	IRP_MJ_FLUSH_BUFFERS : F7798366
19:53:08:687 1300	IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9729
19:53:08:687 1300	IRP_MJ_SET_VOLUME_INFORMATION : 804F9729
19:53:08:687 1300	IRP_MJ_DIRECTORY_CONTROL : 804F9729
19:53:08:687 1300	IRP_MJ_FILE_SYSTEM_CONTROL : 804F9729
19:53:08:687 1300	IRP_MJ_DEVICE_CONTROL : F779844D
19:53:08:687 1300	IRP_MJ_INTERNAL_DEVICE_CONTROL : F779BFC3
19:53:08:687 1300	IRP_MJ_SHUTDOWN : F7798366
19:53:08:687 1300	IRP_MJ_LOCK_CONTROL : 804F9729
19:53:08:687 1300	IRP_MJ_CLEANUP : 804F9729
19:53:08:687 1300	IRP_MJ_CREATE_MAILSLOT : 804F9729
19:53:08:687 1300	IRP_MJ_QUERY_SECURITY : 804F9729
19:53:08:687 1300	IRP_MJ_SET_SECURITY : 804F9729
19:53:08:687 1300	IRP_MJ_POWER : F7799EF3
19:53:08:687 1300	IRP_MJ_SYSTEM_CONTROL : F779EA24
19:53:08:687 1300	IRP_MJ_DEVICE_CHANGE : 804F9729
19:53:08:687 1300	IRP_MJ_QUERY_QUOTA : 804F9729
19:53:08:687 1300	IRP_MJ_SET_QUOTA : 804F9729
19:53:08:703 1300	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:53:08:703 1300	
19:53:08:703 1300	Driver Name: Disk
19:53:08:703 1300	IRP_MJ_CREATE : F779DC30
19:53:08:703 1300	IRP_MJ_CREATE_NAMED_PIPE : 804F9729
19:53:08:703 1300	IRP_MJ_CLOSE : F779DC30
19:53:08:703 1300	IRP_MJ_READ : F7797D9B
19:53:08:703 1300	IRP_MJ_WRITE : F7797D9B
19:53:08:703 1300	IRP_MJ_QUERY_INFORMATION : 804F9729
19:53:08:703 1300	IRP_MJ_SET_INFORMATION : 804F9729
19:53:08:703 1300	IRP_MJ_QUERY_EA : 804F9729
19:53:08:703 1300	IRP_MJ_SET_EA : 804F9729
19:53:08:703 1300	IRP_MJ_FLUSH_BUFFERS : F7798366
19:53:08:703 1300	IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9729
19:53:08:703 1300	IRP_MJ_SET_VOLUME_INFORMATION : 804F9729
19:53:08:703 1300	IRP_MJ_DIRECTORY_CONTROL : 804F9729
19:53:08:703 1300	IRP_MJ_FILE_SYSTEM_CONTROL : 804F9729
19:53:08:703 1300	IRP_MJ_DEVICE_CONTROL : F779844D
19:53:08:703 1300	IRP_MJ_INTERNAL_DEVICE_CONTROL : F779BFC3
19:53:08:703 1300	IRP_MJ_SHUTDOWN : F7798366
19:53:08:703 1300	IRP_MJ_LOCK_CONTROL  : 804F9729
19:53:08:703 1300	IRP_MJ_CLEANUP : 804F9729
19:53:08:703 1300	IRP_MJ_CREATE_MAILSLOT : 804F9729
19:53:08:703 1300	IRP_MJ_QUERY_SECURITY : 804F9729
19:53:08:703 1300	IRP_MJ_SET_SECURITY : 804F9729
19:53:08:703 1300	IRP_MJ_POWER : F7799EF3
19:53:08:703 1300	IRP_MJ_SYSTEM_CONTROL : F779EA24
19:53:08:703 1300	IRP_MJ_DEVICE_CHANGE : 804F9729
19:53:08:703 1300	IRP_MJ_QUERY_QUOTA : 804F9729
19:53:08:703 1300	IRP_MJ_SET_QUOTA : 804F9729
19:53:08:703 1300	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:53:08:703 1300	
19:53:08:703 1300	Driver Name: atapi
19:53:08:703 1300	IRP_MJ_CREATE : F7632572
19:53:08:703 1300	IRP_MJ_CREATE_NAMED_PIPE : 804F9729
19:53:08:703 1300	IRP_MJ_CLOSE : F7632572
19:53:08:703 1300	IRP_MJ_READ : 804F9729
19:53:08:703 1300	IRP_MJ_WRITE : 804F9729
19:53:08:703 1300	IRP_MJ_QUERY_INFORMATION : 804F9729
19:53:08:703 1300	IRP_MJ_SET_INFORMATION : 804F9729
19:53:08:703 1300	IRP_MJ_QUERY_EA : 804F9729
19:53:08:703 1300	IRP_MJ_SET_EA : 804F9729
19:53:08:703 1300	IRP_MJ_FLUSH_BUFFERS : 804F9729
19:53:08:703 1300	IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9729
19:53:08:703 1300	IRP_MJ_SET_VOLUME_INFORMATION : 804F9729
19:53:08:703 1300	IRP_MJ_DIRECTORY_CONTROL : 804F9729
19:53:08:703 1300	IRP_MJ_FILE_SYSTEM_CONTROL : 804F9729
19:53:08:703 1300	IRP_MJ_DEVICE_CONTROL : F7632592
19:53:08:703 1300	IRP_MJ_INTERNAL_DEVICE_CONTROL : F762E7B4
19:53:08:703 1300	IRP_MJ_SHUTDOWN : 804F9729
19:53:08:703 1300	IRP_MJ_LOCK_CONTROL : 804F9729
19:53:08:703 1300	IRP_MJ_CLEANUP : 804F9729
19:53:08:703 1300	IRP_MJ_CREATE_MAILSLOT : 804F9729
19:53:08:703 1300	IRP_MJ_QUERY_SECURITY : 804F9729
19:53:08:703 1300	IRP_MJ_SET_SECURITY : 804F9729
19:53:08:703 1300	IRP_MJ_POWER : F76325BC
19:53:08:703 1300	IRP_MJ_SYSTEM_CONTROL : F7639164
19:53:08:703 1300	IRP_MJ_DEVICE_CHANGE : 804F9729
19:53:08:703 1300	IRP_MJ_QUERY_QUOTA : 804F9729
19:53:08:703 1300	IRP_MJ_SET_QUOTA : 804F9729
19:53:08:734 1300	C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
19:53:08:734 1300	
19:53:08:734 1300	Completed
19:53:08:750 1300	
19:53:08:750 1300	Results:
19:53:08:750 1300	Memory objects infected / cured / cured on reboot:	0 / 0 / 0
19:53:08:750 1300	Registry objects infected / cured / cured on reboot:	0 / 0 / 0
19:53:08:750 1300	File objects infected / cured / cured on reboot:	0 / 0 / 0
19:53:08:750 1300	
19:53:08:750 1300	fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
19:53:08:750 1300	fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
19:53:08:750 1300	KLMD(ARK) unloaded successfully


----------



## Cookiegal (Aug 27, 2003)

You didn't answer my question about your F drive.


----------



## kena0903 (Jan 24, 2008)

external hard drive


----------



## Cookiegal (Aug 27, 2003)

You need to clear cookies on both the primary and external drives.

Be sure to have your external drive connected before doing this so we can check it for infection.

I'm attaching a MountPoints Diagnostic.zip file to this post. Save it to your desktop. Unzjip it and double click the MountPoints Diagnostic.bat file and let it run. It will create a report in Notepad named Diagnostic.txt. Please upload the Diagnostic.txt file as an attachment.


----------



## kena0903 (Jan 24, 2008)

Diagnostic Report
Mon 03/22/2010 20:08:42.43 

Mountpoints > Drives subkeys: 
------------------------------------
No Autorun files found in C:\WINDOWS 

No Autorun files found in C:\WINDOWS\system32 

No Autorun files found in root of C:


No Autorun files found in root of F:


----------



## Cookiegal (Aug 27, 2003)

Are you sure that's the full report? Normally there's more to it than that.

Can you give me a breakdown of what problems are remaining please?


----------



## kena0903 (Jan 24, 2008)

Yes thats the full report . I still can only boot in safe.Nothing has changed.


----------



## Cookiegal (Aug 27, 2003)

Please drag ComboFix to the reycle bin and grab the latest version, then run a new scan and post that log.

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## kena0903 (Jan 24, 2008)

ComboFix 10-03-24.01 - Administrator 03/24/2010 17:47:56.7.2 - x86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-24 to 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-03-20 18:03 . 2010-03-20 18:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\AdobeUM
2010-03-20 15:16 . 2010-03-20 15:16	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-03-14 19:39 . 2010-03-14 19:39	--------	d-----w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-03-10 21:44 . 2010-03-10 21:44	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-03-04 08:52 . 2010-03-04 08:52	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-27 23:53 . 2010-02-27 23:53	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 01:21 . 2010-03-08 08:42	37376	----a-w-	c:\windows\Internet Logs\xDB11.tmp
2010-03-03 08:52 . 2010-03-03 22:54	44544	----a-w-	c:\windows\Internet Logs\xDB10.tmp
2010-02-21 12:53 . 2010-02-22 21:49	22016	----a-w-	c:\windows\Internet Logs\xDBF.tmp
2010-02-20 11:25 . 2010-02-20 12:19	9216	----a-w-	c:\windows\Internet Logs\xDBE.tmp
2010-02-20 11:22 . 2010-02-20 11:25	4559360	----a-w-	c:\windows\Internet Logs\xDBD.tmp
2010-02-20 06:21 . 2008-10-01 00:29	13141664	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-02-20 06:21 . 2008-10-01 00:29	1132621856	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-02-20 01:48 . 2010-02-20 01:48	52224	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-20 01:48 . 2009-03-12 21:39	117760	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-15 22:53 . 2005-08-05 16:05	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-02-15 22:53 . 2010-02-15 22:53	--------	d-----w-	c:\program files\Seagate
2010-02-15 22:53 . 2010-02-15 22:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Seagate
2010-02-13 23:29 . 2005-08-13 21:34	--------	d-----w-	c:\program files\Dl_cats
2010-02-12 21:50 . 2006-10-20 00:39	--------	d-----w-	c:\documents and settings\William\Application Data\Azureus
2010-02-10 08:15 . 2009-04-20 00:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-09 00:02 . 2005-08-11 02:19	7998	----a-w-	c:\documents and settings\William\Application Data\wklnhst.dat
2009-12-31 16:14 . 2008-10-20 20:33	352640	----a-w-	c:\windows\system32\drivers\srv.sys
2003-08-27 18:19 . 2005-08-11 03:28	36963	-c--a-r-	c:\program files\Common Files\SM1updtr.dll
2005-05-13 21:12 . 2005-05-13 21:12	217073	--sha-r-	c:\windows\meta4.exe
2005-10-24 15:13 . 2005-10-24 15:13	66560	--sha-r-	c:\windows\MOTA113.exe
2005-10-14 01:27 . 2005-10-14 01:27	422400	--sha-r-	c:\windows\x2.64.exe
2005-10-07 23:14 . 2005-10-07 23:14	308224	--sha-r-	c:\windows\SYSTEM32\avisynth.dll
2005-07-14 16:31 . 2005-07-14 16:31	27648	--sha-r-	c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 19:32 . 2005-06-26 19:32	616448	--sha-r-	c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 02:37 . 2005-06-22 02:37	45568	--sha-r-	c:\windows\SYSTEM32\cygz.dll
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\i420vfw.dll
2006-04-27 14:24 . 2006-04-27 14:24	2945024	--sha-r-	c:\windows\SYSTEM32\Smab.dll
2005-02-28 17:16 . 2005-02-28 17:16	240128	--sha-r-	c:\windows\SYSTEM32\x.264.exe
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((( [email protected]_09.16.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-08-05 15:56 . 2009-12-09 14:56	72576 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-08-05 15:56 . 2010-03-15 00:11	72576 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-08-05 15:56 . 2010-03-15 00:11	445370 c:\windows\SYSTEM32\PERFH009.DAT
- 2005-08-05 15:56 . 2009-12-09 14:56	445370 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-09 1695744]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-11 10:13	356352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 11:23	11952	----a-w-	c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 7\\Home Page\\HomePageApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-19 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-19 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-17 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2008-10-07 192512]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R3 MBAMCatchMe;MBAMCatchMe;c:\program files\Malwarebytes' Anti-Malware\catchme.sys [2008-03-09 27136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-25 108552]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD21
*Deregistered* - klmd21
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mWindow Title = Microsoft Internet Explorer presented by Comcast
TCP: {F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE} = 68.87.74.166,68.87.68.166
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 17:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-03-24 17:59:28
ComboFix-quarantined-files.txt 2010-03-24 21:59
ComboFix2.txt 2010-03-02 09:19
ComboFix3.txt 2010-02-28 22:43
ComboFix4.txt 2008-01-30 22:01
ComboFix5.txt 2010-03-24 21:46

Pre-Run: 92,489,621,504 bytes free
Post-Run: 92,555,968,512 bytes free

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 289EE36EFF82E8D041C4E6F7FEAC6079


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## kena0903 (Jan 24, 2008)

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	1008
Date: 3/14/2010
Time: 8:09:10 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
The installation of C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_18\jre1.6.0_18.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 2/19/2010
Time: 9:52:47 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.3653, fault address 0x0002c428.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180 
0030: 69 6e 20 73 68 6c 77 61 in shlwa
0038: 70 69 2e 64 6c 6c 20 36 pi.dll 6
0040: 2e 30 2e 32 39 30 30 2e .0.2900.
0048: 33 36 35 33 20 61 74 20 3653 at 
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 32 63 34 32 38 0d 002c428.
0060: 0a .

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 2/19/2010
Time: 9:47:58 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
Hanging application SUPERAntiSpyware.exe, version 4.27.0.1002, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 53 55 50 45 52 41 SUPERA
0018: 6e 74 69 53 70 79 77 61 ntiSpywa
0020: 72 65 2e 65 78 65 20 34 re.exe 4
0028: 2e 32 37 2e 30 2e 31 30 .27.0.10
0030: 30 32 20 69 6e 20 68 75 02 in hu
0038: 6e 67 61 70 70 20 30 2e ngapp 0.
0040: 30 2e 30 2e 30 20 61 74 0.0.0 at
0048: 20 6f 66 66 73 65 74 20 offset 
0050: 30 30 30 30 30 30 30 30 00000000

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 2/19/2010
Time: 8:16:53 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
Hanging application avgui.exe, version 8.5.0.408, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 61 76 67 75 69 2e avgui.
0018: 65 78 65 20 38 2e 35 2e exe 8.5.
0020: 30 2e 34 30 38 20 69 6e 0.408 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:24:22 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:24:16 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:24:15 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:15:06 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:15:00 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:14:59 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:07:04 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:07:01 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 3/24/2010
Time: 6:06:59 PM
User: MRANDMRSGREEN\Administrator
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## kena0903 (Jan 24, 2008)

StartupList report, 3/28/2010, 9:03:57 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RoxioDragToDisc = "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
LELA = "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
nmctxth = "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
MaxMenuMgr = "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

FlashPlayerUpdate = C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}]
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[SupportSoft Script Runner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
CODEBASE = http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
CODEBASE = http://www.ipix.com/download/ipixx.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[Symantec SmartIssue]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsi.dll
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

[Symantec Script Runner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\tgctlsr.dll
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

[{97770E5B-2028-48AC-B4DA-1F991376D2B6}]
CODEBASE = http://download.copysafe.net/plugins5/installers/Copysafe.cab

[{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}]
CODEBASE = http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

[Java Plug-in 1.6.0_04]
InProcServer32 = C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

[Java Plug-in 1.6.0_07]
InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

[{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}]
InProcServer32 = C:\Program Files\WebEx\ieatgpc.dll

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)


----------



## kena0903 (Jan 24, 2008)

Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)
AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)
amsint: system32\DRIVERS\amsint.sys (system)
AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: system32\DRIVERS\asc.sys (system)
asc3350p: system32\DRIVERS\asc3350p.sys (system)
asc3550: system32\DRIVERS\asc3550.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
AVG Free8 E-mail Scanner: C:\PROGRA~1\AVG\AVG8\avgemc.exe (autostart)
AVG Free8 WatchDog: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (autostart)
AVG Free AVI Loader Driver x86: \SystemRoot\System32\Drivers\avgldx86.sys (system)
AVG Free On-access Scanner Minifilter Driver x86: \SystemRoot\System32\Drivers\avgmfx86.sys (system)
AVG Free8 Network Redirector: \SystemRoot\System32\Drivers\avgtdix.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys (manual start)
cbidf: system32\DRIVERS\cbidf2k.sys (system)
cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
CmdIde: system32\DRIVERS\cmdide.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: system32\DRIVERS\cpqarray.sys (system)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CopySafe Helper Service: C:\WINDOWS\system32\CSHelper.exe (autostart)
dac2w2k: system32\DRIVERS\dac2w2k.sys (system)
dac960nt: system32\DRIVERS\dac960nt.sys (system)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
dlbt_device: C:\WINDOWS\system32\dlbtcoms.exe -service (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: system32\DRIVERS\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\DRIVERS\drvmcdb.sys (system)
Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (system)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: system32\DRIVERS\hpn.sys (system)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: system32\DRIVERS\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
ini910u: system32\DRIVERS\ini910u.sys (system)
IntelC51: system32\DRIVERS\IntelC51.sys (manual start)
IntelC52: system32\DRIVERS\IntelC52.sys (manual start)
IntelC53: system32\DRIVERS\IntelC53.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
KLIF: system32\DRIVERS\klif.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Linksys Updater: "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf" (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
MBAMCatchMe: \??\C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys (manual start)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
mohfilt: system32\DRIVERS\mohfilt.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (manual start)
Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Pure Networks Platform Service: "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" (autostart)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
VSO Software pcouffin: System32\Drivers\Pcouffin.sys (manual start)
perc2: system32\DRIVERS\perc2.sys (system)
perc2hib: system32\DRIVERS\perc2hib.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pure Networks Device Discovery Driver: system32\DRIVERS\pnarp.sys (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
Pure Networks Wireless Driver: system32\DRIVERS\purendis.sys (autostart)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: system32\DRIVERS\ql1080.sys (system)
Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)
ql12160: system32\DRIVERS\ql12160.sys (system)
ql1240: system32\DRIVERS\ql1240.sys (system)
ql1280: system32\DRIVERS\ql1280.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
senfilt: system32\drivers\senfilt.sys (manual start)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)
smwdm: system32\drivers\smwdm.sys (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} (manual start)
symc810: system32\DRIVERS\symc810.sys (system)
symc8xx: system32\DRIVERS\symc8xx.sys (system)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
sym_hi: system32\DRIVERS\sym_hi.sys (system)
sym_u3: system32\DRIVERS\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: system32\DRIVERS\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
Usbscan: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
USB RNDIS Adapter: system32\DRIVERS\usb8023x.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
WpdUsb: System32\Drivers\wpdusb.sys (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
mbr: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\test0123|C:\Qoobox\Quarantine\C\MoveEx_test0123.vir||a

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 39,115 bytes
Report generated in 0.265 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Cookiegal (Aug 27, 2003)

Are you still not able to boot to windows normally?

If not, what happens? Do you get any error message?


----------



## kena0903 (Jan 24, 2008)

Still not able to boot normally. just a black screen never boots .


----------



## Cookiegal (Aug 27, 2003)

Do you have your installation CD?


----------



## kena0903 (Jan 24, 2008)

No came pre-installed. I did not order one when I purchased from dell.


----------



## Cookiegal (Aug 27, 2003)

Double click the *C:\Windows\mrb.exe* file to run it and post the resulting log please.


----------



## kena0903 (Jan 24, 2008)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


----------



## Cookiegal (Aug 27, 2003)

Try to boot to normal mode again. I would like to see if anything gets logged in the Event Viewer.

Then reboot and do this:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## kena0903 (Jan 24, 2008)

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	1008
Date: 4/2/2010
Time: 10:36:21 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
The installation of C:\Documents and Settings\William\Application Data\Sun\Java\jre1.6.0_18\jre1.6.0_18.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Warning
Event Source:	MsiInstaller
Event Category:	None
Event ID:	1015
Date: 4/2/2010
Time: 10:36:23 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
Failed to connect to server. Error: 0x8007043C

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	1008
Date: 3/29/2010
Time: 7:22:36 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
The installation of C:\Documents and Settings\William\Application Data\Sun\Java\jre1.6.0_18\jre1.6.0_18.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/1/2010
Time: 8:19:58 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/1/2010
Time: 8:20:00 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/1/2010
Time: 8:20:08 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/1/2010
Time: 8:20:11 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/1/2010
Time: 8:27:15 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/1/2010
Time: 8:56:49 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 8e 00 bc 00 00 00 00 .&#142;.¼....
0028: ad 69 43 01 00 00 00 00 *iC.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 10 b3 86 68 0a 08 87 ..³&#134;h..&#135;
0058: 00 00 00 00 f8 bb 04 87 ....ø».&#135;
0060: 00 00 00 00 47 00 5e 00 ....G.^.
0068: 2a 00 00 5e 00 47 00 00 *..^.G..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/2/2010
Time: 6:06:36 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/2/2010
Time: 6:06:44 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/2/2010
Time: 6:07:36 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/2/2010
Time: 6:07:40 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 4/2/2010
Time: 6:09:17 PM
User: MRANDMRSGREEN\William
Computer:	MRANDMRSGREEN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

When did you first start having this problem of getting the black screen when booting to normal mode?


----------



## kena0903 (Jan 24, 2008)

About a day afer I started the post. Which would have been around the 21st of Feb.


----------



## Cookiegal (Aug 27, 2003)

Had you just run any scans or can you identify what you had done just prior that may have caused it?


----------



## kena0903 (Jan 24, 2008)

Initially had problems I would type in a web page and was redirected to a web page that had nothin to do with the site I requested. As stated in the first post I ran Avg scan and the following appeared SHeur2.CMOJ and Trojan horse Hiloti.V . My pc automatically tried to reboot and here I stand.


----------



## Cookiegal (Aug 27, 2003)

Can you post the AVG logs from back then so I can see what it removed?


----------



## kena0903 (Jan 24, 2008)

Found the logs but seem to be .fil files and I still cant attach files.


----------



## Cookiegal (Aug 27, 2003)

Can you take a screenshot?


----------



## kena0903 (Jan 24, 2008)

no i can not take a screenshot


----------



## Cookiegal (Aug 27, 2003)

Why not? What happens?


----------



## kena0903 (Jan 24, 2008)

Pc freezes


----------



## Cookiegal (Aug 27, 2003)

Let's try GMER again. Delete the one you have and download it again but this time we'll ask for less output.

Download GMER from: http://gmer.net/index.php

Click on the Download exe button and save it on your desktop. It will create a oddly named exe file on your desktop. If you have a screensaver running please disable it before starting the scan. It's important that all other windows be closed and you don't touch the mouse or anything else while the scan is running. Double click that file to run it and select the rootkit tab and uncheck everything on the right side except for "Sections". When the scan is done, click *Save* to save the log in Notepad. Then copy and paste it here please.


----------



## kena0903 (Jan 24, 2008)

Promt states "Gamer hasn't found any system modifications"


----------



## Cookiegal (Aug 27, 2003)

Please remove ComboFix by dragging it to the recycle bin then grab the latest version and run a new scan and post the log.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.


----------



## kena0903 (Jan 24, 2008)

Here we go:

ComboFix 10-04-19.04 - William 04/20/2010 5:13.8.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.774 [GMT -4:00]
Running from: c:\documents and settings\William\Desktop\puppy.exe
.

((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-03-27 11:48 . 2010-03-27 11:48	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 11:48 . 2010-04-11 11:48	0	----a-w-	c:\documents and settings\William\ntuser.tmp
2010-03-20 18:03 . 2010-03-20 18:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\AdobeUM
2010-03-14 19:39 . 2010-03-14 19:39	--------	d-----w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-03-08 01:21 . 2010-03-08 08:42	37376	----a-w-	c:\windows\Internet Logs\xDB11.tmp
2010-03-04 08:52 . 2010-03-04 08:52	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-03 08:52 . 2010-03-03 22:54	44544	----a-w-	c:\windows\Internet Logs\xDB10.tmp
2010-02-21 12:53 . 2010-02-22 21:49	22016	----a-w-	c:\windows\Internet Logs\xDBF.tmp
2010-02-20 11:25 . 2010-02-20 12:19	9216	----a-w-	c:\windows\Internet Logs\xDBE.tmp
2010-02-20 11:22 . 2010-02-20 11:25	4559360	----a-w-	c:\windows\Internet Logs\xDBD.tmp
2010-02-20 06:21 . 2008-10-01 00:29	13141664	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-02-20 06:21 . 2008-10-01 00:29	1132621856	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-02-20 01:48 . 2010-02-20 01:48	52224	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-20 01:48 . 2009-03-12 21:39	117760	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2003-08-27 18:19 . 2005-08-11 03:28	36963	-c--a-r-	c:\program files\Common Files\SM1updtr.dll
2005-05-13 21:12 . 2005-05-13 21:12	217073	--sha-r-	c:\windows\meta4.exe
2005-10-24 15:13 . 2005-10-24 15:13	66560	--sha-r-	c:\windows\MOTA113.exe
2005-10-14 01:27 . 2005-10-14 01:27	422400	--sha-r-	c:\windows\x2.64.exe
2005-10-07 23:14 . 2005-10-07 23:14	308224	--sha-r-	c:\windows\SYSTEM32\avisynth.dll
2005-07-14 16:31 . 2005-07-14 16:31	27648	--sha-r-	c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 19:32 . 2005-06-26 19:32	616448	--sha-r-	c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 02:37 . 2005-06-22 02:37	45568	--sha-r-	c:\windows\SYSTEM32\cygz.dll
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\i420vfw.dll
2006-04-27 14:24 . 2006-04-27 14:24	2945024	--sha-r-	c:\windows\SYSTEM32\Smab.dll
2005-02-28 17:16 . 2005-02-28 17:16	240128	--sha-r-	c:\windows\SYSTEM32\x.264.exe
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((( [email protected]_09.16.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-08-05 15:56 . 2009-12-09 14:56	72576 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-08-05 15:56 . 2010-03-15 00:11	72576 c:\windows\SYSTEM32\PERFC009.DAT
+ 2010-02-28 22:19 . 2009-10-25 10:11	77312 c:\windows\1mbr.exe
+ 2005-08-05 15:56 . 2010-03-15 00:11	445370 c:\windows\SYSTEM32\PERFH009.DAT
- 2005-08-05 15:56 . 2009-12-09 14:56	445370 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-19 1830128]
"smss32.exe"="c:\windows\system32\smss32.exe" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-09 1695744]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2008-5-10 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-11 10:13	356352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 11:23	11952	----a-w-	c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 7\\Home Page\\HomePageApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/25/2009 7:07 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [7/25/2009 7:06 PM 335240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 74480]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/25/2009 7:06 PM 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/25/2009 7:06 PM 297752]
S2 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [10/7/2008 5:51 PM 192512]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
S3 MBAMCatchMe;MBAMCatchMe;c:\program files\Malwarebytes' Anti-Malware\catchme.sys [3/13/2008 5:56 PM 27136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
TCP: {F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE} = 68.87.74.166,68.87.68.166
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
HKCU-Run-DVDXGhost - c:\program files\DVD X Ghost\DVDXGhost.EXE
SafeBoot-AVG Anti-Spyware Driver

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Zepter Software\RegLib*8472be43\CloneDVDmobile/1]
"1"=dword:441b3779
"2"=dword:441b3779
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-04-20 05:24:58
ComboFix-quarantined-files.txt 2010-04-20 09:24
ComboFix2.txt 2010-03-24 21:59
ComboFix3.txt 2010-03-02 09:19
ComboFix4.txt 2010-02-28 22:43
ComboFix5.txt 2010-04-20 09:12

Pre-Run: 92,320,251,904 bytes free
Post-Run: 92,454,658,048 bytes free

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B48EC1CEC836628E6722FB97BDE0A378

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:20 AM, on 4/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .jav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE}: NameServer = 68.87.74.166,68.87.68.166
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 8000 bytes


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
c:\windows\system32\smss32.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smss32.exe"=-

DDS::
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com

RegNull::
[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\SystemCertificates\AddressBook*]
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*

Also, please do this:

Go to the link below and upload the following file(s) for analysis and post the results please:

http://virusscan.jotti.org/

*c:\windows\1mbr.exe*


----------



## kena0903 (Jan 24, 2008)

ComboFix 10-04-19.04 - William 04/22/2010 5:22.9.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.705 [GMT -4:00]
Running from: c:\documents and settings\William\Desktop\puppy.exe
Command switches used :: c:\documents and settings\William\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SET1C34.tmp

.
((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-20 09:11 . 2010-04-20 09:25	--------	d-----w-	C:\puppy
2010-03-27 11:48 . 2010-03-27 11:48	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 11:48 . 2010-04-11 11:48	0	----a-w-	c:\documents and settings\William\ntuser.tmp
2010-03-20 18:03 . 2010-03-20 18:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\AdobeUM
2010-03-14 19:39 . 2010-03-14 19:39	--------	d-----w-	c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-03-08 01:21 . 2010-03-08 08:42	37376	----a-w-	c:\windows\Internet Logs\xDB11.tmp
2010-03-04 08:52 . 2010-03-04 08:52	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-03 08:52 . 2010-03-03 22:54	44544	----a-w-	c:\windows\Internet Logs\xDB10.tmp
2010-02-21 12:53 . 2010-02-22 21:49	22016	----a-w-	c:\windows\Internet Logs\xDBF.tmp
2010-02-20 11:25 . 2010-02-20 12:19	9216	----a-w-	c:\windows\Internet Logs\xDBE.tmp
2010-02-20 11:22 . 2010-02-20 11:25	4559360	----a-w-	c:\windows\Internet Logs\xDBD.tmp
2010-02-20 06:21 . 2008-10-01 00:29	1132621856	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-02-20 01:48 . 2010-02-20 01:48	52224	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-20 01:48 . 2009-03-12 21:39	117760	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2003-08-27 18:19 . 2005-08-11 03:28	36963	-c--a-r-	c:\program files\Common Files\SM1updtr.dll
2005-05-13 21:12 . 2005-05-13 21:12	217073	--sha-r-	c:\windows\meta4.exe
2005-10-24 15:13 . 2005-10-24 15:13	66560	--sha-r-	c:\windows\MOTA113.exe
2005-10-14 01:27 . 2005-10-14 01:27	422400	--sha-r-	c:\windows\x2.64.exe
2005-10-07 23:14 . 2005-10-07 23:14	308224	--sha-r-	c:\windows\SYSTEM32\avisynth.dll
2005-07-14 16:31 . 2005-07-14 16:31	27648	--sha-r-	c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 19:32 . 2005-06-26 19:32	616448	--sha-r-	c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 02:37 . 2005-06-22 02:37	45568	--sha-r-	c:\windows\SYSTEM32\cygz.dll
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\i420vfw.dll
2006-04-27 14:24 . 2006-04-27 14:24	2945024	--sha-r-	c:\windows\SYSTEM32\Smab.dll
2005-02-28 17:16 . 2005-02-28 17:16	240128	--sha-r-	c:\windows\SYSTEM32\x.264.exe
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((( [email protected]_09.16.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-08-05 15:56 . 2009-12-09 14:56	72576 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-08-05 15:56 . 2010-03-15 00:11	72576 c:\windows\SYSTEM32\PERFC009.DAT
+ 2010-02-28 22:19 . 2009-10-25 10:11	77312 c:\windows\1mbr.exe
+ 2005-08-05 15:56 . 2010-03-15 00:11	445370 c:\windows\SYSTEM32\PERFH009.DAT
- 2005-08-05 15:56 . 2009-12-09 14:56	445370 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-19 1830128]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-09 1695744]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2008-5-10 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-11 10:13	356352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 11:23	11952	----a-w-	c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 7\\Home Page\\HomePageApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/25/2009 7:07 PM 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [7/25/2009 7:06 PM 335240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 74480]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/25/2009 7:06 PM 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/25/2009 7:06 PM 297752]
S2 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [10/7/2008 5:51 PM 192512]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
S3 MBAMCatchMe;MBAMCatchMe;c:\program files\Malwarebytes' Anti-Malware\catchme.sys [3/13/2008 5:56 PM 27136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE} = 68.87.74.166,68.87.68.166
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 05:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Zepter Software\RegLib*8472be43\CloneDVDmobile/1]
"1"=dword:441b3779
"2"=dword:441b3779
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-04-22 05:31:24
ComboFix-quarantined-files.txt 2010-04-22 09:31
ComboFix2.txt 2010-04-20 09:24
ComboFix3.txt 2010-03-24 21:59
ComboFix4.txt 2010-03-02 09:19
ComboFix5.txt 2010-04-22 09:21

Pre-Run: 92,436,754,432 bytes free
Post-Run: 92,445,196,288 bytes free

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B9B7A1470E95B360D1CDA52D316511E3

New Hijack this Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:37 AM, on 4/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .jav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE}: NameServer = 68.87.74.166,68.87.68.166
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 7710 bytes

And the results from the file scan:

Scan finished. 1 out of 20 scanners reported malware. 
Additional info
File size: 77312 bytes 
Filetype: PE32 executable for MS Windows (console) Intel 80386 32-bit 
MD5: c5ec72a20b4c98db5314e6c46765b148 
SHA1: e51e0b26d3a8fb28e0e4dcf78b6e4df2da879ff4 
Packer (Drweb): UPX, BINARYRES 
Packer (Kaspersky): PE_Patch.UPX, UPX


----------



## Cookiegal (Aug 27, 2003)

Have you noticed any improvement?


----------



## kena0903 (Jan 24, 2008)

I am finally able to boot up without safe mode but still quite slow.


----------



## Cookiegal (Aug 27, 2003)

Is it just slow to boot or is everything slow?


----------



## kena0903 (Jan 24, 2008)

Was slow everything. I just removed all old versions of java and updated to latest version.


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## kena0903 (Jan 24, 2008)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:40 PM, on 4/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .jav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE}: NameServer = 68.87.74.166,68.87.68.166
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\puppy6122p\PEV.cfxxe (file missing)
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 8143 bytes


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## kena0903 (Jan 24, 2008)

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.2
AOLIcon
AVG Free 8.5
Azureus
Banctec Service Agreement
CCScore
Comcast High-Speed Internet Install Wizard
ComcastSUPPORT
CopySafe Plugin
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 3.1
DVD Shrink 3.2
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
G15A922EN
GrabIt 1.7.1 Beta (build 960)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iSkysoft Video Converter(Build 2.2.1.0)
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 20
Kaspersky Online Scanner
kgcbase
Kodak EasyShare software
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
Napster
Need2Find Bar
Nero Suite
netbrdg
OfotoXMI
Photo Click
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickPar 0.9
QuickTime
QuickTime Alternative 1.67
RealPlayer
Roxio Burn Engine
Roxio Easy Media Creator 7
Seagate Manager Installer
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
SFR
SHASTA
Shockwave
Sierra Print Artist
Sierra Utilities
skin0001
SKINXSDK
Sonic Update Manager
SPBBC
staticcr
SUPERAntiSpyware Free Edition
tooltips
Uniblue DriverScanner
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB Storage Adapter FX (SM1)
VideoLAN VLC media player 0.8.6c
VPRINTOL
Vuze
WebEx Support Manager for Internet Explorer
WinAVI VideoConverter
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
WinRAR archiver
WIRELESS
ZoneAlarm


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add or Remove programs and remove:

*Need2Find Bar*

Go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Since you will be disabled ZoneAlarm, please active the Windows firewall during this test. Then reboot and let me know if the problem persists please. If it does, you can go back and reactivate Zone Alarm and turn off the Windows firewall but you will have to reboot for it to start back up. Or you can start it manually.


----------



## kena0903 (Jan 24, 2008)

Tried to remove Need2Find but the following error showed:

Error Loading c:\Progra~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll

The specified module could not be found


----------



## Cookiegal (Aug 27, 2003)

Delete the following folder:

C:\Program Files\*Need2Find Bar*

How are things now?


----------



## kena0903 (Jan 24, 2008)

Need 2find folder nowhere to be found. Running a little better. When I go to log on to a site get a prompt that java script is not enabled but checked internet options and it is enabled.


----------



## Cookiegal (Aug 27, 2003)

This looks to be the problem with Java not being installed as was indicated in your error messages:

http://support.microsoft.com/kb/925336

Are you familiar with the registry and feel able to follow the steps outlined in the Workaround that applies to XP?


----------



## kena0903 (Jan 24, 2008)

the problem was before I uninstalled java and updated but continued after update and Im not real familiar with registry


----------



## Cookiegal (Aug 27, 2003)

Please go into the Event Viewer again and copy and paste all of the errors that are there under Application and System that have occurred in the past two days.


----------



## kena0903 (Jan 24, 2008)

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/30/2010
Time: 4:08:46 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 67 be 00 00 00 00 .þg¾....
0028: 8b 0b 93 02 00 00 00 00 &#139;.&#147;.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 b0 02 86 20 89 2b 86 .°.&#134; &#137;+&#134;
0058: 00 00 00 00 70 b6 12 86 ....p¶.&#134;
0060: 00 00 00 00 ff 33 5f 00 ....ÿ3_.
0068: 2a 00 00 5f 33 ff 00 00 *.._3ÿ..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/30/2010
Time: 11:52:40 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 6e 63 be 00 00 00 00 .nc¾....
0028: 14 0a 84 02 00 00 00 00 ..&#132;.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 70 1d 86 20 89 2b 86 .p.&#134; &#137;+&#134;
0058: 00 00 00 00 70 b6 12 86 ....p¶.&#134;
0060: 00 00 00 00 b7 31 5f 00 ....·1_.
0068: 2a 00 00 5f 31 b7 00 00 *.._1·..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/30/2010
Time: 11:30:39 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 2e 62 be 00 00 00 00 ..b¾....
0028: de bf 82 02 00 00 00 00 Þ¿&#130;.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 40 e7 85 d0 e5 0c 86 [email protected]ç&#133;Ðå.&#134;
0058: 00 00 00 00 68 63 39 86 ....hc9&#134;
0060: 00 00 00 00 17 31 5f 00 .....1_.
0068: 2a 00 00 5f 31 17 00 00 *.._1...
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/30/2010
Time: 11:11:38 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 30 c0 00 00 00 00 .þ0À....
0028: 83 a2 81 02 00 00 00 00 &#131;¢.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 d0 e5 0c 86 ....Ðå.&#134;
0058: 00 00 00 00 68 63 39 86 ....hc9&#134;
0060: 00 00 00 00 7f 18 60 00 .....`.
0068: 28 00 00 60 18 7f 00 00 (..`...
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/30/2010
Time: 9:32:14 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 7e 33 c0 00 00 00 00 .~3À....
0028: 85 cf 7b 02 00 00 00 00 &#133;Ï{.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 20 89 2b 86 .... &#137;+&#134;
0058: 00 00 00 00 70 b6 12 86 ....p¶.&#134;
0060: 00 00 00 00 bf 19 60 00 ....¿.`.
0068: 28 00 00 60 19 bf 00 00 (..`.¿..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/30/2010
Time: 3:24:52 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 7e 8e a4 24 00 00 00 .~&#142;¤$...
0028: f9 48 66 02 00 00 00 00 ùHf.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 c8 bc 3b 86 ....È¼;&#134;
0058: 00 00 00 00 08 b0 2c 86 .....°,&#134;
0060: 00 00 00 00 3f 47 52 12 ....?GR.
0068: 28 00 12 52 47 3f 00 00 (..RG?..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/30/2010
Time: 1:00:08 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 7e 00 bc 00 00 00 00 .~.¼....
0028: ef cd 5d 02 00 00 00 00 ïÍ].....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 b0 03 86 c8 bc 3b 86 .°.&#134;È¼;&#134;
0058: 00 00 00 00 08 b0 2c 86 .....°,&#134;
0060: 00 00 00 00 3f 00 5e 00 ....?.^.
0068: 2a 00 00 5e 00 3f 00 00 *..^.?..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 9:20:29 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 de e3 bc 00 00 00 00 .Þã¼....
0028: 56 ef 50 02 00 00 00 00 VïP.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 70 1d 86 c8 bc 3b 86 .p.&#134;È¼;&#134;
0058: 00 00 00 00 08 b0 2c 86 .....°,&#134;
0060: 00 00 00 00 ef 71 5e 00 ....ïq^.
0068: 2a 00 00 5e 71 ef 00 00 *..^qï..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 7:17:21 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 ae e2 bc 00 00 00 00 .®â¼....
0028: 3d b8 49 02 00 00 00 00 =¸I.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 70 cf 85 c8 7a 55 86 .pÏ&#133;ÈzU&#134;
0058: 00 00 00 00 78 07 e8 85 ....x.è&#133;
0060: 00 00 00 00 57 71 5e 00 ....Wq^.
0068: 2a 00 00 5e 71 57 00 00 *..^qW..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 6:42:23 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 1e e1 bc 00 00 00 00 ..á¼....
0028: b9 ab 47 02 00 00 00 00 ¹«G.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 70 1d 86 c8 7a 55 86 .p.&#134;ÈzU&#134;
0058: 00 00 00 00 78 07 e8 85 ....x.è&#133;
0060: 00 00 00 00 8f 70 5e 00 ....p^.
0068: 2a 00 00 5e 70 8f 00 00 *..^p..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 5:18:36 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 2e df bc 00 00 00 00 ..ß¼....
0028: f2 c2 42 02 00 00 00 00 òÂB.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 cc 85 c8 bc 3b 86 ..Ì&#133;È¼;&#134;
0058: 00 00 00 00 08 b0 2c 86 .....°,&#134;
0060: 00 00 00 00 97 6f 5e 00 ....&#151;o^.
0068: 2a 00 00 5e 6f 97 00 00 *..^o&#151;..
0070: 38 00 00 00 00 00 00 00 8.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 11:47:23 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 3e dd bc 00 00 00 00 .>Ý¼....
0028: c4 5a 2f 02 00 00 00 00 ÄZ/.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 f0 fd 85 c8 bc 3b 86 .ðý&#133;È¼;&#134;
0058: 00 00 00 00 08 b0 2c 86 .....°,&#134;
0060: 00 00 00 00 9f 6e 5e 00 ....&#159;n^.
0068: 2a 00 00 5e 6e 9f 00 00 *..^n&#159;..
0070: 38 00 00 00 00 00 00 00 8.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 11:04:30 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 ce ce e5 23 00 00 00 .ÎÎå#...
0028: 70 d7 2c 02 00 00 00 00 p×,.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 c8 bc 3b 86 ....È¼;&#134;
0058: 00 00 00 00 08 b0 2c 86 .....°,&#134;
0060: 00 00 00 00 67 e7 f2 11 ....gçò.
0068: 28 00 11 f2 e7 67 00 00 (..òçg..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 10:04:58 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 de d8 bc 00 00 00 00 .ÞØ¼....
0028: 72 5a 29 02 00 00 00 00 rZ).....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 80 e9 85 c8 7a 55 86 .&#128;é&#133;ÈzU&#134;
0058: 00 00 00 00 78 07 e8 85 ....x.è&#133;
0060: 00 00 00 00 6f 6c 5e 00 ....ol^.
0068: 2a 00 00 5e 6c 6f 00 00 *..^lo..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 9:32:34 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 8e 4a c0 00 00 00 00 .&#142;JÀ....
0028: 76 74 27 02 00 00 00 00 vt'.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 c8 7a 55 86 ....ÈzU&#134;
0058: 00 00 00 00 78 07 e8 85 ....x.è&#133;
0060: 00 00 00 00 47 25 60 00 ....G%`.
0068: 28 00 00 60 25 47 00 00 (..`%G..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 8:43:53 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 be d6 bc 00 00 00 00 .¾Ö¼....
0028: 39 9a 24 02 00 00 00 00 9&#154;$.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 70 10 86 c8 7a 55 86 .p.&#134;ÈzU&#134;
0058: 00 00 00 00 78 07 e8 85 ....x.è&#133;
0060: 00 00 00 00 5f 6b 5e 00 ...._k^.
0068: 2a 00 00 5e 6b 5f 00 00 *..^k_..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 7:25:34 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 8e 00 bc 00 00 00 00 .&#142;.¼....
0028: 80 03 20 02 00 00 00 00 &#128;. .....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 d0 20 86 c8 7a 55 86 .Ð &#134;ÈzU&#134;
0058: 00 00 00 00 78 07 e8 85 ....x.è&#133;
0060: 00 00 00 00 47 00 5e 00 ....G.^.
0068: 2a 00 00 5e 00 47 00 00 *..^.G..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 6:49:48 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 6e c9 bc 00 00 00 00 .nÉ¼....
0028: f3 ea 1d 02 00 00 00 00 óê......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 20 0a 86 c8 bc 3b 86 . .&#134;È¼;&#134;
0058: 00 00 00 00 08 b0 2c 86 .....°,&#134;
0060: 00 00 00 00 b7 64 5e 00 ....·d^.
0068: 2a 00 00 5e 64 b7 00 00 *..^d·..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 5:21:43 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 7e c5 bc 00 00 00 00 .~Å¼....
0028: e7 c1 18 02 00 00 00 00 çÁ......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 b0 e5 85 c8 7a 55 86 .°å&#133;ÈzU&#134;
0058: 00 00 00 00 78 07 e8 85 ....x.è&#133;
0060: 00 00 00 00 bf 62 5e 00 ....¿b^.
0068: 2a 00 00 5e 62 bf 00 00 *..^b¿..
0070: 30 00 00 00 00 00 00 00 0.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 4:49:23 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 9e 60 c0 00 00 00 00 .&#158;`À....
0028: bc dc 16 02 00 00 00 00 ¼Ü......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 c8 7a 55 86 ....ÈzU&#134;
0058: 00 00 00 00 78 07 e8 85 ....x.è&#133;
0060: 00 00 00 00 4f 30 60 00 ....O0`.
0068: 28 00 00 60 30 4f 00 00 (..`0O..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 3:20:05 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 7e 8e a4 24 00 00 00 .~&#142;¤$...
0028: 63 a1 11 02 00 00 00 00 c¡......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 a0 c0 15 86 ....*À.&#134;
0058: 00 00 00 00 28 fe ca 85 ....(þÊ&#133;
0060: 00 00 00 00 3f 47 52 12 ....?GR.
0068: 28 00 12 52 47 3f 00 00 (..RG?..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/29/2010
Time: 1:00:07 AM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 7e 00 bc 00 00 00 00 .~.¼....
0028: ea 6d 09 02 00 00 00 00 êm......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 10 37 86 a0 c0 15 86 ..7&#134;*À.&#134;
0058: 00 00 00 00 28 fe ca 85 ....(þÊ&#133;
0060: 00 00 00 00 3f 00 5e 00 ....?.^.
0068: 2a 00 00 5e 00 3f 00 00 *..^.?..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/28/2010
Time: 9:15:45 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 ee 40 bf 00 00 00 00 .î@¿....
0028: 57 48 fc 01 00 00 00 00 WHü.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 10 fe 85 a0 c0 15 86 ..þ&#133;*À.&#134;
0058: 00 00 00 00 28 fe ca 85 ....(þÊ&#133;
0060: 00 00 00 00 77 a0 5f 00 ....w*_.
0068: 2a 00 00 5f a0 77 00 00 *.._*w..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/28/2010
Time: 8:01:28 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 04 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 de 3d bf 00 00 00 00 .Þ=¿....
0028: 2a ee f7 01 00 00 00 00 *î÷.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 80 01 20 40 . ..&#128;. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 90 d7 85 28 f5 04 86 .×&#133;(õ.&#134;
0058: 00 00 00 00 88 c6 3c 86 ....&#136;Æ<&#134;
0060: 00 00 00 00 ef 9e 5f 00 ....ï&#158;_.
0068: 2a 00 00 5f 9e ef 00 00 *.._&#158;ï..
0070: 28 00 00 00 00 00 00 00 (.......
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/28/2010
Time: 6:49:50 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 ce ce e5 23 00 00 00 .ÎÎå#...
0028: 77 bb f3 01 00 00 00 00 w»ó.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 a0 c0 15 86 ....*À.&#134;
0058: 00 00 00 00 28 fe ca 85 ....(þÊ&#133;
0060: 00 00 00 00 67 e7 f2 11 ....gçò.
0068: 28 00 11 f2 e7 67 00 00 (..òçg..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/28/2010
Time: 5:09:22 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 fe 4d c0 00 00 00 00 .þMÀ....
0028: 93 d8 ed 01 00 00 00 00 &#147;Øí.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 a0 c0 15 86 ....*À.&#134;
0058: 00 00 00 00 28 fe ca 85 ....(þÊ&#133;
0060: 00 00 00 00 ff 26 60 00 ....ÿ&`.
0068: 28 00 00 60 26 ff 00 00 (..`&ÿ..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type:	Warning
Event Source:	Disk
Event Category:	None
Event ID:	51
Date: 4/28/2010
Time: 12:38:46 PM
User: N/A
Computer:	MRANDMRSGREEN
Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..&#128;
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 6e 45 c0 00 00 00 00 .nEÀ....
0028: 96 fd dd 01 00 00 00 00 &#150;ýÝ.....
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..&#132;....
0040: 00 20 0a 12 40 03 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 a0 c0 15 86 ....*À.&#134;
0058: 00 00 00 00 28 fe ca 85 ....(þÊ&#133;
0060: 00 00 00 00 b7 22 60 00 ....·"`.
0068: 28 00 00 60 22 b7 00 00 (..`"·..
0070: 08 00 00 00 00 00 00 00 ........
0078: 70 00 02 00 00 00 00 0a p.......
0080: 00 00 00 00 04 02 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........


----------



## Cookiegal (Aug 27, 2003)

Have you had trouble with a CD not being read or playing properly?


----------



## kena0903 (Jan 24, 2008)

no i have not just the java issue when trying to view certain pages


----------



## Cookiegal (Aug 27, 2003)

Usually the error that keeps repeating in the Event Viewer is due to a dirty CD or an empty one left in the drive,

What other problems remain please?


----------



## kena0903 (Jan 24, 2008)

no other problems just the java issue


----------



## Cookiegal (Aug 27, 2003)

Can you please repeat what the issue is with Java? It was showing installed in your last uninstall list. Are you getting error messages?


----------



## kena0903 (Jan 24, 2008)

get the following prompt: Your browser is not capable of viewing this site because it does not support JavaScript or JavaScript may be disabled. Please enable JavaScript on your browser.


----------



## Cookiegal (Aug 27, 2003)

What browser are you using?


----------



## kena0903 (Jan 24, 2008)

internet explorer


----------



## Cookiegal (Aug 27, 2003)

In IE, click on *Tools *- select *Internet Options *then click on the *Security tab*. Click on *Custom Level *then scroll down to the section called *Scripting*. Select *Enable* under A*ctive Scripting* and click OK.


----------



## kena0903 (Jan 24, 2008)

Had already tried that it is showing java script enabled


----------



## Cookiegal (Aug 27, 2003)

Try disabling Zone Alarm and using just the Windows firewall for a test please.


----------



## kena0903 (Jan 24, 2008)

Still getting the same message with windows firewall


----------



## Cookiegal (Aug 27, 2003)

Try creating a new user account with admin. privileges and see if you still get the same result.


----------



## kena0903 (Jan 24, 2008)

sorry cookie been out of town would not let me set up under admin but i installed new browser and seemed to fix the problem.
What is the next step in cleanup


----------



## Cookiegal (Aug 27, 2003)

Can you explain a bit more? What browser did you install? What did it fix? Are there any remaining problems?


----------



## kena0903 (Jan 24, 2008)

Installed Mozilla firefox and I am able to log on to my accounts. Could not due before because prompt said javascript not enabled. Everything seems better.


----------



## Cookiegal (Aug 27, 2003)

Well if it's fine with Firefox then it has to be settings in IE. Did you try resetting IE to default settings?


----------



## kena0903 (Jan 24, 2008)

Yes I tried and also tried to create an admiin setting as you told me in an earlier post but would not allow me.


----------



## Cookiegal (Aug 27, 2003)

I would try upgrading to IE8 and see if that fixes the problem.


----------



## kena0903 (Jan 24, 2008)

Try to upgrade but no success install never finishes


----------



## Cookiegal (Aug 27, 2003)

What happens? Do you get an error message?


----------



## kena0903 (Jan 24, 2008)

never get a message just never completes. I guess just times out


----------



## Cookiegal (Aug 27, 2003)

Delete ComboFix if you still have it by dragging it to the recycle bin and then grab the latest version, run a new scan and post the log.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## kena0903 (Jan 24, 2008)

Here is the new log:

ComboFix 10-06-23.02 - William 06/23/2010 19:26:50.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.394 [GMT -4:00]
Running from: c:\documents and settings\William\Desktop\puppy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-01 21:52 . 2010-06-01 21:52	503808	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22f68fb0-n\msvcp71.dll
2010-06-01 21:52 . 2010-06-01 21:52	61440	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37fc0e06-n\decora-sse.dll
2010-06-01 21:52 . 2010-06-01 21:52	499712	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22f68fb0-n\jmc.dll
2010-06-01 21:52 . 2010-06-01 21:52	348160	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22f68fb0-n\msvcr71.dll
2010-06-01 21:52 . 2010-06-01 21:52	12800	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37fc0e06-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 22:05 . 2008-10-01 00:29	13325588	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-06-23 22:05 . 2008-10-01 00:29	1189320736	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-06-20 22:41 . 2006-10-20 00:39	--------	d-----w-	c:\documents and settings\William\Application Data\Azureus
2010-06-10 08:31 . 2009-04-20 00:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-05 23:48 . 2010-06-06 17:18	1595904	----a-w-	c:\windows\Internet Logs\xDB13.tmp
2010-06-05 23:48 . 2010-06-06 17:18	2899456	----a-w-	c:\windows\Internet Logs\xDB12.tmp
2010-05-10 22:09 . 2010-05-10 22:07	664	----a-w-	c:\windows\system32\d3d9caps.dat
2010-05-02 05:56 . 2008-10-20 20:33	1850880	----a-w-	c:\windows\system32\win32k.sys
2010-04-23 00:55 . 2010-04-23 00:55	503808	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18262b21-n\msvcp71.dll
2010-04-23 00:55 . 2010-04-23 00:55	499712	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18262b21-n\jmc.dll
2010-04-23 00:55 . 2010-04-23 00:55	348160	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18262b21-n\msvcr71.dll
2010-04-23 00:55 . 2010-04-23 00:55	61440	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-751cc4fe-n\decora-sse.dll
2010-04-23 00:55 . 2010-04-23 00:55	12800	----a-w-	c:\documents and settings\William\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-751cc4fe-n\decora-d3d.dll
2010-04-23 00:54 . 2010-04-23 00:54	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-23 00:52 . 2009-03-12 21:39	117760	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-23 00:15 . 2010-04-23 00:15	0	--sh--w-	c:\windows\S2694E61D.tmp
2010-04-22 23:18 . 2010-02-20 01:48	52224	----a-w-	c:\documents and settings\William\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-20 05:51 . 2004-08-04 10:00	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-04-16 15:36 . 2004-08-04 10:00	662016	----a-w-	c:\windows\system32\wininet.dll
2010-04-16 15:36 . 2004-08-04 10:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-03-31 04:16 . 2010-03-31 04:16	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10 . 2010-03-31 04:10	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2003-08-27 18:19 . 2005-08-11 03:28	36963	-c--a-r-	c:\program files\Common Files\SM1updtr.dll
2005-05-13 21:12 . 2005-05-13 21:12	217073	--sha-r-	c:\windows\meta4.exe
2005-10-24 15:13 . 2005-10-24 15:13	66560	--sha-r-	c:\windows\MOTA113.exe
2005-10-14 01:27 . 2005-10-14 01:27	422400	--sha-r-	c:\windows\x2.64.exe
2005-10-07 23:14 . 2005-10-07 23:14	308224	--sha-r-	c:\windows\SYSTEM32\avisynth.dll
2005-07-14 16:31 . 2005-07-14 16:31	27648	--sha-r-	c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 19:32 . 2005-06-26 19:32	616448	--sha-r-	c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 02:37 . 2005-06-22 02:37	45568	--sha-r-	c:\windows\SYSTEM32\cygz.dll
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\i420vfw.dll
2006-04-27 14:24 . 2006-04-27 14:24	2945024	--sha-r-	c:\windows\SYSTEM32\Smab.dll
2005-02-28 17:16 . 2005-02-28 17:16	240128	--sha-r-	c:\windows\SYSTEM32\x.264.exe
2004-01-25 04:00 . 2004-01-25 04:00	70656	--sha-r-	c:\windows\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((( [email protected]_09.16.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 22:08 . 2010-06-23 22:08	16384 c:\windows\temp\Perflib_Perfdata_248.dat
- 2007-01-29 08:58 . 2009-10-28 15:07	46080 c:\windows\SYSTEM32\tzchange.exe
+ 2007-01-29 08:58 . 2010-04-21 13:28	46080 c:\windows\SYSTEM32\tzchange.exe
- 2005-08-12 21:42 . 2007-07-27 14:41	26488 c:\windows\SYSTEM32\spupdsvc.exe
+ 2005-08-12 21:42 . 2007-08-11 00:46	26488 c:\windows\SYSTEM32\spupdsvc.exe
- 2004-08-04 10:00 . 2009-12-22 05:42	39424 c:\windows\SYSTEM32\pngfilt.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	39424 c:\windows\SYSTEM32\pngfilt.dll
+ 2005-08-05 15:56 . 2010-06-23 20:45	72576 c:\windows\SYSTEM32\PERFC009.DAT
- 2005-08-05 15:56 . 2009-12-09 14:56	72576 c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-11-07 05:07 . 2009-11-07 05:07	49488 c:\windows\SYSTEM32\netfxperf.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	11600 c:\windows\SYSTEM32\MUI\0409\mscorees.dll
+ 2010-05-18 20:47 . 2010-05-18 20:47	85173 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-04 10:00 . 2010-04-16 15:36	16384 c:\windows\SYSTEM32\jsproxy.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	16384 c:\windows\SYSTEM32\jsproxy.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	96256 c:\windows\SYSTEM32\inseng.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	96256 c:\windows\SYSTEM32\inseng.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	55808 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	55808 c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	39424 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	39424 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	16384 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	16384 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	96256 c:\windows\SYSTEM32\DLLCACHE\inseng.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	96256 c:\windows\SYSTEM32\DLLCACHE\inseng.dll
+ 2009-02-20 08:30 . 2010-04-16 15:36	81920 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
- 2009-02-20 08:30 . 2009-12-22 05:42	81920 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2008-10-20 20:34 . 2010-04-16 13:36	18432 c:\windows\SYSTEM32\DLLCACHE\iedw.exe
- 2008-10-20 20:34 . 2009-12-16 12:57	18432 c:\windows\SYSTEM32\DLLCACHE\iedw.exe
- 2008-10-20 20:34 . 2009-12-22 05:42	55808 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	55808 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2010-01-13 14:10 . 2010-01-13 14:10	85504 c:\windows\SYSTEM32\DLLCACHE\cabview.dll
+ 2010-03-05 14:57 . 2010-03-05 14:57	65536 c:\windows\SYSTEM32\DLLCACHE\asycfilt.dll
+ 2004-08-04 10:00 . 2010-01-13 14:10	85504 c:\windows\SYSTEM32\cabview.dll
+ 2004-08-04 10:00 . 2010-03-05 14:57	65536 c:\windows\SYSTEM32\asycfilt.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48	32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 23:16 . 2008-07-29 23:16	32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31	30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-04-20 00:55 . 2010-06-10 08:31	35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-20 00:55 . 2010-02-10 08:15	35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-20 00:55 . 2010-02-10 08:15	18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-20 00:55 . 2010-06-10 08:31	18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-04-20 00:55 . 2010-02-10 08:15	20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-20 00:55 . 2010-06-10 08:31	20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-23 21:39 . 2010-06-23 21:39	60928 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	39424 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAPB94.tmp\PresentationCFFRasterizer.dll
+ 2010-06-23 21:50 . 2010-06-23 21:50	37888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	37888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	36864 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	94208 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ComponentMod#\845d05c78b8b6441f5b61b5ee44cbd86\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-10 08:20 . 2010-06-10 08:20	47104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-23 21:39 . 2010-06-23 21:39	47104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-10 08:18 . 2010-06-10 08:18	39424 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-23 21:38 . 2010-06-23 21:38	39424 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	55296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-09 10:23 . 2009-08-09 10:23	32768 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	32768 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-02-28 22:19 . 2009-10-25 10:11	77312 c:\windows\1mbr.exe
+ 2010-04-22 23:44 . 2009-12-22 05:42	39424 c:\windows\$NtUninstallKB980182$\pngfilt.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	16384 c:\windows\$NtUninstallKB980182$\jsproxy.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	96256 c:\windows\$NtUninstallKB980182$\inseng.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	81920 c:\windows\$NtUninstallKB980182$\ieencode.dll
+ 2010-04-22 23:44 . 2009-12-16 12:57	18432 c:\windows\$NtUninstallKB980182$\iedw.exe
+ 2010-04-22 23:44 . 2009-12-22 05:42	55808 c:\windows\$NtUninstallKB980182$\extmgr.dll
+ 2010-04-22 23:43 . 2004-08-04 10:00	84480 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-04-22 23:41 . 2009-10-28 15:07	46080 c:\windows\$NtUninstallKB979306$\tzchange.exe
+ 2010-04-22 23:41 . 2010-01-23 10:40	16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll
+ 2010-04-22 23:50 . 2007-03-06 01:22	22752 c:\windows\$hf_mig$\KB981350\update\spcustom.dll
+ 2010-04-22 23:50 . 2007-03-06 01:22	14048 c:\windows\$hf_mig$\KB981350\spmsg.dll
+ 2010-04-22 23:51 . 2009-05-26 09:01	26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-22 23:51 . 2009-05-26 09:01	17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-04-22 23:44 . 2008-07-08 13:02	26488 c:\windows\$hf_mig$\KB980182\update\spcustom.dll
+ 2010-04-22 23:44 . 2008-07-08 13:02	17272 c:\windows\$hf_mig$\KB980182\spmsg.dll
+ 2010-02-26 05:37 . 2010-02-26 05:37	81920 c:\windows\$hf_mig$\KB980182\SP3QFE\ieencode.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43	81920 c:\windows\$hf_mig$\KB980182\SP3GDR\ieencode.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	39424 c:\windows\$hf_mig$\KB980182\SP2QFE\pngfilt.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	16384 c:\windows\$hf_mig$\KB980182\SP2QFE\jsproxy.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	96256 c:\windows\$hf_mig$\KB980182\SP2QFE\inseng.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	81920 c:\windows\$hf_mig$\KB980182\SP2QFE\ieencode.dll
+ 2010-02-25 11:17 . 2010-02-25 11:17	18432 c:\windows\$hf_mig$\KB980182\SP2QFE\iedw.exe
+ 2010-02-26 06:05 . 2010-02-26 06:05	55808 c:\windows\$hf_mig$\KB980182\SP2QFE\extmgr.dll
+ 2010-04-22 23:51 . 2009-05-26 11:40	26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-04-22 23:31 . 2010-03-05 14:54	16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-04-22 23:51 . 2009-05-26 11:40	17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-04-22 23:43 . 2008-07-08 13:02	26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-22 23:43 . 2008-07-08 13:02	17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48	86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01	86016 c:\windows\$hf_mig$\KB979309\SP3GDR\cabview.dll
+ 2010-01-13 13:56 . 2010-01-13 13:56	85504 c:\windows\$hf_mig$\KB979309\SP2QFE\cabview.dll
+ 2010-04-22 23:44 . 2008-07-08 13:02	26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-22 23:44 . 2008-07-08 13:02	17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-05-13 07:09 . 2009-05-26 11:40	26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-13 07:09 . 2009-05-26 11:40	17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2010-04-22 23:45 . 2008-07-08 13:02	26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll
+ 2010-04-22 23:45 . 2008-07-08 13:02	17272 c:\windows\$hf_mig$\KB975561\spmsg.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2005-05-17 00:25 . 2010-04-16 13:21	352768 c:\windows\SYSTEM32\xpsp3res.dll
- 2005-05-17 00:25 . 2009-12-16 13:33	352768 c:\windows\SYSTEM32\xpsp3res.dll
+ 2004-08-04 10:00 . 2009-12-24 07:05	177664 c:\windows\SYSTEM32\wintrust.dll
+ 2004-08-04 10:00 . 2010-03-10 08:02	417792 c:\windows\SYSTEM32\vbscript.dll
- 2004-08-04 10:00 . 2007-12-18 14:40	417792 c:\windows\SYSTEM32\vbscript.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	624640 c:\windows\SYSTEM32\urlmon.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	624640 c:\windows\SYSTEM32\urlmon.dll
- 2004-08-04 10:00 . 2009-12-08 09:13	474112 c:\windows\SYSTEM32\shlwapi.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	474112 c:\windows\SYSTEM32\shlwapi.dll
+ 2005-08-05 15:56 . 2010-06-23 20:45	445370 c:\windows\SYSTEM32\PERFH009.DAT
- 2005-08-05 15:56 . 2009-12-09 14:56	445370 c:\windows\SYSTEM32\PERFH009.DAT
- 2004-08-04 10:00 . 2009-12-22 05:42	532480 c:\windows\SYSTEM32\mstime.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	532480 c:\windows\SYSTEM32\mstime.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	146432 c:\windows\SYSTEM32\msrating.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	146432 c:\windows\SYSTEM32\msrating.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	449024 c:\windows\SYSTEM32\mshtmled.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	449024 c:\windows\SYSTEM32\mshtmled.dll
+ 2009-11-07 05:07 . 2009-11-07 05:07	297808 c:\windows\SYSTEM32\mscoree.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07	256280 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-04-23 00:54 . 2010-04-23 00:54	153376 c:\windows\SYSTEM32\javaws.exe
+ 2010-04-23 00:54 . 2010-04-23 00:54	145184 c:\windows\SYSTEM32\javaw.exe
+ 2010-04-23 00:54 . 2010-04-23 00:54	145184 c:\windows\SYSTEM32\java.exe
+ 2004-08-04 10:00 . 2010-01-29 15:08	683520 c:\windows\SYSTEM32\inetcomm.dll
- 2004-08-04 10:00 . 2008-04-11 18:50	683520 c:\windows\SYSTEM32\inetcomm.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	251392 c:\windows\SYSTEM32\iepeers.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	251392 c:\windows\SYSTEM32\iepeers.dll
- 2004-08-10 18:08 . 2009-11-25 08:34	395160 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-08-10 18:08 . 2010-06-10 11:55	395160 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-08-04 10:00 . 2010-04-16 15:36	205312 c:\windows\SYSTEM32\dxtrans.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	205312 c:\windows\SYSTEM32\dxtrans.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	357888 c:\windows\SYSTEM32\dxtmsft.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	357888 c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-20 20:33 . 2010-02-11 12:01	226880 c:\windows\SYSTEM32\DRIVERS\tcpip6.sys
+ 2008-10-20 20:33 . 2010-02-24 12:31	454016 c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys
+ 2009-12-24 07:05 . 2009-12-24 07:05	177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll
+ 2008-10-20 20:33 . 2010-04-16 15:36	662016 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2008-10-20 20:33 . 2009-12-22 05:42	662016 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2008-10-20 20:34 . 2007-12-18 14:40	417792 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2008-10-20 20:34 . 2010-03-10 08:02	417792 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	624640 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	624640 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-20 20:33 . 2010-02-11 12:01	226880 c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys
- 2008-10-20 20:34 . 2009-12-08 09:13	474112 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	474112 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	532480 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	532480 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	146432 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	146432 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	449024 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	449024 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-10-20 20:33 . 2010-02-24 12:31	454016 c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
+ 2008-10-20 20:34 . 2010-01-29 15:08	683520 c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
- 2008-10-20 20:34 . 2008-04-11 18:50	683520 c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	251392 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	251392 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	205312 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	205312 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	357888 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	357888 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	151040 c:\windows\SYSTEM32\DLLCACHE\cdfview.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	151040 c:\windows\SYSTEM32\DLLCACHE\cdfview.dll
+ 2010-04-20 05:51 . 2010-04-20 05:51	285696 c:\windows\SYSTEM32\DLLCACHE\atmfd.dll
+ 2008-10-20 20:34 . 2010-02-12 04:47	100864 c:\windows\SYSTEM32\DLLCACHE\6to4svc.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	151040 c:\windows\SYSTEM32\cdfview.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	151040 c:\windows\SYSTEM32\cdfview.dll
+ 2004-08-04 10:00 . 2010-02-12 04:47	100864 c:\windows\SYSTEM32\6to4svc.dll
+ 2010-03-31 04:16 . 2010-03-31 04:16	130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48	970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48	110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-29 23:16 . 2008-07-29 23:16	110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31	435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-04-23 00:55 . 2010-04-23 00:55	180224 c:\windows\Installer\bbb06.msi
+ 2010-04-23 00:54 . 2010-04-23 00:54	577536 c:\windows\Installer\bbb00.msi
+ 2009-04-20 00:55 . 2010-06-10 08:31	888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-04-20 00:55 . 2010-02-10 08:15	888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-20 00:55 . 2010-06-10 08:31	272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-20 00:55 . 2010-02-10 08:15	272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-20 00:55 . 2010-02-10 08:15	922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-20 00:55 . 2010-06-10 08:31	922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-20 00:55 . 2010-02-10 08:15	845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-20 00:55 . 2010-06-10 08:31	845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2009-04-20 00:55 . 2010-02-10 08:15	217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-20 00:55 . 2010-06-10 08:31	217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-20 20:33 . 2010-02-24 12:31	454016 c:\windows\Driver Cache\I386\mrxsmb.sys
+ 2010-06-10 08:28 . 2010-06-10 08:28	321536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-23 21:42 . 2010-06-23 21:42	240128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-10 08:23 . 2010-06-10 08:23	240128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-23 21:42 . 2010-06-23 21:42	447488 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-10 08:23 . 2010-06-10 08:23	447488 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	400896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml.Linq\77dc5bd578e54e3b4d4fa85812c54e9e\System.Xml.Linq.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	129536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Routing\ad215455d3749147be5d1a92fbdd6d1d\System.Web.Routing.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	202240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	859648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	328704 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity\f7cba9bca91eba67f1d261c5da252a37\System.Web.Entity.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	301056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity.D#\143f578780805abd6e96cab083fbc565\System.Web.Entity.Design.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	547328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4bcfa215524ed1aabd0c62e374cfc7fc\System.Web.DynamicData.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	627200 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	676352 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Security\551a600a93fad3563a9c5a73ead27d77\System.Security.ni.dll
+ 2010-06-10 08:19 . 2010-06-10 08:19	311296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	771584 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	621056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	593408 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Messaging\07da2b0e44d62f3c65d6516f4e2f94bb\System.Messaging.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	998400 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	330752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management.I#\83a686823e83e79bb24ae67a0c85ac5b\System.Management.Instrumentation.ni.dll
+ 2010-06-10 08:25 . 2010-06-10 08:25	381440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-10 08:29 . 2010-06-10 08:29	212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	280064 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	627712 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	208384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	455680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	881152 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	354816 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\ebe4551c698be3d99ec0b71e5507df94\System.Data.Services.Design.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	939008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\9640428d85d4327231185b2786164c83\System.Data.Services.Client.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	756736 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity.#\4db4d41caa8bcde5cc1c25de24f1dec0\System.Data.Entity.Design.ni.dll
+ 2010-06-10 08:31 . 2010-06-10 08:31	135680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.DataSet#\784edd79d8292ed9cc2591d8a4074309\System.Data.DataSetExtensions.ni.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	971264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuration\a01aaf6feb4eac7b3e89dfce9e20adbe\System.Configuration.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	633856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-10 08:28 . 2010-06-10 08:28	366080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-10 08:27 . 2010-06-10 08:27	256000 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-10 08:27 . 2010-06-10 08:27	320512 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-10 08:22 . 2010-06-10 08:22	258048 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-23 21:41 . 2010-06-23 21:41	368128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-23 21:41 . 2010-06-23 21:41	539648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	368128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-23 21:41 . 2010-06-23 21:41	224768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-23 21:41 . 2010-06-23 21:41	258048 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	224768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	539648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	133632 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-10 08:27 . 2010-06-10 08:27	386560 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	144384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	175104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	839680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	222720 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-10 08:26 . 2010-06-10 08:26	410112 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-10 08:29 . 2010-06-10 08:29	842240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	438272 c:\windows\ASSEMBLY\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-09 10:23 . 2009-08-09 10:23	110592 c:\windows\ASSEMBLY\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	110592 c:\windows\ASSEMBLY\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-04-22 23:50 . 2007-12-18 14:40	417792 c:\windows\$NtUninstallKB981350$\vbscript.dll
+ 2010-04-22 23:50 . 2007-03-06 01:23	371424 c:\windows\$NtUninstallKB981350$\spuninst\updspapi.dll
+ 2010-04-22 23:50 . 2007-03-06 01:22	213216 c:\windows\$NtUninstallKB981350$\spuninst\spuninst.exe
+ 2010-04-22 23:51 . 2009-05-26 09:01	382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-22 23:51 . 2009-05-26 09:01	231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-22 23:51 . 2009-12-04 14:41	453760 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-04-22 23:44 . 2009-12-16 13:33	352768 c:\windows\$NtUninstallKB980182$\xpsp3res.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	662016 c:\windows\$NtUninstallKB980182$\wininet.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	624640 c:\windows\$NtUninstallKB980182$\urlmon.dll
+ 2010-04-22 23:44 . 2009-05-26 11:40	382840 c:\windows\$NtUninstallKB980182$\spuninst\updspapi.dll
+ 2010-04-22 23:44 . 2008-07-08 13:02	231288 c:\windows\$NtUninstallKB980182$\spuninst\spuninst.exe
+ 2010-04-22 23:44 . 2009-12-08 09:13	474112 c:\windows\$NtUninstallKB980182$\shlwapi.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	532480 c:\windows\$NtUninstallKB980182$\mstime.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	146432 c:\windows\$NtUninstallKB980182$\msrating.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	449024 c:\windows\$NtUninstallKB980182$\mshtmled.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	251392 c:\windows\$NtUninstallKB980182$\iepeers.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	205312 c:\windows\$NtUninstallKB980182$\dxtrans.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	357888 c:\windows\$NtUninstallKB980182$\dxtmsft.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	151040 c:\windows\$NtUninstallKB980182$\cdfview.dll
+ 2010-04-22 23:51 . 2009-05-26 11:40	382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-22 23:51 . 2009-05-26 11:40	231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-04-22 23:43 . 2009-05-26 11:40	382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-22 23:43 . 2008-07-08 13:02	231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-04-22 23:41 . 2009-05-26 11:40	382840 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll
+ 2010-04-22 23:41 . 2009-05-26 11:40	231288 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe
+ 2010-04-22 23:44 . 2004-08-04 10:00	176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-22 23:44 . 2009-05-26 11:40	382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-22 23:44 . 2008-07-08 13:02	231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-05-13 07:09 . 2009-05-26 11:40	382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-13 07:09 . 2009-05-26 11:40	231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-13 07:09 . 2008-04-11 18:50	683520 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-04-22 23:45 . 2008-06-20 09:52	225920 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-22 23:45 . 2009-05-26 11:40	382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-22 23:45 . 2006-08-16 11:58	100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-04-22 23:45 . 2009-05-26 21:10	382840 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll
+ 2010-04-22 23:45 . 2008-07-08 13:02	231288 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe
+ 2010-04-22 23:50 . 2007-03-06 01:23	371424 c:\windows\$hf_mig$\KB981350\update\updspapi.dll
+ 2010-04-22 23:50 . 2007-03-06 01:22	716000 c:\windows\$hf_mig$\KB981350\update\update.exe
+ 2010-04-22 23:50 . 2007-03-06 01:22	213216 c:\windows\$hf_mig$\KB981350\spuninst.exe
+ 2010-03-10 08:07 . 2010-03-10 08:07	417792 c:\windows\$hf_mig$\KB981350\SP2QFE\vbscript.dll
+ 2010-04-22 23:51 . 2009-05-26 09:01	382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-22 23:51 . 2009-05-26 09:01	755576 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-22 23:51 . 2009-05-26 09:01	231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-22 23:31 . 2010-02-24 11:57	457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-04-22 23:31 . 2010-02-24 13:11	455680 c:\windows\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
+ 2010-04-22 23:31 . 2010-02-24 12:48	457216 c:\windows\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
+ 2010-04-22 23:44 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB980182\update\updspapi.dll
+ 2010-04-22 23:44 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB980182\update\update.exe
+ 2010-04-22 23:44 . 2008-07-08 13:02	231288 c:\windows\$hf_mig$\KB980182\spuninst.exe
+ 2010-02-26 05:37 . 2010-02-26 05:37	668672 c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll
+ 2010-02-26 05:37 . 2010-02-26 05:37	628736 c:\windows\$hf_mig$\KB980182\SP3QFE\urlmon.dll
+ 2010-02-26 05:37 . 2010-02-26 05:37	251904 c:\windows\$hf_mig$\KB980182\SP3QFE\iepeers.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43	667136 c:\windows\$hf_mig$\KB980182\SP3GDR\wininet.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43	627712 c:\windows\$hf_mig$\KB980182\SP3GDR\urlmon.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43	251904 c:\windows\$hf_mig$\KB980182\SP3GDR\iepeers.dll
+ 2010-02-25 11:01 . 2010-02-25 11:01	352768 c:\windows\$hf_mig$\KB980182\SP2QFE\xpsp3res.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	668672 c:\windows\$hf_mig$\KB980182\SP2QFE\wininet.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	628224 c:\windows\$hf_mig$\KB980182\SP2QFE\urlmon.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	474112  c:\windows\$hf_mig$\KB980182\SP2QFE\shlwapi.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	532480 c:\windows\$hf_mig$\KB980182\SP2QFE\mstime.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	146432 c:\windows\$hf_mig$\KB980182\SP2QFE\msrating.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	449024 c:\windows\$hf_mig$\KB980182\SP2QFE\mshtmled.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	251904 c:\windows\$hf_mig$\KB980182\SP2QFE\iepeers.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	205312 c:\windows\$hf_mig$\KB980182\SP2QFE\dxtrans.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	357888 c:\windows\$hf_mig$\KB980182\SP2QFE\dxtmsft.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	151040 c:\windows\$hf_mig$\KB980182\SP2QFE\cdfview.dll
+ 2010-04-22 23:51 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-04-22 23:51 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-04-22 23:51 . 2009-05-26 11:40	231288 c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-04-22 23:43 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-22 23:43 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-22 23:43 . 2008-07-08 13:02	231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-04-22 23:44 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-22 23:44 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-22 23:44 . 2008-07-08 13:02	231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42	178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59	177664 c:\windows\$hf_mig$\KB978601\SP3GDR\wintrust.dll
+ 2009-12-24 06:47 . 2009-12-24 06:47	178176 c:\windows\$hf_mig$\KB978601\SP2QFE\wintrust.dll
+ 2010-05-13 07:09 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-13 07:09 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-13 07:09 . 2009-05-26 11:40	231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53	691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2010-01-29 15:01 . 2010-01-29 15:01	691712 c:\windows\$hf_mig$\KB978542\SP3GDR\inetcomm.dll
+ 2010-01-29 14:45 . 2010-01-29 14:45	683520 c:\windows\$hf_mig$\KB978542\SP2QFE\inetcomm.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-22 23:45 . 2009-05-26 11:40	231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36	226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:27 . 2010-02-12 04:27	100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-02-11 12:02 . 2010-02-11 12:02	226880 c:\windows\$hf_mig$\KB978338\SP3GDR\tcpip6.sys
+ 2010-02-12 04:33 . 2010-02-12 04:33	100864 c:\windows\$hf_mig$\KB978338\SP3GDR\6to4svc.dll
+ 2010-02-11 11:08 . 2010-02-11 11:08	226880 c:\windows\$hf_mig$\KB978338\SP2QFE\tcpip6.sys
+ 2010-02-12 04:36 . 2010-02-12 04:36	100864 c:\windows\$hf_mig$\KB978338\SP2QFE\6to4svc.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-22 23:45 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-22 23:45 . 2009-05-26 11:40	231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2010-04-22 23:45 . 2009-05-26 21:10	382840 c:\windows\$hf_mig$\KB975561\update\updspapi.dll
+ 2010-04-22 23:45 . 2008-07-08 13:02	755576 c:\windows\$hf_mig$\KB975561\update\update.exe
+ 2010-04-22 23:45 . 2008-07-08 13:02	231288 c:\windows\$hf_mig$\KB975561\spuninst.exe
+ 2004-08-04 10:00 . 2010-04-06 08:52	2462720 c:\windows\SYSTEM32\WMVCore.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	1506304 c:\windows\SYSTEM32\shdocvw.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	1506304 c:\windows\SYSTEM32\shdocvw.dll
+ 2004-08-04 10:00 . 2010-02-05 18:40	1291264 c:\windows\SYSTEM32\quartz.dll
- 2004-08-04 10:00 . 2009-11-27 17:33	1291264 c:\windows\SYSTEM32\quartz.dll
+ 2008-10-20 20:33 . 2010-02-16 13:17	2137088 c:\windows\SYSTEM32\ntoskrnl.exe
+ 2008-10-20 20:33 . 2010-02-16 12:39	2016768 c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2004-08-04 10:00 . 2010-04-16 15:36	3065344 c:\windows\SYSTEM32\mshtml.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07	3884312 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2004-08-04 10:00 . 2010-04-06 08:52	2462720 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
+ 2008-10-20 20:33 . 2010-05-02 05:56	1850880 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
+ 2008-10-20 20:34 . 2010-04-16 15:36	1506304 c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	1506304 c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2008-10-20 20:34 . 2010-02-05 18:40	1291264 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
- 2008-10-20 20:34 . 2009-11-27 17:33	1291264 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2008-10-20 20:34 . 2010-02-16 13:19	2181376 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
+ 2008-10-20 20:34 . 2010-02-16 12:39	2016768 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2008-10-20 20:34 . 2010-02-16 12:39	2058368 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-20 20:34 . 2010-02-16 13:17	2137088 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2008-10-20 20:34 . 2010-01-29 15:08	1315840 c:\windows\SYSTEM32\DLLCACHE\msoe.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	3065344 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-10-20 20:34 . 2009-10-23 14:27	3555328 c:\windows\SYSTEM32\DLLCACHE\moviemk.exe
- 2008-10-20 20:34 . 2004-08-04 10:00	3555328 c:\windows\SYSTEM32\DLLCACHE\moviemk.exe
- 2008-10-20 20:34 . 2009-12-22 05:42	1054208 c:\windows\SYSTEM32\DLLCACHE\danim.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	1054208 c:\windows\SYSTEM32\DLLCACHE\danim.dll
- 2008-10-20 20:34 . 2009-12-22 05:42	1023488 c:\windows\SYSTEM32\DLLCACHE\browseui.dll
+ 2008-10-20 20:34 . 2010-04-16 15:36	1023488 c:\windows\SYSTEM32\DLLCACHE\browseui.dll
+ 2009-11-07 05:06 . 2009-11-07 05:06	1130824 c:\windows\SYSTEM32\dfshim.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	1054208 c:\windows\SYSTEM32\danim.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	1054208 c:\windows\SYSTEM32\danim.dll
- 2004-08-04 10:00 . 2009-12-22 05:42	1023488 c:\windows\SYSTEM32\browseui.dll
+ 2004-08-04 10:00 . 2010-04-16 15:36	1023488 c:\windows\SYSTEM32\browseui.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48	5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 08:59 . 2008-11-25 08:59	5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32	5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32	3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-11-09 04:25 . 2009-11-09 04:25	1935360 c:\windows\Installer\91f7b5a.msp
+ 2010-04-24 21:08 . 2010-04-24 21:08	9129984 c:\windows\Installer\756c4c0.msp
+ 2010-03-24 22:54 . 2010-03-24 22:54	2516992 c:\windows\Installer\756c4ad.msp
+ 2010-04-24 21:07 . 2010-04-24 21:07	4667392 c:\windows\Installer\756c49a.msp
+ 2010-04-24 21:05 . 2010-04-24 21:05	4199424 c:\windows\Installer\756c487.msp
+ 2010-05-19 03:35 . 2010-05-19 03:35	5023744 c:\windows\Installer\756c474.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17	2607104 c:\windows\Installer\756c452.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17	4210688 c:\windows\Installer\756c451.msp
+ 2010-04-24 21:10 . 2010-04-24 21:10	8486400 c:\windows\Installer\756c42d.msp
+ 2009-10-16 11:08 . 2009-10-16 11:08	2237952 c:\windows\Installer\685c653c.msp
+ 2010-04-09 19:21 . 2010-04-09 19:21	5025792 c:\windows\Installer\685c6529.msp
+ 2010-02-04 21:24 . 2010-02-04 21:24	9122304 c:\windows\Installer\190f82.msp
+ 2010-02-21 05:00 . 2010-02-21 05:00	8480768 c:\windows\Installer\190f6f.msp
+ 2010-02-21 05:02 . 2010-02-21 05:02	4195840 c:\windows\Installer\190f5c.msp
+ 2010-03-12 03:59 . 2010-03-12 03:59	5031424 c:\windows\Installer\190f49.msp
- 2009-04-20 00:55 . 2010-02-10 08:15	1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-20 00:55 . 2010-06-10 08:31	1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-26 03:50 . 2008-08-26 03:50	2585592 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2008-10-20 20:34 . 2010-02-16 13:19	2181376 c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-10-20 20:34 . 2010-02-16 12:39	2016768 c:\windows\Driver Cache\I386\ntkrpamp.exe
+ 2008-10-20 20:34 . 2010-02-16 12:39	2058368 c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-10-20 20:34 . 2010-02-16 13:17	2137088 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2010-06-23 21:38 . 2010-06-23 21:38	3325440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsBase\f1e6b8a35a2ac15cb2741be624de9cda\WindowsBase.ni.dll
+ 2010-06-10 08:18 . 2010-06-10 08:18	3313664 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsBase\d6ab69c5ab2da8585cf51c738006aaec\WindowsBase.ni.dll
+ 2010-06-23 21:42 . 2010-06-23 21:42	1049600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-10 08:23 . 2010-06-10 08:23	1049600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-10 08:16 . 2010-06-10 08:16	7949824 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	5450752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	1356288 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	1908224 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	4514304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	2992640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	1840640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-10 08:33 . 2010-06-10 08:33	2209280 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	2403328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\10d7e32bd5ad102e9178fffb47ddb92a\System.Web.Extensions.ni.dll
+ 2010-06-10 08:23 . 2010-06-10 08:23	1917952 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	1706496 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-10 08:25 . 2010-06-10 08:25	2345472 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-23 21:41 . 2010-06-23 21:41	1035264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	1035264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-10 08:25 . 2010-06-10 08:25	1070080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityModel\039c2d495feba658be328c521e1a46fa\System.IdentityModel.ni.dll
+ 2010-06-10 08:19 . 2010-06-10 08:19	1587200 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	1116672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-10 08:18 . 2010-06-10 08:18	1801216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Deployment\9e78bd742f9824b0bd42748173ba0197\System.Deployment.ni.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	6616576 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	2510336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	1328128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Services\8d74bffd1e5aec30a05b04c9b563ab70\System.Data.Services.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	1115136 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-10 08:23 . 2010-06-10 08:23	2516480 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Linq\689e219ddb8f80969e4f508c1f399d7e\System.Data.Linq.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	9924096 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity\62ff3adeb3e1990ea637b044ffcec325\System.Data.Entity.ni.dll
+ 2010-06-10 08:23 . 2010-06-10 08:23	2295296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Core\b07f7f5dd13eb6b401700dab7c3a172f\System.Core.ni.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	2128896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ReachFramework\28fb7374ff215b792bb05e718935fddd\ReachFramework.ni.dll
+ 2010-06-23 21:41 . 2010-06-23 21:41	2128896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ReachFramework\1b4af8b47630478bb6880fd070ff5441\ReachFramework.ni.dll
+ 2010-06-10 08:21 . 2010-06-10 08:21	1657856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationUI\f94e9a122aa7372b4a037c857d3f5fd7\PresentationUI.ni.dll
+ 2010-06-23 21:41 . 2010-06-23 21:41	1657856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationUI\c031f3095bcaeb7835625f85f7c25d95\PresentationUI.ni.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	1451008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	1712128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-10 08:27 . 2010-06-10 08:27	1093120 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-10 08:32 . 2010-06-10 08:32	2332160 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	1620992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6e1678e03195c390d3cd3f14ed399936\Microsoft.Build.Tasks.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	1966080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6b6f7a1883ec1fda22de7c4318616e8c\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-10 08:30 . 2010-06-10 08:30	1888768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 20:48 . 2010-06-23 20:48	1249280 c:\windows\ASSEMBLY\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-10 08:17 . 2010-06-10 08:17	5967872 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 20:48 . 2010-06-23 20:48	5279744 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-16 08:13 . 2009-10-16 08:13	5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-09 10:23 . 2009-08-09 10:23	4210688 c:\windows\ASSEMBLY\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 20:48 . 2010-06-23 20:48	4210688 c:\windows\ASSEMBLY\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-10-16 08:14 . 2009-10-16 08:14	4546560 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-23 20:44 . 2010-06-23 20:44	4546560 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	1506304 c:\windows\$NtUninstallKB980182$\shdocvw.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	3063808 c:\windows\$NtUninstallKB980182$\mshtml.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	1054208 c:\windows\$NtUninstallKB980182$\danim.dll
+ 2010-04-22 23:44 . 2009-12-22 05:42	1023488 c:\windows\$NtUninstallKB980182$\browseui.dll
+ 2010-04-22 23:51 . 2009-12-08 18:53	2136064 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-04-22 23:51 . 2009-12-08 18:19	2015744 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-04-22 23:51 . 2009-12-08 18:19	2015744 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-04-22 23:51 . 2009-12-08 18:53	2136064 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-05-13 07:09 . 2009-07-10 13:42	1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-04-22 23:45 . 2004-08-04 10:00	3555328 c:\windows\$NtUninstallKB975561$\moviemk.exe
+ 2010-03-10 04:54 . 2010-03-10 04:54	1509888 c:\windows\$hf_mig$\KB980182\SP3QFE\shdocvw.dll
+ 2010-02-26 05:37 . 2010-02-26 05:37	3073536 c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll
+ 2010-03-10 04:54 . 2010-03-10 04:54	1025024 c:\windows\$hf_mig$\KB980182\SP3QFE\browseui.dll
+ 2010-03-10 04:33 . 2010-03-10 04:33	1509888 c:\windows\$hf_mig$\KB980182\SP3GDR\shdocvw.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43	3073024 c:\windows\$hf_mig$\KB980182\SP3GDR\mshtml.dll
+ 2010-03-10 04:33 . 2010-03-10 04:33	1025024 c:\windows\$hf_mig$\KB980182\SP3GDR\browseui.dll
+ 2010-03-10 04:57 . 2010-03-10 04:57	1509888 c:\windows\$hf_mig$\KB980182\SP2QFE\shdocvw.dll
+ 2010-02-26 19:35 . 2010-02-26 19:35	3073024 c:\windows\$hf_mig$\KB980182\SP2QFE\mshtml.dll
+ 2010-02-26 06:05 . 2010-02-26 06:05	1054208 c:\windows\$hf_mig$\KB980182\SP2QFE\danim.dll
+ 2010-03-10 04:57 . 2010-03-10 04:57	1024000 c:\windows\$hf_mig$\KB980182\SP2QFE\browseui.dll
+ 2010-04-22 23:31 . 2010-02-16 12:52	2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-04-22 23:31 . 2010-02-16 12:12	2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-04-22 23:31 . 2010-02-16 12:12	2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-04-22 23:31 . 2010-02-16 12:50	2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2010-02-17 13:10 . 2010-02-17 13:10	2189952 c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
+ 2010-04-22 23:31 . 2010-02-16 13:25	2024448 c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrpamp.exe
+ 2010-04-22 23:31 . 2010-02-16 13:25	2066816 c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
+ 2010-04-22 23:31 . 2010-02-16 14:08	2146304 c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlmp.exe
+ 2010-04-22 23:31 . 2010-02-16 17:37	2186880 c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
+ 2010-04-22 23:31 . 2010-02-16 16:57	2021888 c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrpamp.exe
+ 2010-02-17 15:57 . 2010-02-17 15:57	2063744 c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
+ 2010-04-22 23:31 . 2010-02-16 17:35	2143744 c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlmp.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53	1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2010-01-29 15:01 . 2010-01-29 15:01	1315328 c:\windows\$hf_mig$\KB978542\SP3GDR\msoe.dll
+ 2010-01-29 14:45 . 2010-01-29 14:45	1315840 c:\windows\$hf_mig$\KB978542\SP2QFE\msoe.dll
+ 2010-04-22 23:30 . 2009-10-23 14:53	3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe
+ 2010-04-22 23:30 . 2009-10-23 15:28	3558912 c:\windows\$hf_mig$\KB975561\SP3GDR\moviemk.exe
+ 2010-04-22 23:30 . 2009-10-23 14:30	3555328 c:\windows\$hf_mig$\KB975561\SP2QFE\moviemk.exe
+ 2005-08-14 00:39 . 2010-05-28 19:37	32472008 c:\windows\SYSTEM32\MRT.exe
+ 2010-03-31 05:23 . 2010-03-31 05:23	15638528 c:\windows\Installer\91f7b67.msp
+ 2010-04-24 21:09 . 2010-04-24 21:09	11750912 c:\windows\Installer\756c4d3.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17	14599680 c:\windows\Installer\756c461.msp
+ 2010-04-24 21:07 . 2010-04-24 21:07	10118144 c:\windows\Installer\756c445.msp
+ 2010-03-22 20:03 . 2010-03-22 20:03	11732992 c:\windows\Installer\190f95.msp
+ 2009-04-03 23:46 . 2009-04-03 23:46	17314688 c:\windows\Installer\$PatchCache$\Managed\00002119AC0000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2010-06-10 08:19 . 2010-06-10 08:19	12430848 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Forms\3aa0a0c2805a6f4cc01ccea56e731ecf\System.Windows.Forms.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	11797504 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-10 08:26 . 2010-06-10 08:26	17403904 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel\18bbc89780277f50796b3b37b56e94e4\System.ServiceModel.ni.dll
+ 2010-06-10 08:22 . 2010-06-10 08:22	10683392 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-10 08:20 . 2010-06-10 08:20	14327808 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\ec4c7fa1cb99303e4f72f95d32ec6427\PresentationFramework.ni.dll
+ 2010-06-23 21:40 . 2010-06-23 21:40	14328320 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\6ab82898d68517acfa2777668affdab8\PresentationFramework.ni.dll
+ 2010-06-23 21:39 . 2010-06-23 21:39	12215808 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCore\df3365a09beb72c6dd91ed838dc5bd9f\PresentationCore.ni.dll
+ 2010-06-10 08:18 . 2010-06-10 08:18	12216320 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCore\8d37eb25bd3631bbf2293f03182b4be3\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-23 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-09 1695744]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-04-22 2046816]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2008-5-10 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-23 00:12	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 11:23	11952	----a-w-	c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 7\\Home Page\\HomePageApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [7/25/2009 7:06 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/25/2009 7:07 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 66632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/25/2009 7:06 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/25/2009 7:06 PM 297752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 12872]
S2 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [10/7/2008 5:51 PM 192512]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
S3 MBAMCatchMe;MBAMCatchMe;c:\program files\Malwarebytes' Anti-Malware\catchme.sys [3/13/2008 5:56 PM 27136]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {F9CA8A0A-B8E8-4242-BEC8-CDF9E56204FE} = 68.87.74.166,68.87.68.166
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
FF - ProfilePath - c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\r7nct8pb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - plugin: c:\documents and settings\William\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 19:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1179142953-2379140430-556052378-1006\Software\Zepter Software\RegLib*8472be43\CloneDVDmobile/1]
"1"=dword:441b3779
"2"=dword:441b3779
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-06-23 19:44:07
ComboFix-quarantined-files.txt 2010-06-23 23:43
ComboFix2.txt 2010-04-22 09:31
ComboFix3.txt 2010-04-20 09:24
ComboFix4.txt 2010-03-24 21:59
ComboFix5.txt 2010-06-23 23:23

Pre-Run: 84,249,243,648 bytes free
Post-Run: 84,887,539,712 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 8C64912EC9849F782E032D7BC5847603


----------



## Cookiegal (Aug 27, 2003)

Please give me a summary of what problems remain with the system.


----------



## kena0903 (Jan 24, 2008)

Still slow and the internet explorer issue


----------



## Cookiegal (Aug 27, 2003)

Unfortunately, this has been going on for some time now and I don't see any other options. I would consider backing up important data, photos, etc. and reformatting the machine.


----------



## kena0903 (Jan 24, 2008)

Will I have to go to another forum or is this something that you could help me with.


----------



## Cookiegal (Aug 27, 2003)

You will have to go to the XP forum for assistance with that as it's not my specialty unfortunately.


----------

