# Solved: ctrl-alt-delete gives not valid window image error



## genoxano (Jan 31, 2004)

Help please , I am getting the error " taskmgr.exe. -bad image " when i try to use ctrl-alt-delete. I also have the message "can't run 16 bit windows program. insufficient memory to run this application" everytime I start my XP. I am also getting multiple error messages when I try to open many of my programs.

HJLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:22 PM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gene\Local Settings\Temporary Internet Files\Content.IE5\DQIY93M1\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=c:\afterdrk\ad.exe c:\afterdrk\adinit.exe 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone-dev.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164665730937
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4299/mcfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab36385.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12652 bytes
T log


----------



## Cookiegal (Aug 27, 2003)

Please download Malwarebytes Anti-Malware form *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.* 
***

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version (it's the fifth one down the list :

*Java Runtime Environment (JRE) 6 Update 7*

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs*
* 

Archives

Mail databases
*
Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## genoxano (Jan 31, 2004)

I have tried the Kaspersky scan several times but it locks rhe computer up and I have to turn it off. I will keep trying for that scan. here is the mbam log.
Malwarebytes' Anti-Malware 1.25
Database version: 1071
Windows 5.1.2600 Service Pack 3

6:03:56 PM 8/22/2008
mbam-log-08-22-2008 (18-03-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 174822
Time elapsed: 3 hour(s), 52 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

Try this one instead.

Please run the *F-Secure Online Scanner*

Note: *You must use Internet Explorer for this scan!*


Accept the License Agreement. 
Once the ActiveX installs click *Full System Scan* 
Once the download completes, the scan will begin automatically. 
The scan will take some time to finish, so please be patient. 
When the scan completes, click the *Automatic cleaning (recommended)* button. 
Click the *Show Report* button and copy and paste the entire report in your next reply.


----------



## genoxano (Jan 31, 2004)

F Secure scan report

Scanning Report
Sunday, August 24, 2008 20:25:36 - 06:59:10
Computer name: DAVID 
Scanning type: Scan system for malware, rootkits 
Target: C:\ 


--------------------------------------------------------------------------------

Result: 1 malware found
TrackingCookie.Webtrends (spyware) 
System 

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 88185 
System: 6123 
Not scanned: 10 
Actions:
Disinfected: 0 
Renamed: 0 
Deleted: 0 
None: 1 
Submitted: 0 
Files not scanned:
C:\PAGEFILE.SYS 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT 
C:\WINDOWS\SYSTEM32\CONFIG\SAM 
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY 
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE 
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM 
C:\PROGRAM FILES\ITSDEDUCTIBLE2005\ID2005DB.MDB 
C:\PROGRAM FILES\ITSDEDUCTIBLE2005\ID2005DB.MDB 
C:\PROGRAM FILES\ITSDEDUCTIBLE2005\ID2005DB.MDB 
C:\PROGRAM FILES\ITSDEDUCTIBLE2005\ID2005DB.MDB 

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0 
F-Secure Hydra: 2.8.8110, 2008-08-24 
F-Secure AVP: 7.0.171, 2008-08-22 
F-Secure Pegasus: 1.20.0, 2008-04-14 
F-Secure Blacklight: 1.0.68 
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR 
Use Advanced heuristics 

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.


----------



## genoxano (Jan 31, 2004)

I get these error messages when i try to open combofix


----------



## Cookiegal (Aug 27, 2003)

Download GMER from: http://gmer.net/index.php

Save it somewhere on your hard drive and unzip it to desktop.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## Cookiegal (Aug 27, 2003)

Are you having problems uploading the attachment?


----------



## genoxano (Jan 31, 2004)

Been away from computer for awhile, here is the GMER scan:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-07 19:54:13
Windows 5.1.2600 Service Pack 3

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1908] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2788] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2788] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2788] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2788] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2788] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2788] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2788] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2788] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat EEF1FD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs avgrsstx.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

---- EOF - GMER 1.0.14 ----


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## genoxano (Jan 31, 2004)

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
AnswerWorks 4.0 Runtime - English
ArcSoft Panorama Maker 4
ArcSoft Print Creations
ArcSoft Print Creations - Photo Calendar
Avery DesignPro
Avery® Wizard 2.1 for Microsoft® Word 2002
AVG Free 8.0
BCM V.92 56K Modem
Belarc Advisor 7.2
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon PowerShot G3 WIA Driver
Canon Utilities ZoomBrowser EX
CCHelp
CCScore
CD LabelMaker
Charter Pipeline® Self-Installation
Classic PhoneTools
Click'N Design 3D for AfterBurner(tm) (V5)
Dell Modem-On-Hold
Dell Movie Studio Diagnostics
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Dell Support Center
DellSupport
Digital Line Detect
DriveCam Player
DriverAgent by TouchStone Software
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDSentry
Easy CD Creator 5 Basic
EasyCleaner
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
Family Lawyer 2004
HijackThis 1.99.1
HLPIndex
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Photosmart Essential 2.5
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HyperLoad
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Java(TM) 6 Update 7
Kodak EasyShare software
KSU
Logitech iTouch Software
Logitech MouseWare 9.79.1 
Magic Snake Game 2003
Malwarebytes' Anti-Malware
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync 3.8
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional
Microsoft Outlook 2000
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
MyDVD
NASCAR Heat
Nikon Message Center
Nikon Transfer
Notifier
NTREGOPT 1.1j
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OTtBP
OTtBPSDK
Paint Shop Pro 7
PCDADDIN
PCDHELP
PCDLNCH
Personal Health & Diet Manager (Desktop Edition)
Personal Health & Diet Manager (Pocket PC Edition)
Photo Explosion Deluxe
Picasa 2
PowerDVD
Quicken 2004
QuickStitch
Readiris 7.5
Roxio CDEngine
Roxio VideoWave Movie Creator
SafeCast Shared Components
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SFR
SFR2
Shockwave
Spybot - Search & Destroy 1.4
Spyware Doctor 3.2
The Print Shop 20
Thrustmapper
TomTom HOME
TurboTax Deluxe 2002
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
UltimateBet
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
USB Driver
VC_MergeModuleToMSI
VPRINTOL
WebCyberCoach 3.2 Dell
WexTech AnswerWorks
Windows Communication Foundation
Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows Workflow Foundation
Windows XP Service Pack 3
WinZip


----------



## Cookiegal (Aug 27, 2003)

Did you download UltimateBet intentionally and use it? If not you should remove it via the Control Panel - Add/Remove programs. This type of program sometimes gets installed without your knowledge and is very risky.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause _"unpredictable results"_.
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Download *SDFix* and save it to your Desktop.

Double click *SDFix.exe* and it will extract the files to %systemdrive% 
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in *Safe Mode* by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press *Enter*
Choose your usual account.

Open the extracted SDFix folder and double click *RunThis.bat* to start the script. 
Type *Y* to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot. 
Press any Key and it will restart the PC. 
When the PC restarts the Fixtool will run again and complete the removal process then display *Finished*, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as *Report.txt* 
(Report.txt will also be copied to the clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.


----------



## genoxano (Jan 31, 2004)

While running the SD fix I received the popup stating "the NTVDM cpu has encounterd an illegal instruction" with some more info approximately 40-50 times and I had a choice of ignore or close. I chose close every time since ignore did nothing.

Here is the SD Fix log,, with the HJT log below:

***************************************************************************************************

*SDFix: Version 1.216 *
Run by gene on Wed 09/10/2008 at 02:03 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\gene\Desktop\SDFix

*Checking Services *:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

*Checking Files *:

No Trojan Files Found

Removing Temp Files

*ADS Check *:

*Final Check *:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 14:23:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

*Remaining Services *:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

*Remaining Files *:

File Backups: - C:\DOCUME~1\gene\Desktop\SDFix\backups\backups.zip

*Files with Hidden Attributes *:

Mon 7 Jul 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 11 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT2.tmp"
Mon 30 Jul 2007 8 A..H. --- "C:\Documents and Settings\gayle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 30 Jul 2007 8 A..H. --- "C:\Documents and Settings\gayle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 30 Jul 2007 8 A..H. --- "C:\Documents and Settings\gayle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 30 Jul 2007 8 A..H. --- "C:\Documents and Settings\gayle\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 9 Jun 2007 8 A..H. --- "C:\Documents and Settings\gene\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 9 Jun 2007 8 A..H. --- "C:\Documents and Settings\gene\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 9 Jun 2007 8 A..H. --- "C:\Documents and Settings\gene\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sat 9 Jun 2007 8 A..H. --- "C:\Documents and Settings\gene\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

*Finished!*

**************************************************************************************************

Logfile of HijackThis v1.99.1
Scan saved at 2:41:36 PM, on 9/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone-dev.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam.com/videos/DriveCamEvent.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164665730937
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4299/mcfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab36385.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe


----------



## Cookiegal (Aug 27, 2003)

Let's try ComboFix again but do the following to uninstall it and then following the instructions get the latest version please.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to ComboFox.exe please.


----------



## genoxano (Jan 31, 2004)

I'm getting error messages when I try to run ComboFix as previously. I renamed it to ComboFox when I saved it. I get the error about it not being a "valid windows image"(posted earlier on 8/26) and a new one that states that "C:\327882R2FWJFW\Findstr,cfexe not a valid Win32 application."


----------



## Cookiegal (Aug 27, 2003)

Are you sure you disabled all your security programs?


----------



## genoxano (Jan 31, 2004)

I disabled all that I'm aware of that I have.


----------



## Cookiegal (Aug 27, 2003)

Try without renaming it then and run it in safe mode if it won't run in normal mode please.


----------



## genoxano (Jan 31, 2004)

I get the same error messages in safe mode, with all security protection turned off.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## genoxano (Jan 31, 2004)

This is the list for the application errors from event viewer. I will immediately be posting the system as an attachment.

Event Type:	Error
Event Source:	.NET Runtime
Event Category:	None
Event ID:	1023
Date: 9/13/2008
Time: 2:55:00 PM
User: N/A
Computer:	DAVID
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	.NET Runtime
Event Category:	None
Event ID:	1023
Date: 9/13/2008
Time: 11:09:15 AM
User: N/A
Computer:	DAVID
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	.NET Runtime
Event Category:	None
Event ID:	1023
Date: 9/13/2008
Time: 8:44:28 AM
User: N/A
Computer:	DAVID
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	.NET Runtime
Event Category:	None
Event ID:	1023
Date: 9/12/2008
Time: 7:46:20 PM
User: N/A
Computer:	DAVID
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	.NET Runtime
Event Category:	None
Event ID:	1023
Date: 9/12/2008
Time: 6:10:28 PM
User: N/A
Computer:	DAVID
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	.NET Runtime
Event Category:	None
Event ID:	1023
Date: 9/12/2008
Time: 5:49:18 PM
User: N/A
Computer:	DAVID
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	.NET Runtime
Event Category:	None
Event ID:	1023
Date: 9/11/2008
Time: 8:16:42 PM
User: N/A
Computer:	DAVID
Description:
.NET Runtime version 2.0.50727.1433 - Fatal Execution Engine Error (79FFEE24) (80131506)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/13/2008
Time: 7:58:54 PM
User: N/A
Computer:	DAVID
Description:
The Remote Access Connection Manager service terminated with the following error: 
Remote Access Connection Manager is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Rasman
Event Category:	None
Event ID:	20063
Date: 9/13/2008
Time: 7:58:54 PM
User: N/A
Computer:	DAVID
Description:
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c1 00 00 00 Á...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/13/2008
Time: 7:58:53 PM
User: N/A
Computer:	DAVID
Description:
The Remote Access Connection Manager service terminated with the following error: 
Remote Access Connection Manager is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Rasman
Event Category:	None
Event ID:	20063
Date: 9/13/2008
Time: 7:58:53 PM
User: N/A
Computer:	DAVID
Description:
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c1 00 00 00 Á...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/13/2008
Time: 7:58:54 PM
User: N/A
Computer:	DAVID
Description:
The Remote Access Connection Manager service terminated with the following error: 
Remote Access Connection Manager is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Rasman
Event Category:	None
Event ID:	20063
Date: 9/13/2008
Time: 7:58:54 PM
User: N/A
Computer:	DAVID
Description:
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c1 00 00 00 Á...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/13/2008
Time: 7:58:53 PM
User: N/A
Computer:	DAVID
Description:
The Remote Access Connection Manager service terminated with the following error: 
Remote Access Connection Manager is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Rasman
Event Category:	None
Event ID:	20063
Date: 9/13/2008
Time: 7:58:53 PM
User: N/A
Computer:	DAVID
Description:
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c1 00 00 00 Á...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/13/2008
Time: 7:58:54 PM
User: N/A
Computer:	DAVID
Description:
The Remote Access Connection Manager service terminated with the following error: 
Remote Access Connection Manager is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Rasman
Event Category:	None
Event ID:	20063
Date: 9/13/2008
Time: 7:58:54 PM
User: N/A
Computer:	DAVID
Description:
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c1 00 00 00 Á...

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/13/2008
Time: 7:58:53 PM
User: N/A
Computer:	DAVID
Description:
The Remote Access Connection Manager service terminated with the following error: 
Remote Access Connection Manager is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Rasman
Event Category:	None
Event ID:	20063
Date: 9/13/2008
Time: 7:58:53 PM
User: N/A
Computer:	DAVID
Description:
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.
is not a valid Win32 application.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c1 00 00 00 Á...


----------



## genoxano (Jan 31, 2004)

samples of errors from systm in previous message, this is a copy of event viewer attached


----------



## Cookiegal (Aug 27, 2003)

It doesn't look to be malware related but you may have some corrupted files.

Do you have your XP CD?

Did you try to do a system restore back to before this problem started?


----------



## genoxano (Jan 31, 2004)

It will not allow me to do a restore to an earlier date and I do have my XP cd.


----------



## Cookiegal (Aug 27, 2003)

Go to the following link and follow the instructions to run chkdsk:

There can be serveral phases to the chkdsk run and it will reboot automatically when it is finished. Then double click the last "winlogon" entry in the Event Viewer Applications log to open a log of what chkdsk fixed. Then click on the icon that looks like two pieces of paper to copy the report to the clipboard and then paste it in a reply here.

http://www.housing.hawaii.edu/resources/support/chkdsk.htm


----------



## genoxano (Jan 31, 2004)

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 9/14/2008
Time: 11:46:19 PM
User: N/A
Computer:	DAVID
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 79 unused index entries from index $SII of file 0x9.
Cleaning up 79 unused index entries from index $SDH of file 0x9.
Cleaning up 79 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Windows replaced bad clusters in file 85
of name \I386\ARTRO.TT_.
Windows replaced bad clusters in file 150
of name \I386\CANVAS.WM_.
Windows replaced bad clusters in file 151
of name \I386\CAP7146.SY_.
Windows replaced bad clusters in file 237
of name \I386\COURBI.TT_.
Windows replaced bad clusters in file 248
of name \I386\COURI.TT_.
Windows replaced bad clusters in file 257
of name \I386\C_10001.NL_.
Windows replaced bad clusters in file 277
of name \I386\C_20001.NL_.
Windows replaced bad clusters in file 280
of name \I386\C_20004.NL_.
Windows replaced bad clusters in file 311
of name \I386\C_20949.NL_.
Windows replaced bad clusters in file 342
of name \I386\DKCONP.CH_.
Windows replaced bad clusters in file 360
of name \I386\DX3.ZI_.
Windows replaced bad clusters in file 397
of name \I386\EXP800_T.IC_.
Windows replaced bad clusters in file 398
of name \I386\EXP836XR.IC_.
Windows replaced bad clusters in file 415
of name \I386\FRAMD.TT_.
Windows replaced bad clusters in file 459
of name \I386\GT3000_R.IC_.
Windows replaced bad clusters in file 476
of name \I386\HEADSP~1.WM_.
Windows replaced bad clusters in file 477
of name \I386\HEART.WM_.
Windows replaced bad clusters in file 480
of name \I386\HELPSVC.EX_.
Windows replaced bad clusters in file 488
of name \I386\HIVESFT.INF.
Windows replaced bad clusters in file 489
of name \I386\HIVESYS.INF.
Windows replaced bad clusters in file 508
of name \I386\HRTZRES.DL_.
Windows replaced bad clusters in file 512
of name \I386\HSCXPSP1.CAB.
Windows replaced bad clusters in file 514
of name \I386\HWCOMP.DAT.
Windows replaced bad clusters in file 519
of name \I386\IMPACT.TT_.
Windows replaced bad clusters in file 578
of name \I386\KSC.NL_.
Windows replaced bad clusters in file 614
of name \I386\L_10646.TT_.
Windows replaced bad clusters in file 617
of name \I386\MANAGER.CAB.
Windows replaced bad clusters in file 686
of name \I386\MSN220.MA_.
Windows replaced bad clusters in file 690
of name \I386\MSN238.MA_.
Windows replaced bad clusters in file 696
of name \I386\MSNCSAPI.DL_.
Windows replaced bad clusters in file 700
of name \I386\MSNMETAL.DL_.
Windows replaced bad clusters in file 716
of name \I386\MTSTOCOM.EX_.
Windows replaced bad clusters in file 720
of name \I386\MUSIC.BM_.
Windows replaced bad clusters in file 721
of name \I386\MUSIC.WM_.
Windows replaced bad clusters in file 723
of name \I386\MVBOLI.TT_.
Windows replaced bad clusters in file 731
of name \I386\NETCFGP.CH_.
Windows replaced bad clusters in file 735
of name \I386\NEWSTRYS.WM_.
Windows replaced bad clusters in file 737
of name \I386\NLS302EN.LE_.
Windows replaced bad clusters in file 739
of name \I386\NOTIFLAG.EX_.
Windows replaced bad clusters in file 740
of name \I386\NPDRMV2.DL_.
Windows replaced bad clusters in file 746
of name \I386\NTARTP.CH_.
Windows replaced bad clusters in file 747
of name \I386\NTCMDSP.CH_.
Windows replaced bad clusters in file 748
of name \I386\NTDEFP.CH_.
Windows replaced bad clusters in file 750
of name \I386\NTKRNLMP.EX_.
Windows replaced bad clusters in file 757
of name \I386\OPTIK.WM_.
Windows replaced bad clusters in file 769
of name \I386\PASSWRDP.CH_.
Windows replaced bad clusters in file 776
of name \I386\PEER.EX_.
Windows replaced bad clusters in file 777
of name \I386\PER124_R.IC_.
Windows replaced bad clusters in file 778
of name \I386\PER124_T.IC_.
Windows replaced bad clusters in file 781
of name \I386\PER640_R.IC_.
Windows replaced bad clusters in file 783
of name \I386\PER_INTR.SW_.
Windows replaced bad clusters in file 807
of name \I386\PRINTP.CH_.
Windows replaced bad clusters in file 819
of name \I386\RADIANCE.JP_.
Windows replaced bad clusters in file 820
of name \I386\RADIO.WM_.
Windows replaced bad clusters in file 832
of name \I386\ROD.TT_.
Windows replaced bad clusters in file 839
of name \I386\RTCIMSP.DL_.
Windows replaced bad clusters in file 849
of name \I386\RWIA330.DL_.
Windows replaced bad clusters in file 852
of name \I386\SAM.SP_.
Windows replaced bad clusters in file 855
of name \I386\SBP2PORT.SY_.
Windows replaced bad clusters in file 857
of name \I386\SERE1255.FO_.
Windows replaced bad clusters in file 860
of name \I386\SERF1255.FO_.
Windows replaced bad clusters in file 864
of name \I386\SERIFEE.FO_.
Windows replaced bad clusters in file 867
of name \I386\SERIFET.FO_.
Windows replaced bad clusters in file 874
of name \I386\SETUP16.IN_.
Windows replaced bad clusters in file 876
of name \I386\SETUPDD.SY_.
Windows replaced bad clusters in file 884
of name \I386\SHVL.DL_.
Windows replaced bad clusters in file 947
of name \I386\SP1.CAB.
Windows replaced bad clusters in file 1012
of name \I386\TFFSPORT.SY_.
Windows replaced bad clusters in file 1093
of name \I386\UTOPIARE.WA_.
Windows replaced bad clusters in file 1145
of name \I386\WEITEKP9.SY_.
Windows replaced bad clusters in file 1162
of name \I386\WINHELP.EX_.
Windows replaced bad clusters in file 1165
of name \I386\WINNT.EXE.
Windows replaced bad clusters in file 1203
of name \I386\XPCRTSTP.WA_.
Windows replaced bad clusters in file 1207
of name \I386\XPEXCL.WA_.
Windows replaced bad clusters in file 1209
of name \I386\XPHDINST.WA_.
Windows replaced bad clusters in file 1212
of name \I386\XPLOGON.WA_.
Windows replaced bad clusters in file 1421
of name \I386\LANG\BATANG.TT_.
Windows replaced bad clusters in file 1508
of name \I386\LANG\PINTLGNT.IM_.
Windows replaced bad clusters in file 1529
of name \I386\LANG\TINTLGD_.IM_.
Windows replaced bad clusters in file 2298
of name \I386\SYSTEM32\SMSS.EXE.
Windows replaced bad clusters in file 2428
of name \I386\HTML32.CN_.
Windows replaced bad clusters in file 2431
of name \I386\ICWCONN2.EX_.
Windows replaced bad clusters in file 2456
of name \I386\MSADCF.DL_.
Windows replaced bad clusters in file 2458
of name \I386\MSADCO.DL_.
Windows replaced bad clusters in file 2460
of name \I386\MSADCS.DL_.
Windows replaced bad clusters in file 2466
of name \I386\MSADO21.TL_.
Windows replaced bad clusters in file 2468
of name \I386\MSADO26.TL_.
Windows replaced bad clusters in file 2486
of name \I386\MSDASQL.DL_.
Windows replaced bad clusters in file 2503
of name \I386\MSWRD832.CN_.
Windows replaced bad clusters in file 2505
of name \I386\NAC.DL_.
Windows replaced bad clusters in file 2508
of name \I386\NMAS.DL_.
Windows replaced bad clusters in file 2510
of name \I386\NMCHAT.DL_.
Windows replaced bad clusters in file 2511
of name \I386\NMCOM.DL_.
Windows replaced bad clusters in file 2514
of name \I386\NMWB.DL_.
Windows replaced bad clusters in file 2530
of name \I386\SAPI.CP_.
Windows replaced bad clusters in file 2532
of name \I386\SAPISVR.EX_.
Windows replaced bad clusters in file 2560
of name \I386\SOUND27.WA_.
Windows replaced bad clusters in file 2606
of name \I386\TABLE.BM_.
Windows replaced bad clusters in file 2666
of name \DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Logs\CH559A~1.LOG.
Windows replaced bad clusters in file 2754
of name \WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\REMOTE~1.LNK.
Windows replaced bad clusters in file 2763
of name \WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\ACCESS~1\SYNCHR~1.LNK.
Windows replaced bad clusters in file 2765
of name \WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\MYDOCU~1\My Music\FLIGHT~1.MP3.
Windows replaced bad clusters in file 2776
of name \WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\ACCESS~1\COMMAN~1.LNK.
Windows replaced bad clusters in file 2778
of name \WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\ACCESS~1\TOURWI~1.LNK.
Windows replaced bad clusters in file 2779
of name \WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\ACCESS~1\Notepad.lnk.
Windows replaced bad clusters in file 2780
of name \WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\ACCESS~1\WINDOW~1.LNK.
Windows replaced bad clusters in file 2806
of name \WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\MICROS~1\CLRSEC~1\v1.0.3705\SECURI~1.CCH.
Windows replaced bad clusters in file 2821
of name \WINDOWS\SYSTEM32\DRIVERS\ETC\SERVICES.
Windows replaced bad clusters in file 3114
of name \WINDOWS\$N4EBE~1\olecli32.dll.
Windows replaced bad clusters in file 3262
of name \WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\IMAGES\PISAM.JPG.
Windows replaced bad clusters in file 3300
of name \WINDOWS\SYSTEM32\OOBE\IMAGES\DIALUP.GIF.
Windows replaced bad clusters in file 3327
of name \WINDOWS\SYSTEM32\OOBE\IMAGES\QMARK.GIF.
Windows replaced bad clusters in file 3342
of name \WINDOWS\SYSTEM32\OOBE\IMAGES\AOL2.JPG.
Windows replaced bad clusters in file 3368
of name \WINDOWS\SYSTEM32\OOBE\SETUP\ISPWAIT.HTM.
Windows replaced bad clusters in file 3469
of name \WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPNOANW.HTM.
Windows replaced bad clusters in file 3470
of name \WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPPHBSY.HTM.
Windows replaced bad clusters in file 3672
of name \WINDOWS\DOWNLO~1\CONFLICT.14\zsetup.exe.
Windows replaced bad clusters in file 3851
of name \PROGRA~1\Belarc\Advisor\System\BAExt16.dll.
Windows replaced bad clusters in file 3951
of name \SYSTEM~1\_RESTO~1\RP817\A0073076.dll.
Windows replaced bad clusters in file 4167
of name \PROGRA~1\Belarc\Advisor\System\BELNOT~1.LNK.
Windows replaced bad clusters in file 4168
of name \PROGRA~1\Belarc\Advisor\System\KillDTG.lnk.
Windows replaced bad clusters in file 4922
of name \DOCUME~1\ALLUSE~1\APPLIC~1\Intuit\TurboTax\TY04\TURBOT~1\Cache\S2004F~1.HEF.
Windows replaced bad clusters in file 4923
of name \DOCUME~1\ALLUSE~1\APPLIC~1\Intuit\TurboTax\TY04\TURBOT~1\Cache\APPLIC~1.HEF.
Windows replaced bad clusters in file 4924
of name \DOCUME~1\ALLUSE~1\APPLIC~1\Intuit\TurboTax\TY04\TURBOT~1\Cache\S2004U~1.DGG.
Windows replaced bad clusters in file 4927
of name \DOCUME~1\ALLUSE~1\APPLIC~1\Intuit\TurboTax\TY04\TURBOT~1\Cache\S2004Z~1.HEF.
Windows replaced bad clusters in file 4949
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\dlg\DH9611~1.HTM.
Windows replaced bad clusters in file 5037
of name \WINDOWS\SYSTEM32\GB2312.UCE.
Windows replaced bad clusters in file 5039
of name \SYSTEM~1\_RESTO~1\RP817\A0072826.dll.
Windows replaced bad clusters in file 5244
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\00_04_2.gif.
Windows replaced bad clusters in file 5522
of name \WINDOWS\SYSTEM32\DirectX\Dinput\MS28_8.PNG.
Windows replaced bad clusters in file 5609
of name \WINDOWS\$N70D8~1\spuninst\spuninst.exe.
Windows replaced bad clusters in file 5757
of name \WINDOWS\IE7UPD~1\KB9426~1\wininet.dll.
Windows replaced bad clusters in file 5806
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\12.gif.
Windows replaced bad clusters in file 5829
of name \SYSTEM~1\_RESTO~1\RP817\A0073496.dll.
Windows replaced bad clusters in file 5831
of name \WINDOWS\IE7UPD~1\KB9426~1\inetcpl.cpl.
Windows replaced bad clusters in file 6079
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\dyt\dyt_04.html.
Windows replaced bad clusters in file 6082
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\eap\eap_00.html.
Windows replaced bad clusters in file 6083
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\eap\eap_01.html.
Windows replaced bad clusters in file 6086
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\help\help_01.html.
Windows replaced bad clusters in file 6088
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\help\help_02.html.
Windows replaced bad clusters in file 6089
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\help\help_03.html.
Windows replaced bad clusters in file 6105
of name \WINDOWS\IE7UPD~1\KB9426~1\iexplore.exe.
Windows replaced bad clusters in file 6108
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\images\00_04_2.gif.
Windows replaced bad clusters in file 6392
of name \WINDOWS\INF\ks.PNF.
Windows replaced bad clusters in file 6498
of name \WINDOWS\REGOPT.LOG.
Windows replaced bad clusters in file 6502
of name \WINDOWS\COMSETUP.LOG.
Windows replaced bad clusters in file 6548
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\images\00.gif.
Windows replaced bad clusters in file 6570
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\images\04.gif.
Windows replaced bad clusters in file 6587
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\images\06.gif.
Windows replaced bad clusters in file 6593
of name \PROGRA~1\TurboTax\DELUXE~3\32bit\local\tour\images\07.gif.
Windows replaced bad clusters in file 6754
of name \SYSTEM~1\_RESTO~1\RP817\A0072649.dll.
Windows replaced bad clusters in file 6885
of name \SYSTEM~1\_RESTO~1\RP819\A0076708.cfg.
Windows replaced bad clusters in file 6891
of name \DOCUME~1\ALLUSE~1\APPLIC~1\SPYBOT~1\Logs\CH8ADA~1.LOG.
Windows replaced bad clusters in file 6898
of name \WINDOWS\Help\CONF.CHM.
Windows replaced bad clusters in file 6923
of name \WINDOWS\Help\WINCHAT.CHM.
Windows replaced bad clusters in file 7108
of name \WINDOWS\Help\Tours\WINDOW~1\Video\NUSKIN.WMV.
Windows replaced bad clusters in file 7276
of name \SYSTEM~1\_RESTO~1\RP817\snapshot\_REGIS~1.
Windows replaced bad clusters in file 7277
of name \SYSTEM~1\_RESTO~1\RP817\snapshot\_REGIS~2.
Windows replaced bad clusters in file 7782
of name \WINDOWS\$N70D0~1\wmasf.dll.
Windows replaced bad clusters in file 7879
of name \WINDOWS\SESSMG~1.LOG.
Windows replaced bad clusters in file 8780
of name \WINDOWS\NTDTCS~1.LOG.
Windows replaced bad clusters in file 8795
of name \WINDOWS\WMSysPrx.prx.
Windows replaced bad clusters in file 8816
of name \DOCUME~1\ALLUSE~1\DRM\drmv2.lic.
Windows replaced bad clusters in file 8838
of name \WINDOWS\INSTAL~1\{7EE9D~1\WIN2KI~1.EXE.
Windows replaced bad clusters in file 8843
of name \WINDOWS\INSTAL~1\{764D0~1\Win2Kico.exe.
Windows replaced bad clusters in file 8900
of name \WINDOWS\INF\BIOSINFO.PNF.
Windows replaced bad clusters in file 8928
of name \DRIVERS\MOUSE\LHIDUSB.SYS.
Windows replaced bad clusters in file 8931
of name \DRIVERS\MOUSE\LMOUFRC.DLL.
Windows replaced bad clusters in file 8947
of name \DRIVERS\AUDIO\SMWDMCH2.INF.
Windows replaced bad clusters in file 8948
of name \DRIVERS\AUDIO\SMWDMCH4.INF.
Windows replaced bad clusters in file 8949
of name \DRIVERS\AUDIO\SMX.CAT.
Windows replaced bad clusters in file 8950
of name \DRIVERS\AUDIO\SMWDMCH2.PNF.
Windows replaced bad clusters in file 8976
of name \DRIVERS\NETWORK\ONBOARD\E100BNT5.SYS.
Windows replaced bad clusters in file 9141
of name \WINDOWS\SYSTEM32\DLLCACHE\MAPIMIG.CAT.
Windows replaced bad clusters in file 9145
of name \I386\USBPORT.SYS.
Windows replaced bad clusters in file 9446
of name \SYSTEM~1\_RESTO~1\RP817\snapshot\_R9E75~1.
Windows replaced bad clusters in file 9592
of name \PROGRA~1\INSTAL~1\{5809E~1\setup.ilg.
Windows replaced bad clusters in file 9863
of name \WINDOWS\$NTUNI~1.165\iepeers.dll.
Windows replaced bad clusters in file 9875
of name \WINDOWS\$NTUNI~1.165\urlmon.dll.
Windows replaced bad clusters in file 9876
of name \WINDOWS\$NTUNI~1.165\wininet.dll.
Windows replaced bad clusters in file 9878
of name \WINDOWS\$NTUNI~1.165\reg00004.
Windows replaced bad clusters in file 9879
of name \WINDOWS\$NTUNI~1.165\reg00005.
Windows replaced bad clusters in file 9880
of name \WINDOWS\$NTUNI~1.165\reg00006.
Windows replaced bad clusters in file 9881
of name \WINDOWS\$NTUNI~1.165\reg00007.
Windows replaced bad clusters in file 9882
of name \WINDOWS\$NTUNI~1.165\reg00008.
Windows replaced bad clusters in file 9883
of name \WINDOWS\$NTUNI~1.165\reg00009.
Windows replaced bad clusters in file 9884
of name \WINDOWS\$NTUNI~1.165\reg00010.
Windows replaced bad clusters in file 9885
of name \WINDOWS\$NTUNI~1.165\reg00011.
Windows replaced bad clusters in file 9886
of name \WINDOWS\$NTUNI~1.165\reg00012.
W

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Go to the Run box on the Start Menu and type in (be sure to include the space bewtween sfc and /:

*sfc /scannow*

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. You may be prompted to insert the XP CD>


----------



## genoxano (Jan 31, 2004)

I tried to run the sfc /scannow and when it asked for the cd it does not recognize the MS Windows XP home edition cd(SP1). It replies that I have inserted the wrong cd.. I tested the cd drive with a music cd and also a picture cd and the cd drive works with those cds. I checked the windows xp cd on my laptop and it is ok there. I also tried it in the dvd/cd drive with the same results.


----------



## Cookiegal (Aug 27, 2003)

When it asked for the CD, do you remember what file it was looking for?

Please do a search for the following and let me know the path to all instances. Be sure to unhide files/folders first:

*i386*


----------



## genoxano (Jan 31, 2004)

I did not do a complete scannow, it kept asking for the cd (approx.25-30 times ) so I stopped running it. It did not give any indication of what files it needed. 

I have attached the search for i386.


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run *then copy and paste the following:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup"*

You won't see anything happen and it will only take a second but a file will be created under C:\look.txt. Please open that file in Notepad and copy and paste the contents here.


----------



## genoxano (Jan 31, 2004)

I ran that, and so far it has more than 700 pages of text in word. There is all kind of trash in there. It is still filling up more pages in word. There appears to be long distance and international calling, porn web sites, all kind of .com sites. It is still going but I think the file is going to be much larger than I can send. When it finishes I will see how big it really is.


----------



## genoxano (Jan 31, 2004)

It is up to 4300 pages now and still going, have i unleashed a virus or something ? Are you familiar with SuzanneBrecht.com ?


----------



## Cookiegal (Aug 27, 2003)

That doesn't sound right at all. Just upload the first page of the text. It should not be in Word but in Notepad.


----------



## genoxano (Jan 31, 2004)

My Notepad doesn't work (will only flash real quick on the screen and goes away). Wordpad and Word or Paint are where I have to put everything. Is this enough info or do I need to post some more?

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\DELL__\4550___]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE]

[HKEY_LOCAL_MACHINE\HARDWARE]

[HKEY_LOCAL_MACHINE\HARDWARE\ACPI]

[HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT]

[HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\DELL]

[HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\DELL\dt_ex]

[HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\DELL\dt_ex\00001000]
"00000000"=hex:44,53,44,54,d0,22,00,00,01,ab,44,45,4c,4c,00,00,64,74,5f,65,78,\
00,00,00,00,10,00,00,4d,53,46,54,0d,00,00,01,14,07,44,42,49,4e,00,a3,10,4f,\
05,5c,00,5b,82,21,5c,2e,5f,53,42,5f,56,42,54,4e,08,5f,48,49,44,0c,41,d0,0c,\
0c,08,5f,50,52,57,12,06,02,0a,01,0a,04,5b,80,5c,53,53,54,53,01,0b,28,08,0a,\
01,5b,81,0c,5c,53,53,54,53,41,54,53,54,53,01,5b,80,5c,53,41,43,54,01,0b,2a,\
08,0a,01,5b,81,0e,5c,53,41,43,54,41,00,02,54,50,4f,4c,01,10,28,5c,5f,47,50,\
45,14,21,5f,4c,30,30,00,70,0a,00,54,50,4f,4c,70,0a,01,54,53,54,53,86,5c,2e,\
5f,53,42,5f,56,42,54,4e,0a,02,08,4d,53,4f,53,0a,00,5b,01,4d,54,58,5f,01,14,\
38,43,4d,52,44,01,5b,23,53,4d,49,4d,ff,ff,70,68,60,7b,60,0a,7f,60,70,60,53,\
4d,49,44,70,0a,84,53,4d,49,43,70,0a,85,53,4d,49,43,70,53,4d,49,44,60,5b,27,\
53,4d,49,4d,a4,60,14,36,43,4d,57,52,02,5b,23,53,4d,49,4d,ff,ff,70,68,60,7d,\
60,0a,80,60,70,60,53,4d,49,44,70,0a,84,53,4d,49,43,70,69,53,4d,49,44,70,0a,\
85,53,4d,49,43,5b,27,53,4d,49,4d,14,11,47,43,4b,42,00,a4,7b,0a,20,43,4d,52,\
44,0a,26,00,14,11,47,43,4d,53,00,a4,7b,0a,40,43,4d,52,44,0a,6f,00,14,11,47,\
43,4f,4e,00,a4,7b,0a,04,43,4d,52,44,0a,55,00,14,11,47,43,55,43,00,a4,7f,0a,\
01,43,4d,52,44,0a,22,00,14,11,47,43,53,31,00,a4,7b,0a,03,43,4d,52,44,0a,25,\
00,14,11,47,43,53,32,00,a4,7b,0a,0c,43,4d,52,44,0a,25,00,14,11,47,43,46,44,\
00,a4,7b,0a,18,43,4d,52,44,0a,55,00,14,11,47,43,50,50,00,a4,7b,0a,70,43,4d,\
52,44,0a,23,00,14,4a,13,48,41,43,4b,00,70,43,4d,52,44,0a,37,60,7b,60,0a,df,\
60,43,4d,57,52,0a,37,60,a0,1e,93,4d,53,4f,53,0a,04,70,43,4d,52,44,0a,6f,60,\
7d,60,0a,04,60,43,4d,57,52,0a,6f,60,a4,01,a1,15,70,43,4d,52,44,0a,6f,60,7b,\
60,0a,fb,60,43,4d,57,52,0a,6f,60,72,87,5c,5f,4f,53,5f,0a,01,60,70,60,61,08,\
42,55,46,30,11,02,60,08,42,55,46,31,11,02,60,08,4f,53,4e,54,0a,01,08,4f,53,\
39,38,0a,01,70,5c,5f,4f,53,5f,42,55,46,30,70,0d,4d,69,63,72,6f,73,6f,66,74,\
20,57,69,6e,64,6f,77,73,20,4e,54,00,42,55,46,31,a2,20,60,76,60,a0,12,93,83,\
88,42,55,46,30,60,00,83,88,42,55,46,31,60,00,a1,08,70,0a,00,4f,53,4e,54,a0,\
0e,4f,53,4e,54,70,0a,03,4d,53,4f,53,a4,01,a1,49,06,70,0d,4d,69,63,72,6f,73,\
6f,66,74,20,57,69,6e,64,6f,77,73,00,42,55,46,31,a2,20,61,76,61,a0,12,93,83,\
88,42,55,46,30,61,00,83,88,42,55,46,31,61,00,a1,08,70,0a,00,4f,53,39,38,a0,\
22,4f,53,39,38,70,43,4d,52,44,0a,37,60,7d,60,0a,20,60,43,4d,57,52,0a,37,60,\
70,0a,01,4d,53,4f,53,a4,00,a1,0a,70,0a,02,4d,53,4f,53,a4,00,10,06,5c,5f,53,\
42,5f,10,20,5c,5f,50,52,5f,5b,83,0b,43,50,55,30,01,10,08,00,00,06,5b,83,0b,\
43,50,55,31,02,00,00,00,00,00,5b,80,53,50,4b,52,01,0b,8c,08,0a,04,5b,81,15,\
53,50,4b,52,01,47,52,53,31,16,47,53,50,4b,01,47,52,53,32,09,5b,80,43,4d,53,\
5f,01,0a,70,0a,02,5b,81,10,43,4d,53,5f,01,43,4d,53,49,08,43,4d,53,44,08,5b,\
80,53,4d,49,52,01,0a,b2,0a,02,5b,81,10,53,4d,49,52,01,53,4d,49,43,08,53,4d,\
49,44,08,5b,80,50,4d,31,52,01,0b,00,08,0a,04,5b,81,1a,50,4d,31,52,01,50,4d,\
53,31,08,50,4d,53,32,08,50,4d,45,31,08,50,4d,45,32,08,5b,80,47,4c,42,43,01,\
0b,28,08,0a,04,5b,81,1a,47,4c,42,43,01,54,48,52,50,08,47,4c,42,54,08,45,4f,\
53,5f,08,4c,49,44,50,08,5b,80,50,58,59,30,01,0b,29,09,0a,01,5b,81,0f,50,58,\
59,30,01,00,01,43,48,41,53,03,00,04,5b,80,53,49,4f,5f,01,0a,2e,0a,02,5b,81,\
10,53,49,4f,5f,01,53,49,4f,49,08,53,49,4f,44,08,5b,80,50,4d,45,53,01,0b,00,\
0c,0a,01,5b,81,0b,50,4d,45,53,01,47,53,54,53,08,5b,80,57,45,4e,58,01,0b,0a,\
0c,0a,06,5b,81,24,57,45,4e,58,01,57,45,4e,31,08,57,45,4e,32,08,57,45,4e,33,\
08,57,45,4e,34,08,57,45,4e,35,08,57,45,4e,36,08,5b,80,57,53,54,58,01,0b,04,\
0c,0a,06,5b,81,24,57,53,54,58,01,57,53,54,31,08,57,53,54,32,08,57,53,54,33,\
08,57,53,54,34,08,57,53,54,35,08,57,53,54,36,08,5b,80,4c,45,44,58,01,0b,9b,\
08,0a,01,5b,81,0b,4c,45,44,58,01,4c,45,44,32,08,5b,01,53,4d,49,4d,01,14,34,\
53,4d,49,32,01,5b,23,53,4d,49,4d,ff,ff,70,68,53,4d,49,43,70,53,4d,49,43,60,\
70,53,4d,49,44,60,79,60,0a,08,60,72,53,4d,49,43,60,60,5b,27,53,4d,49,4d,a4,\
60,14,24,53,4d,49,34,01,72,68,0a,01,60,70,53,4d,49,32,68,62,70,53,4d,49,32,\
60,61,79,61,0a,10,61,72,61,62,60,a4,60,14,0d,47,54,4d,52,00,a4,53,4d,49,34,\
0a,78,14,0d,47,54,4d,4c,00,a4,53,4d,49,34,0a,74,14,0d,47,54,4d,48,00,a4,53,\
4d,49,34,0a,76,08,53,53,54,58,0a,00,14,41,05,5c,2e,5f,47,50,45,5f,4c,30,33,\
00,a0,17,80,93,53,53,54,58,0a,01,00,86,5c,2e,5f,53,42,5f,56,42,54,4e,0a,02,\
5b,22,0a,14,7f,54,48,52,50,0a,08,54,48,52,50,7d,50,4d,45,32,0a,01,50,4d,45,\
32,86,5c,2f,03,5f,53,42,5f,50,43,49,30,55,53,42,30,0a,02,14,41,05,5c,2e,5f,\
47,50,45,5f,4c,30,34,00,a0,17,80,93,53,53,54,58,0a,01,00,86,5c,2e,5f,53,42,\
5f,56,42,54,4e,0a,02,5b,22,0a,14,7f,54,48,52,50,0a,10,54,48,52,50,7d,50,4d,\
45,32,0a,01,50,4d,45,32,86,5c,2f,03,5f,53,42,5f,50,43,49,30,55,53,42,31,0a,\
02,14,41,05,5c,2e,5f,47,50,45,5f,4c,30,43,00,a0,17,80,93,53,53,54,58,0a,01,\
00,86,5c,2e,5f,53,42,5f,56,42,54,4e,0a,02,5b,22,0a,14,7f,47,4c,42,54,0a,10,\
47,4c,42,54,7d,50,4d,45,32,0a,01,50,4d,45,32,86,5c,2f,03,5f,53,42,5f,50,43,\
49,30,55,53,42,32,0a,02,14,4c,04,5c,2e,5f,47,50,45,5f,4c,30,44,00,a0,17,80,\
93,53,53,54,58,0a,01,00,86,5c,2e,5f,53,42,5f,56,42,54,4e,0a,02,5b,22,0a,14,\
7f,47,4c,42,54,0a,20,47,4c,42,54,7d,50,4d,45,32,0a,01,50,4d,45,32,86,5c,2e,\
5f,53,42,5f,50,43,49,30,0a,02,14,34,5c,2e,5f,47,50,45,5f,4c,30,42,00,7f,47,\
4c,42,54,0a,08,47,4c,42,54,7d,50,4d,45,32,0a,01,50,4d,45,32,86,5c,2f,03,5f,\
53,42,5f,50,43,49,30,50,43,49,31,0a,02,14,45,06,5c,2e,5f,47,50,45,5f,4c,31,\
44,00,70,57,45,4e,31,60,7b,60,0a,e7,57,45,4e,31,70,57,53,54,31,60,7b,60,0a,\
18,57,53,54,31,70,47,53,54,53,60,7b,60,0a,01,47,53,54,53,a0,17,80,93,53,53,\
54,58,0a,01,00,86,5c,2e,5f,53,42,5f,56,42,54,4e,0a,02,86,5c,2f,04,5f,53,42,\
5f,50,43,49,30,49,53,41,5f,4b,42,44,5f,0a,02,14,40,07,5c,5f,50,54,53,01,a0,\
47,06,7d,93,68,0a,03,93,68,0a,01,00,70,0a,55,53,49,4f,49,70,0a,07,53,49,4f,\
49,70,0a,07,53,49,4f,44,70,0a,f0,53,49,4f,49,70,53,49,4f,44,60,7d,60,0a,60,\
53,49,4f,44,70,0a,aa,53,49,4f,49,70,57,53,54,31,60,7b,60,0a,18,57,53,54,31,\
70,47,53,54,53,60,7b,60,0a,01,47,53,54,53,70,57,45,4e,31,60,7d,60,0a,18,57,\
45,4e,31,14,4e,04,5c,5f,57,41,4b,01,a0,43,04,7d,7b,50,4d,53,32,0a,01,00,7d,\
7b,4c,49,44,50,0a,20,00,7d,7b,92,48,41,43,4b,7b,47,4c,42,54,0a,10,00,00,7b,\
92,48,41,43,4b,7b,54,48,52,50,0a,18,00,00,00,00,00,86,5c,2e,5f,53,42,5f,56,\
42,54,4e,0a,02,a4,00,10,35,5c,5f,53,49,5f,14,2e,5f,53,53,54,01,70,68,53,53,\
54,58,a0,10,93,68,0a,03,7d,4c,45,44,32,0a,02,4c,45,44,32,a0,10,93,68,0a,01,\
7b,4c,45,44,32,0a,fd,4c,45,44,32,10,17,5c,00,08,50,49,43,46,0a,00,14,0c,5f,\
50,49,43,01,70,68,50,49,43,46,10,8e,aa,01,5c,5f,53,42,5f,14,2b,5f,49,4e,49,\
00,a0,24,5b,12,5f,4f,53,49,60,a0,1b,5c,5f,4f,53,49,0d,57,69,6e,64,6f,77,73,\
20,32,30,30,31,00,70,0a,04,4d,53,4f,53,5b,82,4c,0c,4d,45,4d,5f,08,5f,48,49,\
44,0c,41,d0,0c,01,08,5f,55,49,44,0a,01,14,44,0b,5f,43,52,53,00,08,4d,45,4d,\
42,11,46,06,0a,62,86,09,00,01,00,00,00,00,00,00,0a,00,86,09,00,01,00,00,10,\
00,00,00,00,00,86,09,00,01,00,00,00,01,00,00,00,00,86,09,00,00,00,00,0f,00,\
00,00,01,00,86,09,00,01,00,00,c0,fe,00,00,01,00,86,09,00,01,00,00,e0,fe,00,\
00,01,00,86,09,00,00,00,00,b0,ff,00,00,10,00,86,09,00,00,00,00,c0,ff,00,00,\
40,00,79,00,8a,4d,45,4d,42,0a,08,4d,45,4d,52,8a,4d,45,4d,42,0a,14,4d,45,4d,\
4c,8a,4d,45,4d,42,0a,20,4d,45,4d,48,70,47,54,4d,52,4d,45,4d,52,70,47,54,4d,\
4c,4d,45,4d,4c,70,47,54,4d,48,4d,45,4d,48,a4,4d,45,4d,42,5b,82,8c,3a,01,50,\
43,49,30,08,5f,48,49,44,0c,41,d0,0a,03,08,5f,55,49,44,0a,04,08,5f,41,44,52,\
0a,00,08,5f,50,52,57,12,06,02,0a,0d,0a,03,14,09,5f,53,31,44,00,a4,0a,01,14,\
14,5f,53,33,44,00,a0,08,48,41,43,4b,a4,0a,03,a1,04,a4,0a,02,08,50,49,43,30,\
12,43,0c,0c,12,0f,04,0c,ff,ff,01,00,0a,00,4c,4e,4b,41,0a,00,12,0f,04,0c,ff,\
ff,01,00,0a,01,4c,4e,4b,42,0a,00,12,0f,04,0c,ff,ff,1f,00,0a,01,4c,4e,4b,42,\
0a,00,12,0f,04,0c,ff,ff,1f,00,0a,00,4c,4e,4b,43,0a,00,12,0f,04,0c,ff,ff,1e,\
00,0a,00,4c,4e,4b,41,0a,00,12,0f,04,0c,ff,ff,1e,00,0a,01,4c,4e,4b,42,0a,00,\
12,0f,04,0c,ff,ff,1e,00,0a,02,4c,4e,4b,43,0a,00,12,0f,04,0c,ff,ff,1e,00,0a,\
03,4c,4e,4b,44,0a,00,12,0f,04,0c,ff,ff,1d,00,0a,00,4c,4e,4b,41,0a,00,12,0f,\
04,0c,ff,ff,1d,00,0a,01,4c,4e,4b,44,0a,00,12,0f,04,0c,ff,ff,1d,00,0a,02,4c,\
4e,4b,43,0a,00,12,0f,04,0c,ff,ff,1d,00,0a,03,4c,4e,4b,48,0a,00,08,41,50,49,\
30,12,4b,0a,0c,12,0d,04,0c,ff,ff,01,00,0a,00,0a,00,0a,10,12,0d,04,0c,ff,ff,\
01,00,0a,01,0a,00,0a,11,12,0d,04,0c,ff,ff,1f,00,0a,01,0a,00,0a,11,12,0d,04,\
0c,ff,ff,1f,00,0a,00,0a,00,0a,12,12,0d,04,0c,ff,ff,1e,00,0a,00,0a,00,0a,10,\
12,0d,04,0c,ff,ff,1e,00,0a,01,0a,00,0a,11,12,0d,04,0c,ff,ff,1e,00,0a,02,0a,\
00,0a,12,12,0d,04,0c,ff,ff,1e,00,0a,03,0a,00,0a,13,12,0d,04,0c,ff,ff,1d,00,\
0a,00,0a,00,0a,10,12,0d,04,0c,ff,ff,1d,00,0a,01,0a,00,0a,13,12,0d,04,0c,ff,\
ff,1d,00,0a,02,0a,00,0a,12,12,0d,04,0c,ff,ff,1d,00,0a,03,0a,00,0a,17,14,1b,\
5f,50,52,54,00,70,41,50,49,30,60,a0,0c,92,50,49,43,46,70,50,49,43,30,60,a4,\
60,5b,82,49,08,55,53,42,30,08,5f,41,44,52,0c,00,00,1d,00,08,5f,55,49,44,0a,\
05,08,5f,50,52,57,12,06,02,0a,03,0a,03,5b,80,55,50,43,31,02,0a,c1,0a,01,5b,\
81,0b,55,50,43,31,01,4c,45,47,4b,08,14,24,5f,49,4e,49,00,a0,05,48,41,43,4b,\
a1,17,70,4c,45,47,4b,60,7b,60,0a,60,60,7d,60,0a,20,60,70,60,4c,45,47,4b,14,\
14,5f,53,54,41,00,a0,08,47,43,55,43,a4,0a,0f,a1,04,a4,0a,00,14,09,5f,53,31,\
44,00,a4,0a,01,14,09,5f,53,33,44,00,a4,0a,02,5b,82,49,08,55,53,42,31,08,5f,\
41,44,52,0c,01,00,1d,00,08,5f,55,49,44,0a,06,08,5f,50,52,57,12,06,02,0a,04,\
0a,03,5b,80,55,50,43,31,02,0a,c1,0a,01,5b,81,0b,55,50,43,31,01,4c,45,47,4b,\
08,14,24,5f,49,4e,49,00,a0,05,48,41,43,4b,a1,17,70,4c,45,47,4b,60,7b,60,0a,\
60,60,7d,60,0a,20,60,70,60,4c,45,47,4b,14,14,5f,53,54,41,00,a0,08,47,43,55,\
43,a4,0a,0f,a1,04,a4,0a,00,14,09,5f,53,31,44,00,a4,0a,01,14,09,5f,53,33,44,\
00,a4,0a,02,5b,82,49,08,55,53,42,32,08,5f,41,44,52,0c,02,00,1d,00,08,5f,55,\
49,44,0a,14,08,5f,50,52,57,12,06,02,0a,0c,0a,03,5b,80,55,50,43,31,02,0a,c1,\
0a,01,5b,81,0b,55,50,43,31,01,4c,45,47,4b,08,14,24,5f,49,4e,49,00,a0,05,48,\
41,43,4b,a1,17,70,4c,45,47,4b,60,7b,60,0a,60,60,7d,60,0a,20,60,70,60,4c,45,\
47,4b,14,14,5f,53,54,41,00,a0,08,47,43,55,43,a4,0a,0f,a1,04,a4,0a,00,14,09,\
5f,53,31,44,00,a4,0a,01,14,09,5f,53,33,44,00,a4,0a,02,5b,82,4d,26,50,43,49,\
31,14,09,5f,53,31,44,00,a4,0a,01,14,09,5f,53,33,44,00,a4,0a,02,14,09,5f,53,\
34,44,00,a4,0a,02,14,09,5f,53,35,44,00,a4,0a,02,14,0f,5f,41,44,52,00,70,0c,\
00,00,1e,00,60,a4,60,08,5f,55,49,44,0a,07,08,5f,50,52,57,12,06,02,0a,0b,0a,\
05,08,50,49,43,31,12,4b,10,11,12,0f,04,0c,ff,ff,08,00,0a,00,4c,4e,4b,45,0a,\
00,12,0d,04,0b,ff,ff,0a,00,4c,4e,4b,46,0a,00,12,0d,04,0b,ff,ff,0a,01,4c,4e,\
4b,47,0a,00,12,0d,04,0b,ff,ff,0a,02,4c,4e,4b,48,0a,00,12,0d,04,0b,ff,ff,0a,\
03,4c,4e,4b,45,0a,00,12,0f,04,0c,ff,ff,01,00,0a,00,4c,4e,4b,47,0a,00,12,0f,\
04,0c,ff,ff,01,00,0a,01,4c,4e,4b,46,0a,00,12,0f,04,0c,ff,ff,01,00,0a,02,4c,\
4e,4b,45,0a,00,12,0f,04,0c,ff,ff,01,00,0a,03,4c,4e,4b,48,0a,00,12,0f,04,0c,\
ff,ff,02,00,0a,00,4c,4e,4b,43,0a,00,12,0f,04,0c,ff,ff,02,00,0a,01,4c,4e,4b,\
44,0a,00,12,0f,04,0c,ff,ff,02,00,0a,02,4c,4e,4b,42,0a,00,12,0f,04,0c,ff,ff,\
02,00,0a,03,4c,4e,4b,41,0a,00,12,0f,04,0c,ff,ff,0c,00,0a,00,4c,4e,4b,42,0a,\
00,12,0f,04,0c,ff,ff,0c,00,0a,01,4c,4e,4b,46,0a,00,12,0f,04,0c,ff,ff,0c,00,\
0a,02,4c,4e,4b,47,0a,00,12,0f,04,0c,ff,ff,0c,00,0a,03,4c,4e,4b,48,0a,00,08,\
41,50,49,31,12,49,0e,11,12,0d,04,0c,ff,ff,08,00,0a,00,0a,00,0a,14,12,0b,04,\
0b,ff,ff,0a,00,0a,00,0a,15,12,0b,04,0b,ff,ff,0a,01,0a,00,0a,16,12,0b,04,0b,\
ff,ff,0a,02,0a,00,0a,17,12,0b,04,0b,ff,ff,0a,03,0a,00,0a,14,12,0d,04,0c,ff,\
ff,01,00,0a,00,0a,00,0a,16,12,0d,04,0c,ff,ff,01,00,0a,01,0a,00,0a,15,12,0d,\
04,0c,ff,ff,01,00,0a,02,0a,00,0a,14,12,0d,04,0c,ff,ff,01,00,0a,03,0a,00,0a,\
17,12,0d,04,0c,ff,ff,02,00,0a,00,0a,00,0a,12,12,0d,04,0c,ff,ff,02,00,0a,01,\
0a,00,0a,13,12,0d,04,0c,ff,ff,02,00,0a,02,0a,00,0a,11,12,0d,04,0c,ff,ff,02,\
00,0a,03,0a,00,0a,10,12,0d,04,0c,ff,ff,0c,00,0a,00,0a,00,0a,11,12,0d,04,0c,\
ff,ff,0c,00,0a,01,0a,00,0a,15,12,0d,04,0c,ff,ff,0c,00,0a,02,0a,00,0a,16,12,\
0d,04,0c,ff,ff,0c,00,0a,03,0a,00,0a,17,14,1b,5f,50,52,54,00,70,41,50,49,31,\
60,a0,0c,92,50,49,43,46,70,50,49,43,31,60,a4,60,08,5f,43,52,53,11,4c,08,0a,\
88,88,0d,00,02,0c,00,00,00,00,00,ff,00,00,00,00,01,47,01,f8,0c,f8,0c,01,08,\
88,0d,00,01,0c,03,00,00,00,00,f7,0c,00,00,f8,0c,88,0d,00,01,0c,03,00,00,00,\
0d,ff,ff,00,00,00,f3,87,17,00,00,0c,03,00,00,00,00,00,00,0a,00,ff,ff,0b,00,\
00,00,00,00,00,00,02,00,87,17,00,00,0c,03,00,00,00,00,00,80,0c,00,ff,ff,0d,\
00,00,00,00,00,00,80,01,00,87,17,00,00,0c,03,00,00,00,00,00,00,00,c0,ff,ff,\
bf,fe,00,00,00,00,00,00,e0,3f,79,00,5b,82,48,d2,49,53,41,5f,08,5f,41,44,52,\
0c,00,00,1f,00,08,5f,55,49,44,0a,0a,5b,80,50,34,30,43,02,0a,60,0a,04,5b,80,\
50,34,31,43,02,0a,68,0a,04,5b,82,42,04,44,4d,41,5f,08,5f,48,49,44,0c,41,d0,\
02,00,14,31,5f,43,52,53,00,08,44,4d,41,42,11,20,0a,1d,47,01,80,00,80,00,01,\
20,47,01,00,00,00,00,01,20,47,01,c0,00,c0,00,01,20,2a,10,12,79,00,a4,44,4d,\
41,42,5b,82,31,46,50,55,5f,08,5f,48,49,44,0c,41,d0,0c,04,14,21,5f,43,52,53,\
00,08,46,50,55,42,11,10,0a,0d,47,01,f0,00,f0,00,01,10,22,00,20,79,00,a4,46,\
50,55,42,5b,82,3f,50,49,43,5f,08,5f,48,49,44,0b,41,d0,14,31,5f,43,52,53,00,\
08,50,49,43,42,11,20,0a,1d,47,01,20,00,20,00,01,20,47,01,a0,00,a0,00,01,20,\
47,01,d0,04,d0,04,01,02,22,04,00,79,00,a4,50,49,43,42,5b,82,2e,53,50,4b,5f,\
08,5f,48,49,44,0c,41,d0,08,00,14,1e,5f,43,52,53,00,08,53,50,4b,42,11,0d,0a,\
0a,47,01,61,00,61,00,01,01,79,00,a4,53,50,4b,42,5b,82,31,52,54,43,5f,08,5f,\
48,49,44,0c,41,d0,0b,00,14,21,5f,43,52,53,00,08,52,54,43,42,11,10,0a,0d,47,\
01,70,00,70,00,01,10,22,00,01,79,00,a4,52,54,43,42,5b,82,31,54,4d,52,5f,08,\
5f,48,49,44,0c,41,d0,01,00,14,21,5f,43,52,53,00,08,54,4d,52,42,11,10,0a,0d,\
47,01,40,00,40,00,01,20,22,01,00,79,00,a4,54,4d,52,42,5b,80,4e,53,49,4f,01,\
0a,2e,0a,02,5b,81,10,4e,53,49,4f,01,49,4e,44,58,08,44,41,54,41,08,5b,86,47,\
05,49,4e,44,58,44,41,54,41,01,00,10,43,46,47,5f,08,00,20,4c,44,4e,5f,08,00,\
40,0c,53,49,49,44,08,00,48,07,41,43,54,52,08,00,48,17,49,4f,41,48,08,49,4f,\
41,4c,08,00,40,07,49,4e,54,52,08,00,18,44,4d,43,48,08,00,48,3d,4f,50,54,31,\
08,4f,50,54,32,08,4f,50,54,33,08,5b,80,43,4f,4d,5f,02,0a,e0,0a,01,5b,81,23,\
5c,2f,04,5f,53,42,5f,50,43,49,30,49,53,41,5f,43,4f,4d,5f,01,00,01,4e,53,43,\
42,03,00,01,4e,53,43,41,03,5b,80,46,44,50,41,02,0a,e1,0a,01,5b,81,23,5c,2f,\
04,5f,53,42,5f,50,43,49,30,49,53,41,5f,46,44,50,41,01,00,02,46,44,44,43,01,\
00,02,4c,50,54,4f,02,5b,01,4d,54,58,5f,01,14,18,53,49,4f,44,01,43,53,49,4f,\
0a,55,70,68,4c,44,4e,5f,43,53,49,4f,0a,aa,14,0c,43,53,49,4f,01,70,68,49,4e,\
44,58,5b,82,4a,2c,46,44,43,5f,08,5f,48,49,44,0c,41,d0,07,00,14,43,06,5f,53,\
54,41,00,08,52,45,54,5f,00,5b,23,4d,54,58,5f,ff,ff,53,49,4f,44,0a,00,a0,2d,\
47,43,46,44,43,53,49,4f,0a,55,a0,12,41,43,54,52,43,53,49,4f,0a,aa,70,0a,0f,\
52,45,54,5f,a1,0e,43,53,49,4f,0a,aa,70,0a,0d,52,45,54,5f,a1,0e,43,53,49,4f,\
0a,aa,70,0a,00,52,45,54,5f,5b,27,4d,54,58,5f,a4,52,45,54,5f,14,32,5f,44,49,\
53,00,5b,23,4d,54,58,5f,ff,ff,53,49,4f,44,0a,00,43,53,49,4f,0a,55,70,00,49,\
4e,54,52,70,00,41,43,54,52,43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,14,4b,11,5f,\
43,52,53,00,08,46,44,42,30,11,1b,0a,18,47,01,f0,03,f0,03,08,06,47,01,f7,03,\
f7,03,01,01,22,40,00,2a,04,08,79,00,8c,46,44,42,30,0a,02,49,4f,4c,30,8c,46,\
44,42,30,0a,03,49,4f,48,30,8c,46,44,42,30,0a,04,49,4f,4c,31,8c,46,44,42,30,\
0a,05,49,4f,48,31,8c,46,44,42,30,0a,0a,49,32,4c,30,8c,46,44,42,30,0a,0b,49,\
32,48,30,8c,46,44,42,30,0a,0c,49,32,4c,31,8c,46,44,42,30,0a,0d,49,32,48,31,\
8b,46,44,42,30,0a,11,49,51,52,5f,8c,46,44,42,30,0a,14,44,41,4d,5f,5b,23,4d,\
54,58,5f,ff,ff,53,49,4f,44,0a,00,43,53,49,4f,0a,55,70,49,4f,41,48,49,4f,48,\
30,70,49,4f,41,48,49,4f,48,31,70,49,4f,41,4c,49,4f,4c,30,70,49,4f,41,4c,49,\
4f,4c,31,70,49,4f,41,48,49,32,48,30,70,49,4f,41,48,49,32,48,31,72,49,4f,41,\
4c,0a,07,49,32,4c,30,72,49,4f,41,4c,0a,07,49,32,4c,31,79,01,49,4e,54,52,49,\
51,52,5f,79,01,44,4d,43,48,44,41,4d,5f,43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,\
a4,46,44,42,30,14,4e,05,5f,50,52,53,00,08,46,44,42,31,11,4c,04,0a,48,30,47,\
01,f0,03,f0,03,08,06,47,01,f7,03,f7,03,01,01,22,40,00,2a,04,08,30,47,01,f0,\
03,f0,03,08,06,47,01,f7,03,f7,03,01,01,22,f8,10,2a,0e,08,30,47,01,70,03,70,\
03,08,06,47,01,77,03,77,03,01,01,22,f8,10,2a,0e,08,38,79,00,a4,46,44,42,31,\
14,47,0a,5f,53,52,53,01,8c,68,0a,02,49,4f,4c,4f,8c,68,0a,03,49,4f,48,49,8b,\
68,0a,11,49,51,52,5f,8c,68,0a,14,44,41,4d,5f,5b,23,4d,54,58,5f,ff,ff,53,49,\
4f,44,0a,00,43,53,49,4f,0a,55,70,49,4f,4c,4f,49,4f,41,4c,70,49,4f,48,49,49,\
4f,41,48,43,53,49,4f,0a,aa,a0,0f,93,49,4f,4c,4f,0a,70,70,0a,00,46,44,44,43,\
a0,0f,93,49,4f,4c,4f,0a,f0,70,0a,01,46,44,44,43,43,53,49,4f,0a,55,82,49,51,\
52,5f,60,74,60,0a,01,49,4e,54,52,82,44,41,4d,5f,60,74,60,0a,01,44,4d,43,48,\
70,01,41,43,54,52,43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,5b,82,40,06,4b,42,44,\
5f,08,5f,48,49,44,0c,41,d0,03,03,14,25,5f,53,54,41,00,08,52,45,54,5f,00,70,\
0a,00,52,45,54,5f,a0,0c,47,43,4b,42,70,0a,0f,52,45,54,5f,a4,52,45,54,5f,14,\
29,5f,43,52,53,00,08,4b,42,44,42,11,18,0a,15,47,01,60,00,60,00,01,01,47,01,\
64,00,64,00,01,01,22,02,00,79,00,a4,4b,42,44,42,5b,82,42,08,4d,4f,55,5f,08,\
5f,48,49,44,0c,41,d0,0f,13,14,2b,5f,53,54,41,00,08,52,45,54,5f,00,70,0a,00,\
52,45,54,5f,a0,12,47,43,4f,4e,a0,0c,47,43,4d,53,70,0a,0f,52,45,54,5f,a4,52,\
45,54,5f,14,45,04,5f,43,52,53,00,08,4d,4f,55,42,11,08,0a,05,22,00,10,79,00,\
08,4d,4f,4b,42,11,18,0a,15,47,01,60,00,60,00,01,01,47,01,64,00,64,00,01,01,\
22,00,10,79,00,a0,0a,47,43,4b,42,a4,4d,4f,55,42,a1,06,a4,4d,4f,4b,42,5b,82,\
45,22,43,4f,4d,41,08,5f,48,49,44,0c,41,d0,05,01,08,5f,55,49,44,0a,01,14,43,\
06,5f,53,54,41,00,08,52,45,54,5f,00,5b,23,4d,54,58,5f,ff,ff,53,49,4f,44,0a,\
04,a0,2d,47,43,53,31,43,53,49,4f,0a,55,a0,12,41,43,54,52,43,53,49,4f,0a,aa,\
70,0a,0f,52,45,54,5f,a1,0e,43,53,49,4f,0a,aa,70,0a,0d,52,45,54,5f,a1,0e,43,\
53,49,4f,0a,aa,70,0a,00,52,45,54,5f,5b,27,4d,54,58,5f,a4,52,45,54,5f,14,32,\
5f,44,49,53,00,5b,23,4d,54,58,5f,ff,ff,53,49,4f,44,0a,04,43,53,49,4f,0a,55,\
70,00,49,4e,54,52,70,00,41,43,54,52,43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,14,\
47,0a,5f,43,52,53,00,08,43,4d,41,30,11,10,0a,0d,47,01,f8,03,f8,03,08,08,22,\
10,00,79,00,8c,43,4d,41,30,0a,02,49,4f,4c,30,8c,43,4d,41,30,0a,03,49,4f,48,\
30,8c,43,4d,41,30,0a,04,49,4f,4c,31,8c,43,4d,41,30,0a,05,49,4f,48,31,8b,43,\
4d,41,30,0a,09,49,51,52,5f,5b,23,4d,54,58,5f,ff,ff,53,49,4f,44,0a,04,43,53,\
49,4f,0a,55,70,49,4f,41,4c,49,4f,4c,30,70,49,4f,41,4c,49,4f,4c,31,70,49,4f,\
41,48,49,4f,48,30,70,49,4f,41,48,49,4f,48,31,79,01,49,4e,54,52,49,51,52,5f,\
43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,a4,43,4d,41,30,14,48,04,5f,50,52,53,00,\
08,43,4d,41,31,11,36,0a,33,30,47,01,f8,03,f8,03,08,08,22,10,00,30,47,01,e8,\
03,e8,03,08,08,22,10,00,30,47,01,f8,02,f8,02,08,08,22,08,00,30,47,01,e8,02,\
e8,02,08,08,22,08,00,38,79,00,a4,43,4d,41,31,14,45,08,5f,53,52,53,01,8c,68,\
0a,02,49,4f,4c,4f,8c,68,0a,03,49,4f,48,49,8b,68,0a,09,49,51,52,5f,5b,23,4d,\
54,58,5f,ff,ff,53,49,4f,44,0a,04,43,53,49,4f,0a,55,70,49,4f,4c,4f,49,4f,41,\
4c,70,49,4f,48,49,49,4f,41,48,82,49,51,52,5f,60,74,60,0a,01,49,4e,54,52,a0,\
0f,93,49,4f,4c,4f,0a,f8,70,0a,00,4e,53,43,41,a0,0f,93,49,4f,4c,4f,0a,e8,70,\
0a,03,4e,53,43,41,70,01,41,43,54,52,43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,5b,\
82,4f,40,50,52,54,5f,08,5f,48,49,44,0c,41,d0,04,01,14,43,06,5f,53,54,41,00,\
08,52,45,54,5f,00,5b,23,4d,54,58,5f,ff,ff,53,49,4f,44,0a,03,a0,2d,47,43,50,\
50,43,53,49,4f,0a,55,a0,12,41,43,54,52,43,53,49,4f,0a,aa,70,0a,0f,52,45,54,\
5f,a1,0e,43,53,49,4f,0a,aa,70,0a,0d,52,45,54,5f,a1,0e,43,53,49,4f,0a,aa,70,\
0a,00,52,45,54,5f,5b,27,4d,54,58,5f,a4,52,45,54,5f,14,39,5f,44,49,53,00,5b,\
23,4d,54,58,5f,ff,ff,53,49,4f,44,0a,03,43,53,49,4f,0a,55,70,00,49,4e,54,52,\
70,0a,04,44,4d,43,48,70,00,41,43,54,52,43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,\
14,4a,18,5f,43,52,53,00,08,50,54,42,30,11,1b,0a,18,47,01,78,03,78,03,08,08,\
 47,01,78,07,78,07,08,08,22,80,00,2a,00,08,79,00,8c,50,54,42,30,0a,02,49,4f,\
4c,30,8c,50,54,42,30,0a,03,49,4f,48,30,8c,50,54,42,30,0a,04,49,4f,4c,31,8c,\
50,54,42,30,0a,05,49,4f,48,31,8c,50,54,42,30,0a,06,4c,41,4c,4e,8c,50,54,42,\
30,0a,07,4c,4c,45,4e,8c,50,54,42,30,0a,0a,49,32,4c,30,8c,50,54,42,30,0a,0b,\
49,32,48,30,8c,50,54,42,30,0a,0c,49,32,4c,31,8c,50,54,42,30,0a,0d,49,32,48,\
31,8c,50,54,42,30,0a,0e,48,41,4c,4e,8c,50,54,42,30,0a,0f,48,4c,45,4e,8b,50,\
54,42,30,0a,11,49,51,52,5f,8c,50,54,42,30,0a,14,44,41,4d,5f,5b,23,4d,54,58,\
5f,ff,ff,53,49,4f,44,0a,03,43,53,49,4f,0a,55,70,49,4f,41,48,49,4f,48,30,70,\
49,4f,41,48,49,4f,48,31,70,49,4f,41,4c,49,4f,4c,30,70,49,4f,41,4c,49,4f,4c,\
31,72,49,4f,41,48,0a,04,49,32,48,30,72,49,4f,41,48,0a,04,49,32,48,31,70,49,\
4f,41,4c,49,32,4c,30,70,49,4f,41,4c,49,32,4c,31,79,01,49,4e,54,52,49,51,52,\
5f,79,01,44,4d,43,48,44,41,4d,5f,a0,24,93,49,4f,4c,30,0a,bc,70,0a,04,4c,41,\
4c,4e,70,0a,04,4c,4c,45,4e,70,0a,04,48,41,4c,4e,70,0a,04,48,4c,45,4e,a0,0e,\
93,44,4d,43,48,0a,04,70,00,44,41,4d,5f,a0,0e,93,49,4e,54,52,0a,00,70,00,49,\
51,52,5f,43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,a4,50,54,42,30,14,4f,0f,5f,50,\
52,53,00,08,50,54,42,31,11,4d,0e,0a,e9,30,47,01,78,03,78,03,08,08,47,01,78,\
07,78,07,08,08,22,80,00,2a,00,08,30,47,01,78,02,78,02,08,08,47,01,78,06,78,\
06,08,08,22,20,00,2a,00,08,30,47,01,78,03,78,03,08,08,47,01,78,07,78,07,08,\
08,22,f8,10,2a,00,08,30,47,01,78,03,78,03,08,08,47,01,78,07,78,07,08,08,22,\
f8,10,2a,0e,08,30,47,01,78,02,78,02,08,08,47,01,78,06,78,06,08,08,22,f8,10,\
2a,00,08,30,47,01,78,02,78,02,08,08,47,01,78,06,78,06,08,08,22,f8,10,2a,0e,\
08,30,47,01,78,03,78,03,08,08,47,01,78,07,78,07,08,08,22,00,00,2a,00,08,30,\
47,01,78,02,78,02,08,08,47,01,78,06,78,06,08,08,22,00,00,2a,00,08,30,47,01,\
bc,03,bc,03,04,04,47,01,bc,07,bc,07,04,04,22,00,00,2a,00,08,30,47,01,bc,03,\
bc,03,04,04,47,01,bc,07,bc,07,04,04,22,80,00,2a,00,08,38,79,00,a4,50,54,42,\
31,14,45,0d,5f,53,52,53,01,8c,68,0a,02,49,4f,4c,4f,8c,68,0a,03,49,4f,48,49,\
8b,68,0a,11,49,51,52,5f,8c,68,0a,14,44,41,4d,5f,5b,23,4d,54,58,5f,ff,ff,53,\
49,4f,44,0a,03,43,53,49,4f,0a,55,70,49,4f,4c,4f,49,4f,41,4c,70,49,4f,48,49,\
49,4f,41,48,a0,0f,93,49,4f,4c,4f,0a,bc,70,0a,02,4c,50,54,4f,a0,28,93,49,4f,\
4c,4f,0a,78,a0,0f,93,49,4f,48,49,0a,02,70,0a,01,4c,50,54,4f,a0,0f,93,49,4f,\
48,49,0a,03,70,0a,00,4c,50,54,4f,a0,0d,93,49,51,52,5f,00,70,00,49,4e,54,52,\
a1,0f,82,49,51,52,5f,60,74,60,0a,01,49,4e,54,52,a0,0e,93,44,41,4d,5f,00,70,\
0a,04,44,4d,43,48,a1,0f,82,44,41,4d,5f,60,74,60,0a,01,44,4d,43,48,70,01,41,\
43,54,52,43,53,49,4f,0a,aa,5b,27,4d,54,58,5f,5b,82,4e,0b,4d,42,49,4f,08,5f,\
48,49,44,0c,41,d0,0c,01,08,5f,55,49,44,0a,0b,14,46,0a,5f,43,52,53,00,08,4d,\
49,4f,31,11,35,0a,32,47,01,62,00,62,00,01,02,47,01,65,00,65,00,01,0b,47,01,\
e0,00,e0,00,01,10,47,01,00,08,00,08,01,60,47,01,00,0c,00,0c,01,80,47,01,60,\
08,60,08,01,a0,79,00,08,4d,49,4f,32,11,46,04,0a,42,47,01,60,00,60,00,01,01,\
47,01,64,00,64,00,01,01,47,01,62,00,62,00,01,02,47,01,65,00,65,00,01,0b,47,\
01,e0,00,e0,00,01,10,47,01,00,08,00,08,01,60,47,01,00,0c,00,0c,01,80,47,01,\
60,08,60,08,01,a0,79,00,a0,10,7d,47,43,4b,42,47,43,4d,53,00,a4,4d,49,4f,31,\
a1,06,a4,4d,49,4f,32,5b,81,29,5c,2f,04,5f,53,42,5f,50,43,49,30,49,53,41,5f,\
50,34,30,43,01,50,52,51,30,08,50,52,51,31,08,50,52,51,32,08,50,52,51,33,08,\
5b,81,29,5c,2f,04,5f,53,42,5f,50,43,49,30,49,53,41,5f,50,34,31,43,01,50,52,\
51,34,08,50,52,51,35,08,50,52,51,36,08,50,52,51,37,08,5b,82,43,0b,4c,4e,4b,\
41,08,5f,48,49,44,0c,41,d0,0c,0f,08,5f,55,49,44,0a,0c,08,5f,50,52,53,11,09,\
0a,06,23,f8,9e,18,79,00,14,1a,5f,53,54,41,00,70,0a,0b,60,a0,0d,7b,0a,80,50,\
52,51,30,61,70,0a,09,60,a4,60,14,11,5f,44,49,53,00,7d,50,52,51,30,0a,80,50,\
52,51,30,14,42,04,5f,43,52,53,00,08,50,52,52,30,11,09,0a,06,23,10,00,18,79,\
00,8b,50,52,52,30,0a,01,49,51,52,5f,70,50,52,51,30,60,a0,0c,92,95,60,0a,80,\
70,00,49,51,52,5f,a1,08,79,01,60,49,51,52,5f,a4,50,52,52,30,14,1c,5f,53,52,\
53,01,8b,68,0a,01,49,51,52,5f,82,49,51,52,5f,60,76,60,70,60,50,52,51,30,5b,\
82,43,0b,4c,4e,4b,42,08,5f,48,49,44,0c,41,d0,0c,0f,08,5f,55,49,44,0a,0d,08,\
5f,50,52,53,11,09,0a,06,23,f8,9e,18,79,00,14,1a,5f,53,54,41,00,70,0a,0b,60,\
a0,0d,7b,0a,80,50,52,51,31,61,70,0a,09,60,a4,60,14,11,5f,44,49,53,00,7d,50,\
52,51,31,0a,80,50,52,51,31,14,42,04,5f,43,52,53,00,08,50,52,52,31,11,09,0a,\
06,23,10,00,18,79,00,8b,50,52,52,31,0a,01,49,51,52,5f,70,50,52,51,31,60,a0,\
0c,92,95,60,0a,80,70,00,49,51,52,5f,a1,08,79,01,60,49,51,52,5f,a4,50,52,52,\
31,14,1c,5f,53,52,53,01,8b,68,0a,01,49,51,52,5f,82,49,51,52,5f,60,76,60,70,\
60,50,52,51,31,5b,82,43,0b,4c,4e,4b,43,08,5f,48,49,44,0c,41,d0,0c,0f,08,5f,\
55,49,44,0a,0e,08,5f,50,52,53,11,09,0a,06,23,f8,9e,18,79,00,14,1a,5f,53,54,\
41,00,70,0a,0b,60,a0,0d,7b,0a,80,50,52,51,32,61,70,0a,09,60,a4,60,14,11,5f,\
44,49,53,00,7d,50,52,51,32,0a,80,50,52,51,32,14,42,04,5f,43,52,53,00,08,50,\
52,52,32,11,09,0a,06,23,10,00,18,79,00,8b,50,52,52,32,0a,01,49,51,52,5f,70,\
50,52,51,32,60,a0,0c,92,95,60,0a,80,70,00,49,51,52,5f,a1,08,79,01,60,49,51,\
52,5f,a4,50,52,52,32,14,1c,5f,53,52,53,01,8b,68,0a,01,49,51,52,5f,82,49,51,\
52,5f,60,76,60,70,60,50,52,51,32,5b,82,43,0b,4c,4e,4b,44,08,5f,48,49,44,0c,\
41,d0,0c,0f,08,5f,55,49,44,0a,0f,08,5f,50,52,53,11,09,0a,06,23,f8,9e,18,79,\
00,14,1a,5f,53,54,41,00,70,0a,0b,60,a0,0d,7b,0a,80,50,52,51,33,61,70,0a,09,\
60,a4,60,14,11,5f,44,49,53,00,7d,50,52,51,33,0a,80,50,52,51,33,14,42,04,5f,\
43,52,53,00,08,50,52,52,33,11,09,0a,06,23,10,00,18,79,00,8b,50,52,52,33,0a,\
01,49,51,52,5f,70,50,52,51,33,60,a0,0c,92,95,60,0a,80,70,00,49,51,52,5f,a1,\
08,79,01,60,49,51,52,5f,a4,50,52,52,33,14,1c,5f,53,52,53,01,8b,68,0a,01,49,\
51,52,5f,82,49,51,52,5f,60,76,60,70,60,50,52,51,33,5b,82,43,0b,4c,4e,4b,45,\
08,5f,48,49,44,0c,41,d0,0c,0f,08,5f,55,49,44,0a,10,08,5f,50,52,53,11,09,0a,\
06,23,f8,9e,18,79,00,14,1a,5f,53,54,41,00,70,0a,0b,60,a0,0d,7b,0a,80,50,52,\
51,34,61,70,0a,09,60,a4,60,14,11,5f,44,49,53,00,7d,50,52,51,34,0a,80,50,52,\
51,34,14,42,04,5f,43,52,53,00,08,50,52,52,34,11,09,0a,06,23,10,00,18,79,00,\
8b,50,52,52,34,0a,01,49,51,52,5f,70,50,52,51,34,60,a0,0c,92,95,60,0a,80,70,\
00,49,51,52,5f,a1,08,79,01,60,49,51,52,5f,a4,50,52,52,34,14,1c,5f,53,52,53,\
01,8b,68,0a,01,49,51,52,5f,82,49,51,52,5f,60,76,60,70,60,50,52,51,34,5b,82,\
43,0b,4c,4e,4b,46,08,5f,48,49,44,0c,41,d0,0c,0f,08,5f,55,49,44,0a,11,08,5f,\
50,52,53,11,09,0a,06,23,f8,9e,18,79,00,14,1a,5f,53,54,41,00,70,0a,0b,60,a0,\
0d,7b,0a,80,50,52,51,35,61,70,0a,09,60,a4,60,14,11,5f,44,49,53,00,7d,50,52,\
51,35,0a,80,50,52,51,35,14,42,04,5f,43,52,53,00,08,50,52,52,35,11,09,0a,06,\
23,10,00,18,79,00,8b,50,52,52,35,0a,01,49,51,52,5f,70,50,52,51,35,60,a0,0c,\
92,95,60,0a,80,70,00,49,51,52,5f,a1,08,79,01,60,49,51,52,5f,a4,50,52,52,35,\
14,1c,5f,53,52,53,01,8b,68,0a,01,49,51,52,5f,82,49,51,52,5f,60,76,60,70,60,\
50,52,51,35,5b,82,43,0b,4c,4e,4b,47,08,5f,48,49,44,0c,41,d0,0c,0f,08,5f,55,\
49,44,0a,12,08,5f,50,52,53,11,09,0a,06,23,f8,9e,18,79,00,14,1a,5f,53,54,41,\
00,70,0a,0b,60,a0,0d,7b,0a,80,50,52,51,36,61,70,0a,09,60,a4,60,14,11,5f,44,\
49,53,00,7d,50,52,51,36,0a,80,50,52,51,36,14,42,04,5f,43,52,53,00,08,50,52,\
52,36,11,09,0a,06,23,10,00,18,79,00,8b,50,52,52,36,0a,01,49,51,52,5f,70,50,\
52,51,36,60,a0,0c,92,95,60,0a,80,70,00,49,51,52,5f,a1,08,79,01,60,49,51,52,\
5f,a4,50,52,52,36,14,1c,5f,53,52,53,01,8b,68,0a,01,49,51,52,5f,82,49,51,52,\
5f,60,76,60,70,60,50,52,51,36,5b,82,43,0b,4c,4e,4b,48,08,5f,48,49,44,0c,41,\
d0,0c,0f,08,5f,55,49,44,0a,13,08,5f,50,52,53,11,09,0a,06,23,f8,9e,18,79,00,\
14,1a,5f,53,54,41,00,70,0a,0b,60,a0,0d,7b,0a,80,50,52,51,37,61,70,0a,09,60,\
a4,60,14,11,5f,44,49,53,00,7d,50,52,51,37,0a,80,50,52,51,37,14,42,04,5f,43,\
52,53,00,08,50,52,52,37,11,09,0a,06,23,10,00,18,79,00,8b,50,52,52,37,0a,01,\
49,51,52,5f,70,50,52,51,37,60,a0,0c,92,95,60,0a,80,70,00,49,51,52,5f,a1,08,\
79,01,60,49,51,52,5f,a4,50,52,52,37,14,1c,5f,53,52,53,01,8b,68,0a,01,49,51,\
52,5f,82,49,51,52,5f,60,76,60,70,60,50,52,51,37


----------



## Cookiegal (Aug 27, 2003)

That's what I thought, it's not the key I asked you to export so you didn't run the command I posted. Please run the *exact *command that I posted and then post that log which should fit into one post.


----------



## genoxano (Jan 31, 2004)

Does this look right?


----------



## Cookiegal (Aug 27, 2003)

Yes, that's it.

Are you comfortable editing the registry manually?


----------



## genoxano (Jan 31, 2004)

Never done it, but with your expertise as my guide I will.


----------



## Cookiegal (Aug 27, 2003)

First, let's make a backup of your registry in case you make a mistake so it can be restored.

Please go to *Start *- *Run *and copy and paste the following and then click OK:

*regedit /e c:\registrybackup2.reg*

It won't appear to be doing anything and that's normal. Your mouse pointer may turn to an hour glass for a minute.

When it no longer has the hour glass, check in your C drive to be sure you have a file called* registrybackup2.reg *before continuing. *If you do not see that file, please let me know before doing anything else.*

Go to *Start *- *Run *- type in *regedit *and click OK to open the registry editor.

Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

To do that, click on the + that you see to the left of each one so like this:

HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
CurrentVersion
Setup

Click on Setup and you will see information in the right-hand pane.

Scroll down to the entry that says "SourcePath" and double click on that to open it up and you will get a box that says "Edit String". In the box, as it is now, you should see this:

*D:\*

All you have to do is change the D to a C so it looks like this:

*C:\*

Click OK and close the registry editor.

Reboot the machine and try running the *sfc /scannow* command again. It should look for the files in a folder that's on your computer rather than asking for the CD.


----------



## genoxano (Jan 31, 2004)

it ran the scan successfully


----------



## Cookiegal (Aug 27, 2003)

OK, that's good. 

Now please go back into the Event Viewer and post any new errors that have occurred under both "Application" and "System" only since you ran sfc /scannow.


----------



## genoxano (Jan 31, 2004)

APPLICATION ERRORS:

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	1013
Date: 9/20/2008
Time: 9:26:21 AM
User: DAVID\gene
Computer:	DAVID
Description:
Product: Photo Explosion Deluxe -- 1: The InstallScript engine on this machine is older than the version required to run this setup. If available, please install the latest version of ISScript.msi, or contact your support personnel for further assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 42 38 46 31 39 44 41 {B8F19DA
0008: 36 2d 30 42 43 44 2d 34 6-0BCD-4
0010: 38 46 43 2d 39 39 39 38 8FC-9998
0018: 2d 43 36 41 43 45 41 45 -C6ACEAE
0020: 45 44 45 46 45 7d EDEFE}

Event Type:	Error
Event Source:	Application Hang
Event Category:	None
Event ID:	1001
Date: 9/20/2008
Time: 9:25:09 AM
User: N/A
Computer:	DAVID
Description:
Fault bucket 18738410.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket: 
0008: 31 38 37 33 38 34 31 30 18738410
0010: 0d 0a ..

Event Type:	Error
Event Source:	Application Hang
Event Category:	None
Event ID:	1001
Date: 9/20/2008
Time: 9:23:28 AM
User: N/A
Computer:	DAVID
Description:
Fault bucket 18738410.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket: 
0008: 31 38 37 33 38 34 31 30 18738410
0010: 0d 0a ..

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 9/19/2008
Time: 10:04:37 PM
User: N/A
Computer:	DAVID
Description:
Hanging application Ipe40.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 49 70 65 34 30 2e Ipe40.
0018: 65 78 65 20 31 2e 30 2e exe 1.0.
0020: 30 2e 30 20 69 6e 20 68 0.0 in h
0028: 75 6e 67 61 70 70 20 30 ungapp 0
0030: 2e 30 2e 30 2e 30 20 61 .0.0.0 a
0038: 74 20 6f 66 66 73 65 74 t offset
0040: 20 30 30 30 30 30 30 30 0000000
0048: 30 0

********************************************************************************************************************
NOTE SYSTEM ERRORS: There were approximately 40 errors and they were all identical to the one listed below.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 9/20/2008
Time: 11:10:48 AM
User: N/A
Computer:	DAVID
Description:
The Application Management service terminated with the following error: 
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwl


----------



## Cookiegal (Aug 27, 2003)

This is XP Home version, correct?


----------



## genoxano (Jan 31, 2004)

yes , windows xp home


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but unfortunately, I won't be able to post further instructions until tomorrow morning. I just wanted to let you know I hadn't forgotten about you.


----------



## genoxano (Jan 31, 2004)

Thanks for letting me know, I'll check back tomorrow.


----------



## Cookiegal (Aug 27, 2003)

You'll need to get this hotfix to fix the Application Management errors.

http://support.microsoft.com/kb/328213

As for the InstallShield one, I'll see if I can get help with that one.

It looks like you're not getting those "not a valid W32 application" errors anymore. Let's try running ComboFix again.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.


----------



## genoxano (Jan 31, 2004)

I get this error message when I try to download the HOTFIX


----------



## genoxano (Jan 31, 2004)

ComboFix 08-09-22.06 - gene 2008-09-23 18:09:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.399 [GMT -4:00]
Running from: C:\Documents and Settings\gene\Desktop\Combo-Fix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RECYCLER\desktopA.sys
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-23 17:35 . 2008-09-22 20:38	229,736	--a------	C:\Q328213_WXP_SP2_x86_ENU.exe
2008-09-23 17:16 . 2008-09-23 17:16 d--------	C:\WINDOWS\LastGood
2008-09-22 19:26 . 2008-09-22 19:26 d--------	C:\Program Files\Windows Installer Clean Up
2008-09-21 08:34 . 2008-09-22 19:08 d--------	C:\Program Files\SUPERAntiSpyware
2008-09-21 08:34 . 2008-09-22 19:08 d--------	C:\Documents and Settings\gene\Application Data\SUPERAntiSpyware.com
2008-09-21 08:34 . 2008-09-21 08:34 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-20 15:02 . 2008-09-20 15:02 d--------	C:\Program Files\Microsoft Silverlight
2008-09-19 19:25 . 2008-04-13 20:12	116,224	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-09-19 19:25 . 2008-04-13 20:12	18,944	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-09-19 19:25 . 2008-04-13 20:12	8,192	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-09-19 19:23 . 2008-04-13 14:36	8,832	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\wmiacpi.sys
2008-09-19 19:20 . 2008-04-13 14:45	60,032	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\usbaudio.sys
2008-09-19 19:20 . 2008-04-13 14:45	26,112	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\usbser.sys
2008-09-19 19:20 . 2008-04-13 14:45	17,152	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\usbohci.sys
2008-09-19 19:19 . 2008-04-13 14:40	149,376	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\tffsport.sys
2008-09-19 19:19 . 2008-04-13 20:12	82,944	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\tp4mon.exe
2008-09-19 19:17 . 2008-04-13 14:36	16,000	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\smbbatt.sys
2008-09-19 19:17 . 2008-04-13 14:40	7,552	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\sonyait.sys
2008-09-19 19:17 . 2008-04-13 14:36	6,912	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\smbclass.sys
2008-09-19 19:15 . 2008-04-13 14:40	43,904	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\sbp2port.sys
2008-09-19 19:15 . 2008-04-13 14:45	11,520	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\scsiscan.sys
2008-09-19 19:14 . 2008-04-13 14:40	79,104	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\rocket.sys
2008-09-19 19:14 . 2008-04-13 20:12	29,696	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\rw450ext.dll
2008-09-19 19:14 . 2008-04-13 20:12	27,648	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\rw430ext.dll
2008-09-19 19:13 . 2008-04-13 14:40	6,016	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\qic157.sys
2008-09-19 19:12 . 2008-04-13 20:10	259,328	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\perm3dd.dll
2008-09-19 19:12 . 2008-04-13 20:10	211,584	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\perm2dll.dll
2008-09-19 19:12 . 2008-04-13 20:12	159,232	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\ptpusd.dll
2008-09-19 19:12 . 2008-04-13 14:44	28,032	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\perm3.sys
2008-09-19 19:12 . 2008-04-13 14:44	27,904	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\perm2.sys
2008-09-19 19:12 . 2008-04-13 14:41	17,664	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\ppa3.sys
2008-09-19 19:12 . 2008-04-13 14:40	8,832	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\powerfil.sys
2008-09-19 19:10 . 2008-04-13 14:31	2,023,936	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-09-19 19:10 . 2008-04-13 14:54	28,672	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\nscirda.sys
2008-09-19 19:08 . 2008-04-13 14:46	49,024	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\mstape.sys
2008-09-19 19:08 . 2008-04-13 14:54	22,016	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\msircomm.sys
2008-09-19 19:06 . 2008-04-13 14:41	26,112	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\memstpci.sys
2008-09-19 19:05 . 2008-04-13 20:11	253,952	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\kdsusd.dll
2008-09-19 19:05 . 2008-04-13 20:11	48,640	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\kdsui.dll
2008-09-19 19:05 . 2008-04-13 14:40	34,688	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\lbrtfdc.sys
2008-09-19 19:05 . 2008-04-13 14:40	7,040	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\ltotape.sys
2008-09-19 19:04 . 2008-04-13 20:11	28,160	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\irmon.dll
2008-09-19 19:04 . 2008-04-13 14:39	14,592	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2008-09-19 19:04 . 2008-04-13 20:09	6,144	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\kbd106.dll
2008-09-19 19:03 . 2008-04-13 20:12	151,552	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\irftp.exe
2008-09-19 19:03 . 2008-04-13 14:54	88,192	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\irda.sys
2008-09-19 18:59 . 2008-04-13 20:11	21,504	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2008-09-19 18:59 . 2008-04-13 14:36	20,352	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\hidbatt.sys
2008-09-19 18:58 . 2008-04-13 14:45	59,136	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\gckernel.sys
2008-09-19 18:58 . 2008-04-13 14:40	28,288	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\grserial.sys
2008-09-19 18:58 . 2008-04-13 14:45	10,624	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\gameenum.sys
2008-09-19 18:56 . 2008-04-13 20:12	20,992	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-09-19 18:55 . 2008-04-13 14:39	206,976	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-09-19 18:55 . 2008-04-13 14:40	8,320	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\dlttape.sys
2008-09-19 18:53 . 2008-04-13 20:11	249,856	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\ctmasetp.dll
2008-09-19 18:53 . 2008-04-13 14:36	13,952	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\cmbatt.sys
2008-09-19 18:53 . 2008-04-13 14:36	10,240	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\compbatt.sys
2008-09-19 18:52 . 2008-04-13 20:11	121,856	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\camext30.dll
2008-09-19 18:52 . 2008-04-13 14:40	8,192	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\changer.sys
2008-09-19 18:51 . 2002-08-29 07:00	66,082	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\c_10021.nls
2008-09-19 18:51 . 2002-08-29 07:00	66,082	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\c_10004.nls
2008-09-19 18:50 . 2002-08-29 07:00	82,172	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\bopomofo.nls
2008-09-19 18:24 . 2008-09-19 18:26	145,328,350	--a------	C:\registrybackup2.reg
2008-09-15 17:53 . 2008-04-13 14:46	38,912	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\avc.sys
2008-09-15 17:53 . 2008-04-13 14:36	14,208	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\battc.sys
2008-09-15 17:53 . 2008-04-13 14:46	13,696	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\avcstrm.sys
2008-09-15 17:48 . 2008-04-13 14:46	48,128	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\61883.sys
2008-09-15 17:48 . 2008-04-13 14:40	12,288	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\4mmdat.sys
2008-09-15 17:45 . 2008-04-13 15:24	2,145,280	--a--c---	C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-09-09 21:58 . 2008-09-12 21:26 d--------	C:\desktop
2008-08-26 21:30 . 2008-08-26 21:30 d--------	C:\New Folder (2)
2008-08-26 20:04 . 2008-09-07 19:27	250	--a------	C:\WINDOWS\gmer.ini
2008-08-23 18:23 . 2008-08-23 18:23 d--------	C:\fsaua.data
2008-08-23 08:31 . 2008-08-23 08:31 d--------	C:\Documents and Settings\gene\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 23:25	---------	d-----w	C:\Program Files\MSECACHE
2008-09-21 20:53	---------	d-----w	C:\Program Files\Nova Development
2008-09-21 20:37	---------	d-----w	C:\Documents and Settings\gene\Application Data\Nova Development
2008-09-21 20:37	---------	d-----w	C:\Documents and Settings\gayle\Application Data\Nova Development
2008-09-21 20:37	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Nova Development
2008-09-21 14:59	---------	d-----w	C:\Program Files\Microsoft Works
2008-09-21 14:59	---------	d-----w	C:\Program Files\Microsoft Picture It! 7
2008-09-20 20:06	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-20 20:05	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-09-17 21:27	---------	d-----w	C:\Program Files\UltimateBet
2008-09-10 01:02	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kodak
2008-09-09 23:13	---------	d-----w	C:\Program Files\Kodak
2008-09-08 23:26	---------	d-----w	C:\Program Files\Java
2008-09-07 23:07	97,928	----a-w	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-25 20:08	---------	d-----w	C:\Program Files\ahead
2008-08-24 22:08	---------	d-----w	C:\Program Files\QuickTime
2008-08-24 22:05	---------	d-----w	C:\Program Files\Panda Security
2008-08-22 00:33	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-21 01:11	---------	d-----w	C:\Program Files\Picasa2
2008-08-19 20:46	---------	d-----w	C:\Documents and Settings\gene\Application Data\Malwarebytes
2008-08-19 20:45	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-19 20:44	---------	d-----w	C:\Program Files\Common Files\Download Manager
2008-08-14 16:59	20	---h--w	C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-08-13 23:51	---------	d-----w	C:\Documents and Settings\gene\Application Data\Windows Desktop Search
2008-08-13 23:48	---------	d-----w	C:\Program Files\Windows Desktop Search
2008-08-13 00:56	23,600	----a-w	C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-08-12 23:45	---------	d-----w	C:\Documents and Settings\All Users\Application Data\avg8
2008-08-12 18:56	---------	d-----w	C:\Documents and Settings\gayle\Application Data\AVGTOOLBAR
2008-07-28 00:23	---------	d-----w	C:\Documents and Settings\gene\Application Data\AVGTOOLBAR
2008-07-25 22:40	---------	d-----w	C:\Documents and Settings\All Users\Application Data\TomTom
2008-07-25 22:33	---------	d-----w	C:\Documents and Settings\gene\Application Data\TomTom
2008-07-25 22:32	---------	d-----w	C:\Program Files\TomTom HOME 2
2008-07-19 02:10	94,920	----a-w	C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 02:10	53,448	----a-w	C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 02:10	45,768	----a-w	C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 02:10	36,552	----a-w	C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 02:09	563,912	----a-w	C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 02:09	325,832	----a-w	C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 02:09	205,000	----a-w	C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 02:09	1,811,656	----a-w	C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 02:07	270,880	----a-w	C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 02:07	210,976	----a-w	C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:26	253,952	----a-w	C:\WINDOWS\SYSTEM32\es.dll
2008-07-05 12:07	10,520	----a-w	C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-06-24 22:12	295,936	------w	C:\WINDOWS\SYSTEM32\wmpeffects.dll
2008-06-24 16:43	74,240	----a-w	C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-23 16:57	826,368	----a-w	C:\WINDOWS\SYSTEM32\wininet.dll
2008-06-23 13:48	63,720	----a-w	C:\WindowsXP-KB884538-x86-Symbols-ENU.exe
2008-06-23 13:48	363,752	----a-w	C:\WindowsXP-KB884538-x86-ENU.exe
2007-09-10 16:16	254,920	----a-w	C:\Documents and Settings\gene\Application Data\GDIPFONTCACHEV1.DAT
2007-08-28 00:36	1,558	----a-w	C:\Program Files\rapport.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-11-19 892928]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 5058560]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-07 1235736]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-10-06 49152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll schannel.dll digest.dll msnsspc.dll zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
backup=C:\WINDOWS\pss\Microsoft Office Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Find Fast Indexer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk
backup=C:\WINDOWS\pss\Microsoft Office Find Fast Indexer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
backup=C:\WINDOWS\pss\Microsoft Office Shortcut Bar.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=C:\WINDOWS\pss\Nikon Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Explosion Calendar Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Explosion Calendar Checker.lnk
backup=C:\WINDOWS\pss\Photo Explosion Calendar Checker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2007-12-22 15:45 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-02-22 10:33 72192 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-01-04 11:50 405583 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 16:31 80896 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 14:16 5058560 C:\WINDOWS\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThrustTSR]
--a------ 2001-03-20 19:43 163840 C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 04:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-07 97928]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-02-22 104960]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-07 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 76040]
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [2007-01-15 73728]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-07 875288]
S3 chimou2k;WHEEL MOUSE PS2 MOUSE Filter Driver;C:\WINDOWS\system32\DRIVERS\bcm8042p.sys [2002-09-10 4428]
S3 RIOXDRV;SONICblue Rio generic driver XP+;C:\WINDOWS\system32\Drivers\RIOXDRV.sys [2003-02-06 18304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c569f6f-4fc4-11dd-b1e6-0007e9d2753d}]
\Shell\AutoRun\command - D:\InstallTomTomHOME.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{B25BCDD3-0369-44CF-B3A6-F2AD3FA5CB53} - (no file)
WebBrowser-{04571BEE-C7A8-4192-9AFE-44D5608DE027} - (no file)
WebBrowser-{B16E4C14-5546-4D5C-95FC-600B4520D270} - (no file)
WebBrowser-{08DDE5AA-B554-4B07-BA09-F802E00A25DC} - (no file)
HKLM-Run-DellSupportCenter - C:\Program Files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-DellSupportCenter - C:\Program Files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.charter.net/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O8 -: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: Backward Links - c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 -: Cached Snapshot of Page - c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 -: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 -: Similar Pages - c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 -: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {66E79B75-F711-4A88-9C6D-10BCA64F3306} - hxxp://www.drivecam.com/videos/DriveCamEvent.dll
C:\WINDOWS\Downloaded Program Files\DriveCamEvent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 18:16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-23 18:19:54
ComboFix-quarantined-files.txt 2008-09-23 22:19:23

Pre-Run: 24,277,745,664 bytes free
Post-Run: 24,516,898,816 bytes free

303	--- E O F ---	2008-09-20 18:57:03


----------



## Cookiegal (Aug 27, 2003)

ComboFix looks good.

Which download did you select for the hotfix?


----------



## genoxano (Jan 31, 2004)

These are the hotfixes that MS sent me when I went to the link you provided. I was unsure which one was right since they appeared to be identical. I tried both of them with the same results.

KB Article Number(s): 328213
Language: English
Platform: i386
Location: (http://hotfixv4.microsoft.com/Windows XP/sp2/PKG44201/2600/free/113859_ENU_i386_zip.exe)
Password:

-----------------------------------------------------------
KB Article Number(s): 328213
Language: English
Platform: i386
Location: (http://hotfixv4.microsoft.com/Windows XP/sp2/PKG33619/2600/free/86257_ENU_i386_zip.exe)
Password:


----------



## Cookiegal (Aug 27, 2003)

One of those is for 64-bit machines. I'm not sure you asked for the correct one.

On the screen where you check them off did you check off XP - English - i386?


----------



## genoxano (Jan 31, 2004)

Yes I did. I had 2 choices, not knowing which one to choose, I did both and tried them both. I got he same error message on both. (Please see message #50 above)

These were my 2 choices... I tried to download both of them and neither would work.

I Select Product Language Platform Release File name Version Build File size (bytes) Modified date 
Windows XP English i386 sp2 PKG44201 WxP 2600 325765 10/23/2003 5:18:50 PM 
Windows XP English i386 sp2 PKG33619 WxP 2600 267100 10/23/2003 5:06:07 AM 

Provide us with your e-mail address, type the characters you see in the picture, and then click Request hotfix.


----------



## Cookiegal (Aug 27, 2003)

Since you have SP3 you really shouldn't need the hotfix but that's usually what those errors in the Event Viewer mean. Can you check it again and see if they are still repeating?


----------



## genoxano (Jan 31, 2004)

My ctl-alt-del now works again. When I try to turn pc off to standby I get an error about "system standby failed, .Net framework update ver. 1.1.4432 Update is preventing standby. Try stopping the service and try again" . What does that mean?

***************************************************************************************************
Only these 2 service manager errors.. .

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 9/25/2008
Time: 4:12:09 PM
User: N/A
Computer:	DAVID
Description:
The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 9/25/2008
Time: 4:12:09 PM
User: N/A
Computer:	DAVID
Description:
Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

I've seen this problem relating to Antivir interfering so it's possible AVG is as well so let's try this:

Be sure to be disconnected from the Internet when doing this as your anti-virus program will be disabled.

Go to *Start *- *Run *- type *msconfig *and click OK.

Click on the *Services tab*.

Put a check mark in the box at the bottom that says " Hide All Microsoft
Services"

Uncheck the following services:

*avg8emc
avg8wd*

Now click on the Startup tab.

Uncheck all entries that refer to AVG there.

Click *Apply *then click *Close *and Yes to the prompt to restart the system.

Hopefully, this will allow the update to complete it's installation.

If so then do the reverse to put a check beside each entry you unchecked under both the startups and services and then reboot the machine.

Let me know how it goes please.


----------



## genoxano (Jan 31, 2004)

That did not work, the problem remains. It appears that I don't have the ,Net framework .1 installed.


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## genoxano (Jan 31, 2004)

Adobe Flash Player 9 ActiveX
AnswerWorks 4.0 Runtime - English
ArcSoft Panorama Maker 4
ArcSoft Print Creations
ArcSoft Print Creations - Photo Calendar
Avery DesignPro
Avery® Wizard 2.1 for Microsoft® Word 2002
AVG Free 8.0
BCM V.92 56K Modem
Belarc Advisor 7.2
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon PowerShot G3 WIA Driver
CD LabelMaker
Charter Pipeline® Self-Installation
Classic PhoneTools
Click'N Design 3D for AfterBurner(tm) (V5)
Dell Modem-On-Hold
Dell Movie Studio Diagnostics
Dell ResourceCD
Digital Line Detect
DriverAgent by TouchStone Software
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EasyCleaner
Family Lawyer 2004
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HyperLoad
Intel(R) PRO Ethernet Adapter and Software
Logitech iTouch Software
Logitech MouseWare 9.79.1 
Magic Snake Game 2003
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 3.0
Microsoft ActiveSync 3.8
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Modem Helper
MyDVD
NASCAR Heat
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Personal Health & Diet Manager (Desktop Edition)
Personal Health & Diet Manager (Pocket PC Edition)
Picasa 2
PowerDVD
Quicken 2004
QuickStitch
Readiris 7.5
Roxio CDEngine
SafeCast Shared Components
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shockwave
Spybot - Search & Destroy 1.4
Spyware Doctor 3.2
Thrustmapper
TomTom HOME
TurboTax Deluxe 2002
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe Deduction Maximizer 2006
UltimateBet
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
USB Driver
WebCyberCoach 3.2 Dell
WexTech AnswerWorks
Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
Windows Imaging Component
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip


----------



## Cookiegal (Aug 27, 2003)

You do have .Net Framework installed.

Lets try this Automated Windows Update Fix.

Download *WUFix.zip* and unzip to your desktop.
Double-Click WUFix.bat to run fix.
You will see a window open and commands processing. When the window closes the fix will have completed.
Restart the computer.
This fix will clear the proxy cache, places Windows Update sites in the Trusted Zone, places Windows Update sites in the exception list of IE Popup Blocker, starts all dependent services, registers required DLLS, empties the Windows Update temporary folder (with backup), renames the catroot2 folder, retains update history and Event log, and deletes BITS pending download queue.

Once done, go back to the *Windows Update Website* (You must use the Microsoft Internet Explorer to do this). Check your history to see if the update is already installed.


----------



## genoxano (Jan 31, 2004)

I think most everything is back in order. I THANK YOU for your time, patience and help. I will mark as solved. Thanks again, Geno


----------



## Cookiegal (Aug 27, 2003)

So you no longer get the system standby errors?


----------



## genoxano (Jan 31, 2004)

I haven't had one in 3 days, standby mode works again and ctl-alt-delete works again.


----------



## Cookiegal (Aug 27, 2003)

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.


----------

