Jump to content

noobJ

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by noobJ

  1. I think, for now, I will uninstall and re-install my CA Internet Security Suite, while I research and decide what combination of free security software will work the best for my internet habits and allow me to feel secure, because if I am scared to go on the internet, then my computer is basically useless. Thank you so much for all of your assistance, I really do appreciate it. Is there anything else I need to do or know before you close the topic?
  2. I don't know how to do that, it is part of a suite, and I have been thinking that it is too heavy for my system and that maybe I should replace the whole thing. I have kept it so long because I get the full version for free, but it would appear that there are many good free replacements out there now that would be lighter for my system. Do you have any recommendations?
  3. I followed all your instructions until it came to setting up file exclusions for my firewall, I tried twice but when I open my firewall and try to go anywhere but the overview page, it just hangs until it stops responding altogether and then I have to close it with the task manager. I was, however, able to add exclusions for AV & Anti-spyware on demand and real-time scanners. I rebooted again and tried to update, but got the same error message. I then disabled my firewall, which I can do from a right click on the icon in the system tray, and then I could update MBAM. I now have database version 4014 instead of 3930, should I run it? Are we done?
  4. A weird thing happened when ComboFix finished, I re-enabled my AV as usual and opened up my browser to post my log. It gave me the message about Firefox not being my default browser, which is normal, but after I clicked "yes" to make it my default browser, my computer froze completely, I had to power it down as nothing would respond to my mouse. When I booted it up again, I got the message again about my default browser and my home page didn't load, there was just a tab that said "Session Manager Loading" but my PC wasn't doing anything (no drive light or CPU activity showing on the Speed Up My PC icon in the system tray). Not sure if this has anything to do with what we're working on or not. Anyway, here is the ComboFix log: ComboFix 10-04-18.04 - Val 04/19/2010 21:36:15.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.669 [GMT -4:00] Running from: c:\documents and settings\Val\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Val\Desktop\CFscript.txt AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} . ((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 ))))))))))))))))))))))))))))))) . 2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT 2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD 2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7 2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6 2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5 2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4 2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3 2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2 2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1 2010-04-19 07:09 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0 2010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java 2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java 2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner 2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll 2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll 2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll 2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll 2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll 2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe 2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe 2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe 2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe 2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe 2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll 2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll 2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll 2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll 2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe 2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll 2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys 2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll 2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll 2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\windows\system32\drivers\etc\hosts --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 27 Created time: 2004-08-10 17:51 Modified time: 2010-04-19 06:07 MD5: 6A4029CFF35FD4BA34C001C1ED5D9945 SHA1: DB23360218B3BC39606394836768B13B43BB6FC7 ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392] "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664] "cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200] "capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296] "capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312] "WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon] 2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents\\Webshit\\setupxv.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584] R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456] R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296] R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816] R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrv REG_MULTI_SZ Tapisrv . Contents of the 'Scheduled Tasks' folder 2010-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27] 2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pogo.com/home/home.do mStart Page = hxxp://ca.yahoo.com uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\VetRedir.dll Trusted Zone: pogo.com\www DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-19 21:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(304) c:\windows\system32\UmxWnp.Dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'lsass.exe'(596) c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll - - - - - - - > 'explorer.exe'(2904) c:\windows\system32\WININET.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-04-19 21:59:36 ComboFix-quarantined-files.txt 2010-04-20 01:59 ComboFix2.txt 2010-04-19 06:24 ComboFix3.txt 2010-04-16 17:07 ComboFix4.txt 2010-04-16 04:32 ComboFix5.txt 2010-04-20 01:32 Pre-Run: 51,672,240,128 bytes free Post-Run: 51,636,817,920 bytes free - - End Of File - - B44F0625BFEC9D0160EF5D9310A2094A
  5. I downloaded the new version of ComboFix but it wouldn't let me overwrite the old one, said it was a read only file, so I renamed the old one, wasn't sure if I could just delete it or not. Here is the ComboFix log: ComboFix 10-04-17.07 - Val 04/19/2010 1:49.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.600 [GMT -4:00] Running from: c:\documents and settings\Val\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Val\Desktop\CFscript.txt AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} FILE :: "c:\windows\system32\drivers\sjlimgl.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_lwctth ((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 ))))))))))))))))))))))))))))))) . 2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT 2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD 2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7 2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6 2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5 2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4 2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3 2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2 2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1 2010-04-19 06:05 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0 2010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java 2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java 2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner 2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll 2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll 2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll 2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll 2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll 2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild 2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies 2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe 2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe 2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe 2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe 2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe 2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll 2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll 2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll 2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll 2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe 2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll 2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys 2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll 2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll 2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392] "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664] "cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200] "capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296] "capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312] "WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon] 2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents\\Webshit\\setupxv.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584] R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrv REG_MULTI_SZ Tapisrv . Contents of the 'Scheduled Tasks' folder 2010-04-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27] 2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pogo.com/home/home.do mStart Page = hxxp://ca.yahoo.com uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\VetRedir.dll Trusted Zone: pogo.com\www DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-19 02:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(460) c:\windows\system32\UmxWnp.Dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'lsass.exe'(516) c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll - - - - - - - > 'explorer.exe'(3848) c:\windows\system32\WININET.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe c:\program files\CA\CA Internet Security Suite\ccprovsp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2010-04-19 02:24:04 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-19 06:23 ComboFix2.txt 2010-04-16 17:07 ComboFix3.txt 2010-04-16 04:32 ComboFix4.txt 2010-04-10 00:10 Pre-Run: 51,833,638,912 bytes free Post-Run: 52,484,857,856 bytes free - - End Of File - - 5228EB92DE15F2B7B1F28308EC49ACC2 Not sure if this is anything to worry about or not, WinPatrol popped up just now saying there was a change in my HOSTS file....this is what was in the notepad: 127.0.0.1 localhost
  6. Ok, I backed up my registry again using ERUNT, then ran combofix again using the new CFScript.txt, here is the log: ComboFix 10-04-15.05 - Val 04/16/2010 12:44:41.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.538 [GMT -4:00] Running from: c:\documents and settings\Val\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Val\Desktop\CFscript.txt AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} . ((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 ))))))))))))))))))))))))))))))) . 2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT 2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD 2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7 2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6 2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5 2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4 2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3 2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2 2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1 2010-04-16 07:00 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0 2010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java 2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java 2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner 2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll 2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll 2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll 2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll 2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll 2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild 2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies 2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe 2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe 2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe 2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe 2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe 2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll 2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll 2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll 2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll 2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe 2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll 2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys 2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll 2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll 2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392] "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664] "cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200] "capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296] "capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312] "WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon] 2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents\\Webshit\\setupxv.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584] R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456] R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296] R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816] R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704] S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrv REG_MULTI_SZ Tapisrv . Contents of the 'Scheduled Tasks' folder 2010-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27] 2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pogo.com/home/home.do mStart Page = hxxp://ca.yahoo.com uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\VetRedir.dll Trusted Zone: pogo.com\www DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-16 12:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1064) c:\windows\system32\UmxWnp.Dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'lsass.exe'(1332) c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll - - - - - - - > 'explorer.exe'(3552) c:\windows\system32\WININET.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-04-16 13:07:40 ComboFix-quarantined-files.txt 2010-04-16 17:07 ComboFix2.txt 2010-04-16 04:32 ComboFix3.txt 2010-04-10 00:10 Pre-Run: 51,863,126,016 bytes free Post-Run: 51,825,545,216 bytes free - - End Of File - - B0CFF26F6F2AEFCFA7E425F22E9EE0C0 Then I ran your CHKDSK routine, when it was done and the system was booting up again, a screen appeared that said "The volume is clean"
  7. I backed up my registry with ERUNT. When Combofix opened, it said there was a newer version and asked if I wanted to update it, I clicked yes...I hope that was the right thing to do. Here is the Combofix log: ComboFix 10-04-14.04 - Val 04/16/2010 0:12.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.652 [GMT -4:00] Running from: c:\documents and settings\Val\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Val\Desktop\CFscript.txt AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} . ((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 ))))))))))))))))))))))))))))))) . 2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT 2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD 2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7 2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6 2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5 2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4 2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3 2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2 2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1 2010-04-15 08:35 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0 2010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java 2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java 2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner 2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll 2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll 2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll 2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll 2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll 2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild 2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies 2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe 2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe 2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe 2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe 2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe 2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll 2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll 2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll 2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll 2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe 2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll 2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys 2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll 2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll 2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392] "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664] "cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200] "capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296] "capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312] "WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LegacyDrive"= b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990 854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e9 2 a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d99530 9 a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623d f b40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625 0 75ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d2 5 bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df 4 389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16c f 9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c 8 7d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711 c 609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449d c 1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206 f 45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48 0 05d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0 f 441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e4 7 a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc34 7 6b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0 0 75b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d37 6 bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5b e d04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d 0 526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161d b d135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56c b 53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f 4 c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde9 2 b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9 6 79ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a99 5 8d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc0566 5 f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c1 6 eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b4 7 814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6 d e0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed26 0 bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc 5 80e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf1451 5 726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79 c e367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0 b b32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b0732 7 0e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff822 8 d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7c a fb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f9 0 5f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e2 1 c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca 9 2bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396 1 60b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a811 7 4756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0 b 1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619b f 03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da17 7 069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc 6 f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76 1 91bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc310019 2 e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6 b 1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c 7 ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf 7 c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4 b 552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba 0 14b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf754 1 b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e0711 0 331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b099741 1 dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c 8 8df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e22 5 5dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4 d 585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe63879 0 0c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f13 6 f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6f d 42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f1 1 bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf 6 64583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8 d df5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b464 4 1862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910 f b6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f 0 42596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62 f b884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494 3 08ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858 a 006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc 6 cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039a e fd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64 2 38b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad11 2 f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c 0 2e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1 e 7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe768 8 d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e 8 5d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d382162 5 8bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed6840 9 2ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715 e fe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304 f ab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853 d 0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37 e 36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0 b e3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6 b 8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b5 1 df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f 2 14bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d 8 a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e 0 8be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a 9 259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de160 9 5cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30 c 781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2 3 13dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8f c 8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd62 8 615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c 9 f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb 7 d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853 6 42b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c 3 d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b8 2 ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f281 3 1f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d222 8 1546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7 0 29c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de 6 e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc 9 78180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab 8 4bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc 1 c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559dd c 893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64 f 75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06c f 2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411 d 321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454 e fc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b95 6 098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c5 5 012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2 e e70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2 2 85d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b 9 9c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f553 2 1201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb72165 7 d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c29794 1 6f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93 f 7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94 d a6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6 a 47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee45169 3 000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d 6 2d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518 f 05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b 4 d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a0 0 802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0 c 24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e 0 7972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e 5 e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d9 5 6f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4 f e6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a573 9 2847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45 c 0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d5 7 c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1 f f81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d 9 4fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a 5 ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb0 0 f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20df a dcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4 d 3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca3 1 678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a18 1 de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47 f 09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9 c d9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbea d a61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e 0 69e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587ef b 033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13c e 0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6 d 98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e9762 6 7fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2 e 0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25e a be8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63b c f1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55 c 07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e9337 2 346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbf a d7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d 7 d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c8 8 eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2f b eec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e0 5 3e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd4 0 8631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b 3 10886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371 b baf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d7941 3 dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b 7 8ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e 6 61dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da5 2 077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82 c cd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7 d 5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863 4 28c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574 f 72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1 f 595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2 2 74f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7 d 8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb185 4 7b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca 3 a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db3 7 6fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a9792 6 f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b980 1 7fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01ad b 0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62 c bd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad 7 97704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e 7 1e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06 f 9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed978 2 cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb53 9 652f9212c875b7031300 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon] 2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents\\Webshit\\setupxv.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584] R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456] R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296] R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816] R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704] S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrv REG_MULTI_SZ Tapisrv . Contents of the 'Scheduled Tasks' folder 2010-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27] 2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pogo.com/home/home.do mStart Page = hxxp://ca.yahoo.com uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\VetRedir.dll Trusted Zone: pogo.com\www DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-16 00:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\windows\system32\UmxWnp.Dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'lsass.exe'(1088) c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll - - - - - - - > 'explorer.exe'(3640) c:\windows\system32\WININET.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-04-16 00:32:29 ComboFix-quarantined-files.txt 2010-04-16 04:32 ComboFix2.txt 2010-04-10 00:10 Pre-Run: 51,956,932,608 bytes free Post-Run: 51,925,209,088 bytes free - - End Of File - - 40D29E291AAD241EF14FA259930D7A71 I tried to update MBAM but still can't, got the same message: MBAM_ERROR_UPDATING (122,0, MultiByteToWideChar) The data area passed to a system call is too small I ran the quick scan anyway, here is the log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/16/2010 12:55:16 AM mbam-log-2010-04-16 (00-55-16).txt Scan type: Quick scan Objects scanned: 101756 Time elapsed: 18 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. OK, that was scary, and I had to google REGEDIT to find out how to do it (blushing), but I managed and here it is: REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000143 "DriveConfiguration"=hex:0c,a3,56,46,10,d6,45,25,ad,8e,b1,66,9b,f3,34,0d,59,d9,\ 5d,39,20,e8,4a,62,15,fb,79,df,c2,c7,db,ab,c7,bd,2a,68,cd,31,7d,a4,bc,bb,1a,\ 5c,2e,de,8b,be,23,e7,f4,33,f6,18,a3,9d,8f,06,e9,dd,db,40,28,99,79,31,2e,3c,\ b7,48,c1,3e,bc,55,7b,a5,c1,06,37,d8,cc,18,b4,8e,63,6c,a8,1d,b7,af,62,a6,33,\ 2d,4b,00,27,8a,c8,09,c9,b4,62,3a,79,15,24,7f,4a,0d,45,45,bd,9f,07,d4,cf,6b,\ df,df,37,dc,d6,59,e9,a2,2f,8b,de,63,4a,64,17,ad,c8,10,e0,30,f0,cb,52,2a,52,\ f8,1b,22,aa,6d,81,d9,07,12,a5,d7,7e,2c,aa,05,21,36,f0,45,6a,7f,e6,2f,8b,c3,\ 6a,f8,73,81,0a,c5,44,a4,19,6d,08,63,02,81,9f,66,dd,8a,fc,2a,40,91,91,a6,58,\ e5,08,2f,38,18,34,99,70,4b,47,9f,e2,ab,45,84,d1,3c,b9,fb,3b,d5,a6,44,69,6c,\ c0,99,c4,94,dc,c8,ea,44,a6,21,01,da,e7,92,92,4b,60,15,11,fb,0d,14,3a,48,0f,\ 9c,3a,bf,87,d5,eb,dd,d6,31,40,dd,17,e9,e4,cf,ec,aa,1e,ea,7e,8b,f8,23,bf,43,\ a0,fe,f2,99,0e,a5,6e,1b,e7,37,9f,13,a2,62,4d,b7,e9,34,21,a0,42,2e,65,7e,ee,\ 9b,0b,09,11,1f,f1,3a,14,93,63,bc,48,10,e1,c1,9d,cc,4a,23,4a,b0,20,5b,ba,5a,\ 70,ba,e9,29,30,35,88,59,bb,89,f3,27,68,7d,63,35,61,67,65,2f,b3,f1,8b,af,a1,\ 1d,61,5e,3e,87,a2,5c,3b,ea,ac,e3,fd,e6,32,27,f2,01,31,80,26,eb,25,ca,11,06,\ 7c,0c,b3,25,4b,59,e3,94,40,f4,e5,59,d7,b7,3a,ba,a4,d1,b6,bc,00,e2,1f,ea,7a,\ ab,64,80,c4,e7,9d,4a,48,e9,27,3b,06,46,92,b9,91,cf,ba,3c,5a,c2,33,17,31,40,\ eb,95,09,02,0a,48,fc,48,1d,9e,8e,13,74,b5,36,94,c8,71,1b,e4,21,cb,1b,f5,f7,\ 6c,11,c9,98,7a,58,e2,c9,b2,8b,f9,b0,b7,8f,f3,f2,a9,d4,9f,10,18,fa,d7,66,37,\ 7d,ec,8e,d0,c0,3a,9d,f5,9c,07,55,ad,0a,35,9d,9a,38,0d,2f,d9,dd,3c,91,2a,c9,\ 1b,46,51,c0,34,45,bb,88,01,aa,65,41,f6,ac,fa,f5,c2,cf,3b,70,d3,5a,a4,52,18,\ 0c,4d,62,0a,0b,0e,25,ed,1d,e6,af,53,1a,9e,ba,e3,a1,a9,f5,58,b0,0b,4f,9e,cc,\ 9d,0a,53,37,02,31,26,33,f8,d3,ef,02,49,e6,e6,d1,fd,a1,71,3e,ce,26,3a,19,dc,\ 64,85,67,a2,3c,c0,ad,29,e2,5c,6b,7b,87,dc,e6,5b,35,2c,2a,33,fa,33,50,4e,48,\ ab,fd,47,9c,31,2b,c2,5e,98,2c,59,08,83,eb,d9,8b,33,76,af,ee,9d,b9,be,9d,39,\ c0,8c,b1,91,35,f1,78,a4,08,96,6f,48,c6,a2,ba,5e,d7,ad,19,fd,0e,10,17,cc,7f,\ 60,84,b0,91,35,26,a8,53,30,ac,f4,14,3c,e3,7d,2d,13,2d,71,22,04,2e,2e,ea,f4,\ c8,61,8a,a4,4a,6f,e9,31,e4,14,df,e1,5e,49,8f,1c,0a,6c,f7,b9,f8,9b,c5,7b,c5,\ 68,60,6c,dc,85,94,78,09,50,7d,1e,2d,da,3a,18,f2,b6,61,af,45,ae,e6,1a,5a,b5,\ 3f,06,f1,1d,c5,76,d7,0a,5e,cd,af,27,59,29,f2,97,99,f3,35,2e,f6,b4,ab,e2,e0,\ 2b,ea,7c,45,9c,f2,93,b5,6a,6b,bb,c5,e8,2e,fa,b1,6d,07,7b,45,a6,b9,87,fd,31,\ 43,af,b0,6b,67,62,50,d9,79,57,32,2f,be,ea,8e,18,4b,af,3b,61,c5,88,20,a1,73,\ 6b,eb,1f,97,66,06,f0,ff,e0,c7,60,d7,21,e8,93,c1,14,36,6c,27,4c,8d,ae,d0,46,\ 03,62,b2,ee,64,78,08,64,df,b1,a4,ff,fe,bb,85,92,db,9e,ac,ef,91,58,2c,aa,f2,\ c4,81,20,de,78,c1,22,b7,7d,8f,59,66,ae,7c,53,79,bd,c1,73,8e,56,a7,ec,e4,55,\ ee,8f,d5,36,6e,e1,a0,cc,ff,71,6c,36,97,69,8a,0f,b2,62,fb,e6,f7,7d,32,ee,18,\ af,1a,f6,fa,5c,5b,9b,16,28,d9,bc,1e,09,7e,2e,e4,a1,3a,b1,78,cc,48,23,91,75,\ b2,f4,2f,ad,17,d0,da,7e,fe,ac,c6,fc,fc,81,16,de,1e,06,0c,b0,cc,cd,7f,3d,b9,\ 91,d0,ae,73,78,20,f6,38,95,c0,6d,0c,b1,e9,ba,08,4b,ae,f7,f5,dd,2e,10,1a,61,\ 0e,6c,51,14,27,d0,60,7a,7b,80,87,a2,6e,a7,56,ab,32,f8,c1,87,84,96,76,ff,96,\ 31,6e,f7,4c,72,c3,f4,c5,aa,9a,c1,db,8d,66,3f,fb,9a,35,30,4e,75,6c,75,fc,33,\ 1a,f5,21,11,d8,f0,d0,66,f3,90,58,d6,ce,c2,c6,c9,81,43,ab,1b,c6,fe,1f,15,16,\ 95,05,9d,0f,3e,91,a9,19,d0,08,f9,49,1d,c7,06,85,83,87,36,ea,be,df,51,6a,00,\ 0a,38,ba,44,eb,d5,6b,df,4e,bd,4e,56,58,71,7e,3e,79,c3,a5,b1,a6,eb,5e,2f,6e,\ 0c,d2,8e,60,48,2c,9d,20,83,4c,08,b9,69,c0,7c,35,b2,f0,0b,6b,a4,98,d1,19,da,\ 7c,d8,33,45,56,39,7a,70,14,84,4f,08,40,62,ca,9b,c0,79,07,a0,bf,90,c0,b8,eb,\ f4,21,33,e1,1a,d7,d6,e5,85,6b,db,95,d7,ea,ce,3a,62,93,34,27,77,01,26,dc,fa,\ d5,d3,98,bb,f0,a8,e8,a7,da,20,25,3f,60,dc,3e,4a,82,f6,b7,c7,8c,93,f2,26,82,\ b7,ae,b8,c1,5d,cd,63,e4,c8,5a,9a,e5,14,ca,8c,84,10,82,9c,ed,50,9a,12,95,7d,\ e1,10,65,f0,21,c7,1a,7f,a4,ea,ec,97,f6,95,63,6d,8b,ed,46,b5,2c,e7,03,bc,9a,\ 53,df,07,59,73,a5,87,a8,5f,98,be,0e,4e,ad,23,35,11,f7,c8,fb,e0,63,3a,c7,59,\ a5,a8,19,c6,72,48,66,9f,f0,f7,22,4f,6b,1f,1e,3b,49,de,14,01,40,65,80,fd,c6,\ 9e,b2,12,c9,11,22,a7,a1,08,03,ef,43,f1,1b,6e,95,b7,05,d1,b9,cc,27,88,7d,0a,\ 0f,2b,c2,e8,a7,09,71,3f,b5,e4,14,ff,bb,44,de,20,1b,11,eb,dc,7f,61,c8,1c,78,\ 8f,36,30,65,8d,2b,c2,97,7b,1a,0d,b3,78,74,4a,57,b8,6f,6b,00,d6,06,0c,2b,6c,\ 41,a7,ba,e2,b6,07,9a,83,50,ff,a3,d6,4f,5b,bf,2b,90,95,17,4f,74,0f,cf,ca,56,\ aa,77,a7,80,28,4c,7e,3c,79,0a,6a,43,3f,60,b1,d6,8e,a1,a7,0a,f0,bc,cf,64,ad,\ 6e,44,a5,49,b6,57,e7,4d,8a,7a,e9,4a,c8,5c,a8,1c,6f,56,2f,6c,0f,06,af,78,7e,\ 39,d2,17,cd,0f,4d,f7,7a,59,b4,2a,e7,46,93,e1,0b,3f,ba,77,95,68,0f,d8,b1,3d,\ 47,4c,44,fc,e1,37,97,fe,23,d6,cb,76,c6,0f,f8,a4,58,49,ba,4b,df,81,ed,64,bf,\ 9a,b4,14,de,f5,c0,dc,05,42,cf,0f,89,96,72,8a,2c,bd,14,9f,3e,d1,38,52,07,0b,\ 02,c8,6a,da,f9,fc,c2,32,0b,b4,10,27,d1,b3,58,ba,15,31,48,f3,92,95,88,1b,30,\ fa,30,bd,bc,3e,ed,30,a3,09,47,2e,c5,8d,3b,10,2a,83,30,ee,95,6d,2c,08,5c,1f,\ 48,64,76,7d,62,b9,d6,86,11,8c,f7,92,de,99,b9,d7,b1,74,6b,32,89,70,29,24,70,\ c0,68,1b,ae,dc,cf,f4,3e,26,48,bd,7e,ce,58,bf,2a,f3,ab,bc,8b,0b,f4,75,95,ec,\ 84,f3,6f,4e,ab,d7,f7,5d,ce,c7,64,a2,9d,bc,9c,f9,d6,91,da,46,22,5d,ae,64,39,\ 00,44,5e,4d,fc,ea,e2,a6,86,cd,f2,89,dd,03,dd,5f,db,cf,6e,13,ca,20,63,bc,78,\ 5a,20,7c,8e,59,a5,a8,1d,b3,be,29,7a,3e,79,22,4c,d3,dd,d2,e3,51,d9,bc,cc,e4,\ 95,7b,06,a2,87,62,20,26,c7,76,a5,92,ca,d6,86,2b,91,12,65,16,7a,9b,3f,6c,09,\ 78,4e,90,e7,3a,2e,c1,2b,31,3e,eb,d9,e0,49,c3,a8,af,66,12,09,e0,1c,51,64,c4,\ ca,77,a5,2f,46,0f,f7,29,c5,8d,cf,e6,fb,e2,2d,f8,82,4e,1e,c4,80,76,86,33,85,\ b6,1c,95,a9,b2,b8,b6,3b,20,46,c7,1d,7f,5c,26,59,fe,82,11,c7,6b,58,71,39,9c,\ 73,5f,f6,0d,67,e8,6a,ca,25,0d,1b,90,88,0e,df,2f,2a,e9,4c,32,7c,1d,71,c2,16,\ b3,c3,c8,4b,7f,5a,52,01,a4,5e,38,bf,56,bc,ff,08,e4,1d,fd,e8,f5,18,be,cc,11,\ a6,a7,96,64,95,d7,d9,f1,bf,c4,58,e2,e0,c5,6d,a0,f3,e4,49,a6,58,91,ea,06,a7,\ 96,43,00,f2,4e,97,d3,4a,12,26,d3,84,f5,0b,bc,3c,b1,65,46,1b,e0,b5,fa,56,70,\ 87,43,77,51,55,c8,60,70,a8,f9,8d,e9,80,e8,99,78,f6,5b,04,31,20,1f,33,72,35,\ 9f,b8,15,f1,b4,d4,95,ea,3b,bf,3a,64,06,f6,16,92,75,fb,4e,51,42,b3,08,c1,60,\ 55,6c,f5,df,c1,ab,ef,10,14,40,cb,eb,79,75,3a,ad,41,2a,32,c5,37,d2,e4,f1,2d,\ be,ef,a5,db,9e,d3,ac,ea,45,a8,11,4b,ac,0f,40,cd,3a,6a,69,ef,42,48,25,f2,cd,\ 23,5c,33,9b,4e,66,b8,64,95,29,70,09,63,97,22,41,15,b2,7e,64,3f,bd,0c,f3,2e,\ 59,34,be,42,fc,eb,fa,ae,a0,91,93,79,b8,1a,c3,c8,68,6d,e4,60,f5,09,83,67,7b,\ ee,b5,6a,de,bb,ae,a4,02,14,8f,7e,3f,46,80,52,0f,2e,ff,74,0a,56,77,73,15,62,\ 15,9c,d6,ab,d7,c0,6a,29,e6,37,95,5b,96,25,25,cc,d0,0a,fc,f7,80,ac,43,da,f9,\ 1e,95,2c,62,fc,ec,96,18,43,1f,20,4e,66,aa,e9,f6,9e,ae,1c,e5,81,38,1f,32,d6,\ c6,0e,df,a8,08,67,bb,99,e3,07,86,79,bb,55,57,17,f2,bd,3b,57,ac,60,1f,85,d6,\ 09,f0,e9,66,63,00,9c,e4,6a,ac,99,29,95,20,3b,17,66,81,0a,17,69,b8,e6,39,1c,\ 93,ba,d3,4f,35,6a,44,b7,0a,fe,86,36,00,03,03,5c,f5,2e,aa,2e,6b,43,41,27,83,\ 35,fd,7d,29,8f,50,a5,8c,12,02,19,d1,a0,83,59,08,58,80,30,5f,03,b4,38,95,af,\ 01,a0,b2,99,bf,2d,f6,51,53,7f,0f,18,04,96,95,8e,8d,0b,94,9c,89,e9,c5,e9,47,\ fe,dc,e6,c8,56,80,34,75,c6,07,5c,06,38,81,c0,a4,43,f8,d1,4a,ff,f6,83,71,17,\ 48,fe,ec,1f,02,97,11,28,c3,fe,19,92,3a,b9,c9,22,e9,d1,52,54,29,cb,77,f3,6f,\ d9,ed,e6,cd,52,07,4d,bc,60,92,cd,18,f8,fe,27,6c,d5,10,bf,10,70,0c,f3,3c,d0,\ 79,45,bd,2f,fd,11,8b,6c,8e,c9,64,24,e3,97,d6,78,28,44,99,10,f6,58,23,5f,82,\ 83,77,29,15,3b,3e,43,bc,a7,18,9a,40,bc,34,77,58,a5,1e,02,1e,69,d9,04,c0,c8,\ 2e,f1,78,65,43,25,be,2b,6f,6e,bb,e9,4d,cb,02,3f,10,73,95,7b,be,16,19,9f,4b,\ bf,6f,eb,c4,7f,e9,8e,e6,32,c3,65,6f,b0,45,2a,7f,a2,46,e9,44,94,ef,b3,d6,4a,\ c1,95,60,58,d9,cb,81,ed,73,32,f2,f0,ae,fc,68,4e,8e,a7,bc,92,47,30,49,b6,b9,\ 84,95,38,37,37,34,71,8c,78,ea,22,40,45,10,50,17,db,39,53,db,95,71,14,29,5b,\ 25,94,10,b4,37,4f,53,cf,75,24,64,2b,f6,21,2b,dd,0b,a4,9e,d5,73,c0,92,62,ce,\ e2,d0,f8,54,b4,6c,31,c7,41,52,13,a6,5a,22,91,a4,39,3e,54,58,65,20,bb,36,d5,\ f2,20,be,58,58,5d,f3,34,90,8e,0f,0e,be,19,75,0a,81,ec,e7,32,ca,06,95,f9,1c,\ ee,39,c6,c7,fa,2e,e1,c7,46,a9,8e,a2,4d,0e,33,79,bb,24,09,eb,c8,1a,17,36,c5,\ c8,61,9f,f4,36,5d,14,9d,62,a6,11,5e,3e,f4,c0,c3,f9,4c,64,16,7f,74,f7,79,43,\ aa,12,31,3c,95,0e,45,2d,7c,69,48,2a,b6,6b,73,58,62,09,f6,f4,57,09,90,97,95,\ 5e,67,5e,b8,9f,f8,f0,72,5a,4d,a2,87,d8,da,2a,a6,a0,57,6d,e9,ed,67,97,a2,60,\ 78,6a,57,f3,ea,d6,0b,2e,73,cb,bf,9d,c2,4b,39,81,62,c3,04,c6,e2,9b,b8,35,33,\ 0c,7b,eb,51,32,c8,0a,25,62,6f,ae,aa,bd,de,23,50,05,9e,55,9d,b0,20,87,1a,3b,\ ba,95,48,6d,c1,ed,a3,c3,cc,e9,97,71,6b,53,c6,da,85,45,71,93,6c,97,a4,c5,b5,\ 5d,ae,d3,48,b0,d4,3d,b3,b2,47,c4,c3,cc,52,d0,56,3a,d8,0e,6b,ca,fe,5d,7b,e0,\ 25,eb,0c,be,1b,9b,83,02,92,ab,3a,70,d1,93,d2,f2,a9,30,cb,dd,ab,21,51,76,98,\ 71,59,b5,95,19,77,ed,49,b0,fb,c4,db,ef,9a,16,97,e8,6c,ae,e9,e4,e3,41,84,57,\ f7,fe,a9,14,80,66,a6,be,e3,5e,9d,7f,f0,83,86,fc,0b,bd,77,88,8a,17,23,97,5f,\ ce,a1,76,f7,a7,6f,3a,61,86,b7,f6,b3,3d,d1,32,aa,a2,08,98,90,e4,a1,ef,63,1f,\ 19,4e,33,2d,af,95,89,cc,bf,22,f0,95,ad,bc,39,b8,8b,8f,ba,83,7d,ff,db,0e,4c,\ 81,cc,1f,b9,a1,73,4a,11,4a,a9,5d,01,42,a5,fb,ac,f4,b8,86,fb,72,3b,42,34,ba,\ c6,b8,cf,38,a3,59,84,8d,83,64,a9,8f,6f,0a,bb,91,01,cf,3b,e4,d3,33,bb,9d,38,\ 92,38,99,2a,49,aa,bf,95,84,1a,da,85,71,d1,74,b6,25,28,5d,72,cb,e9,46,76,be,\ 52,82,9d,fb,bd,14,a7,d6,80,0d,3a,ed,13,15,26,5b,70,47,ed,2e,c0,42,83,1a,33,\ 7c,52,6e,30,da,81,48,ae,7e,76,05,e1,e0,9a,fc,1a,21,5c,6c,e8,9b,78,b2,84,bd,\ 79,c0,6c,16,7c,ca,4d,af,38,95,42,26,9e,3b,07,ab,d8,76,da,e7,47,fc,11,26,1d,\ 07,8f,12,67,3c,f3,1c,e5,30,10,1e,19,2a,9d,3e,9e,2a,2e,15,bb,2b,63,10,38,a6,\ 60,17,70,57,7d,6d,a8,43,3e,d8,9f,fa,85,01,66,1a,06,1d,72,14,fc,cd,f0,33,1a,\ 43,58,da,c5,a7,45,0c,80,b9,84,32,95,a8,b7,6b,19,61,81,6c,3b,d0,fb,e9,3f,8a,\ b3,4a,c3,4d,c4,4e,58,ee,f9,9e,ce,93,36,a8,b2,22,14,aa,16,fa,cc,0d,90,e0,56,\ f5,85,3c,d2,16,a8,85,26,c9,bd,fa,e9,5f,a3,93,7f,b5,91,37,86,08,a0,2f,71,0b,\ 8a,db,73,37,b1,a3,9f,63,63,31,4d,94,5c,95,dd,bf,16,8c,69,05,cc,1b,ef,1d,c4,\ ab,17,5f,0e,dd,8d,18,cf,16,b3,76,91,83,92,a4,dd,5a,17,35,0c,63,7c,c6,5a,b7,\ 04,df,3c,c8,eb,1b,f3,a2,9d,89,62,71,26,51,1d,42,ea,9b,c2,0e,96,ac,8c,f4,56,\ 52,25,c6,48,83,bc,c7,31,41,58,b3,70,c0,6c,00,95,30,cb,ab,64,e1,64,1d,97,e8,\ ab,73,5a,95,00,97,b8,56,6c,88,8c,2b,3d,65,43,5a,f1,c7,e3,64,56,54,4c,37,ee,\ 92,be,a5,98,f8,9c,15,6d,4b,70,79,e9,28,2e,80,4b,dc,bd,0c,3e,7c,b3,e6,b8,32,\ 60,b0,23,d6,0f,1c,bb,be,88,5c,37,d6,da,d9,ab,f3,57,95,28,ad,64,df,3a,b6,ca,\ 62,d3,cc,2a,a0,3d,5e,41,33,3d,70,18,d0,46,f7,d7,ca,ed,87,de,d7,9d,2b,12,17,\ 8c,94,75,52,ed,77,fa,81,67,30,97,91,c7,ab,9b,63,f2,84,42,17,1d,6d,87,8a,40,\ d1,39,1d,c7,b6,51,b9,8b,e8,83,0f,02,54,13,25,b2,b2,ea,0e,95,ec,67,e9,f8,b6,\ a9,7d,6d,09,e4,74,d2,3d,5c,0f,34,c1,14,58,43,0f,ef,b5,9f,df,16,be,53,9b,99,\ 4c,9f,14,59,d2,fb,73,25,f1,58,72,23,46,a9,cc,72,87,a2,f1,0d,ce,c0,ff,f3,34,\ 89,ee,85,a2,15,0a,2f,e4,cd,a7,4a,ff,73,10,41,c5,62,c0,f3,a6,18,95,d5,59,c9,\ f1,c1,69,5b,35,43,3a,27,55,95,68,68,72,e7,ba,db,1f,0d,02,18,68,75,45,21,13,\ 5b,1c,3c,25,40,5a,fe,a8,98,ef,a9,ac,c3,0c,b7,8c,3e,88,b7,73,1b,83,58,1e,ae,\ 49,c4,e3,8a,79,2f,f2,ab,66,af,db,f5,bd,4e,50,dd,68,5d,2c,66,b3,0c,b5,95,50,\ ae,38,1e,8c,d2,84,50,f2,e7,ab,ea,36,24,14,87,19,99,a8,3f,dc,ca,e0,70,fa,9d,\ 22,be,16,76,4d,58,33,a0,92,7d,23,ef,87,3f,42,a3,76,88,64,90,fb,5a,0b,7c,ce,\ 5b,dd,c9,dd,90,56,53,9e,69,bb,9c,a3,fe,4f,27,6e,98,c8,21,88,73,04,46,cd,c2,\ 95,f9,03,0a,f4,ea,d8,ca,36,e1,01,6c,39,59,55,79,35,3b,6e,35,2e,0c,0a,74,75,\ 64,b1,af,73,a2,98,57,a2,de,c6,69,dc,1f,75,43,d8,ce,bb,b6,f1,6b,6a,5c,2a,7f,\ 34,2c,70,d2,13,4b,1e,dd,e7,25,c7,82,61,bd,2f,fb,21,41,9a,11,1b,e2,4a,8e,3f,\ e2,43,95,f4,59,ef,51,6f,36,af,4c,09,08,9c,9b,1d,0b,12,f7,0e,69,a6,71,38,5b,\ ba,b7,27,92,4e,93,07,d5,19,b4,5c,eb,d9,b1,f3,bb,e7,4b,19,b2,0e,f2,0a,65,9d,\ 8b,ac,78,bb,71,7e,be,fb,ba,cb,a1,30,bb,23,c5,83,ce,0b,e8,c3,52,f4,0d,fb,f4,\ 6a,d9,4a,2d,95,8e,3d,ef,0c,c6,55,a4,36,b3,90,2d,2b,64,12,30,cb,c9,56,47,18,\ 6a,18,54,3d,58,72,14,cf,64,45,f8,54,90,da,30,02,c3,c9,08,c8,c1,1a,77,93,59,\ ab,f5,ca,e0,d1,8e,1a,df,42,35,79,09,33,5a,65,70,bd,be,6d,f8,85,87,f3,0b,9c,\ 8f,30,8e,a4,02,78,f8,14,35,28,c0,52,7e,7f,5d,d3,30,0d,0e,ed,97,f4,3d,f4,0a,\ 47,82,ad,86,1c,69,06,96,e3,75,04,76,f6,65,fc,77,70,b5,06,a5,43,68,af,a8,85,\ 05,ee,e8,0b,e0,59,f4,39,9a,99,25,18,eb,1c,7e,a9,9f,09,d7,7a,df,79,3b,76,b2,\ e4,8e,01,c3,d9,73,45,65,95,f3,6c,c6,d4,08,43,3d,be,a3,aa,a3,02,b5,1e,8c,b7,\ 87,11,b6,70,f3,47,e2,be,d4,81,e2,f7,bb,59,f4,36,e3,6d,4e,a3,68,bf,fa,f5,b3,\ 5c,e4,34,39,3c,32,c4,65,6a,d3,9f,d2,64,5b,e2,be,c5,0e,8b,bc,21,3a,81,a8,31,\ ca,d4,e0,30,19,47,b1,84,04,0c,95,10,a1,43,ce,8b,2b,f9,f4,7e,5a,89,25,8a,a3,\ ac,07,43,95,c0,4d,29,01,63,f0,da,5d,41,bc,85,6a,2a,0f,a2,15,68,de,e1,9b,4f,\ f8,60,f1,15,8f,20,63,e4,f4,ba,7b,2e,a2,4e,24,41,7e,bd,0f,1b,5d,18,56,7f,c7,\ 57,60,48,fa,4f,04,fe,32,de,f1,a7,28,95,69,4d,e0,d9,88,9c,2c,88,ff,e4,8b,06,\ f1,0e,4f,31,50,90,2b,bb,98,49,8d,2d,bd,ac,2d,2b,61,21,e6,f9,4b,a8,c5,3e,15,\ c0,60,08,24,87,6a,11,dd,22,84,40,16,5f,55,73,cb,99,dc,7c,13,dc,05,69,52,4a,\ 7b,09,af,be,be,ab,c9,ae,75,29,a5,56,05,26,95,eb,13,62,93,53,0d,25,78,5a,18,\ e0,f1,39,dc,ae,76,17,34,0e,60,7e,d5,f1,a9,0c,30,11,f4,6b,99,85,cd,82,a8,92,\ 31,ed,e0,c5,51,ab,8e,3e,93,17,f4,4f,da,1a,a7,46,07,9e,36,86,bf,46,0c,dd,6f,\ 5c,98,11,8e,0a,aa,bc,22,ce,21,5a,86,28,c3,a1,6a,95,95,6c,10,1b,c1,6b,cb,05,\ f9,29,a6,76,df,0b,80,a4,61,9a,d2,f2,ec,e2,87,6f,dc,17,0f,a0,38,7f,af,7f,9c,\ 8b,1b,c3,76,47,46,62,75,f5,79,55,3f,f5,a2,9b,63,e9,ef,80,8e,15,9c,1f,01,0c,\ 09,26,42,89,10,d9,12,9b,95,5a,a0,05,5f,27,fc,e4,26,e4,95,ce,92,ed,5b,48,cb,\ 91,c1,59,0e,a3,3a,24,46,73,a0,b0,aa,6d,80,e1,e2,a9,66,a7,6b,bd,5b,75,3c,d6,\ ab,f5,aa,07,ec,f9,89,e0,3b,b5,94,43,c9,2c,0e,73,96,e9,aa,6e,7d,ef,a9,7d,71,\ f2,42,09,06,c8,46,b0,33,1a,04,98,56,5f,6a,03,78,0b,6e,24,d3,95,03,ac,31,91,\ 55,51,ba,d7,26,37,39,02,eb,51,ea,30,dc,4a,dd,03,a6,69,49,a1,61,b8,23,00,c1,\ 65,ef,60,90,68,d7,19,5c,66,fa,96,6d,d6,06,a2,f9,62,09,e2,9b,90,84,a3,02,a1,\ c1,d6,e6,b9,67,59,41,41,4c,79,bb,8a,8a,b4,66,b3,d5,c3,ab,cc,0c,d7,95,84,3b,\ 0d,24,ec,5f,ce,9c,94,74,a9,fd,d8,b7,f8,0d,f1,ca,e2,24,6c,59,74,ec,db,fe,f4,\ 65,ca,62,72,2c,f5,a5,9f,fc,b7,01,e2,75,c6,aa,a9,1c,1e,f8,fd,a4,3b,c7,5a,6b,\ 8b,1e,bd,48,23,10,fe,84,b1,e0,60,26,b2,68,67,74,e5,bc,ea,b6,ff,0a,68,3d,95,\ a0,c5,9f,a4,86,02,5b,56,00,22,8d,50,a6,b1,9c,28,48,8e,00,4f,24,4c,0c,93,5c,\ d9,0b,e8,a7,5d,8f,67,46,65,06,97,39,41,8e,ec,b4,aa,0a,8d,cd,a8,76,5a,77,b3,\ 77,2e,b3,19,37,61,05,9f,6f,92,25,6b,c5,a3,f8,22,59,04,be,4d,9b,35,8d,01,5f,\ 86,95,fe,bf,33,21,26,99,f0,4b,c8,96,8f,e7,c8,58,3e,3c,e3,fc,b3,f8,9e,42,c1,\ 74,7c,ee,29,39,74,6e,b2,c3,a2,bc,7c,86,3d,86,91,2f,c9,8c,bd,2c,8e,4a,9f,6e,\ 48,d8,01,6e,20,0e,65,6e,db,eb,e0,01,52,38,2c,cd,22,68,f8,90,a4,c3,82,61,20,\ c4,68,38,95,3d,bf,bb,b1,bc,c6,56,0d,66,ce,6e,7a,43,0e,69,94,0d,a8,f4,2b,e4,\ 8b,50,47,43,98,ec,69,33,03,39,14,bf,fd,ba,8c,a7,90,5a,de,58,ca,03,20,1c,1d,\ 6c,fa,8f,06,33,65,52,ed,2b,b3,03,4c,f7,d0,6c,14,d8,c7,fa,4c,c3,88,71,fc,b7,\ e8,df,49,4d,e9,95,ce,e1,90,3c,be,9a,10,04,d3,55,32,dd,ca,29,ca,1d,31,be,ec,\ 59,d8,f6,fe,2b,83,d3,12,33,e1,95,73,5c,c2,22,7e,61,84,ab,b4,8f,ce,8d,0c,cc,\ 81,75,8e,d8,ec,c8,1d,d3,3f,42,95,00,43,dc,16,c8,48,f4,9e,02,5e,a8,de,71,c8,\ 82,46,8e,ad,5b,63,88,95,11,79,6a,8a,04,fb,15,3c,19,77,ad,8c,1a,e1,68,ae,fa,\ af,f6,61,0b,3a,57,75,71,68,ef,8a,d7,88,dc,1a,60,7d,87,ba,e1,1f,79,9c,4d,de,\ 71,59,70,a8,b3,ed,e1,0d,a2,03,32,a2,91,73,69,a3,d7,0a,b4,dc,21,89,58,c9,0c,\ f0,eb,fc,f4,fc,c3,bf,06,ee,95,ae,fb,9d,8e,e3,58,cb,70,39,a6,35,76,97,7b,25,\ 96,ac,1e,da,dd,e0,a4,22,b4,8a,59,2b,63,63,62,97,d3,3a,a0,ce,98,ea,d6,98,2e,\ 8a,0f,eb,83,e3,3a,01,b6,27,18,ae,1f,df,58,f1,8f,26,ff,c9,d9,15,0e,4a,91,7e,\ 5f,ef,13,dd,d1,32,c7,8b,a4,5a,a4,95,35,26,95,f3,8d,90,46,56,3f,2b,a0,08,27,\ b7,74,66,c1,0c,47,af,e1,02,a8,08,a4,8f,c0,c3,a6,2f,2b,e0,75,89,06,d4,46,4f,\ 4a,8a,e7,66,58,a8,f5,47,d4,13,4f,a5,b7,b5,ca,4f,a0,7e,27,59,6b,a8,42,76,05,\ 40,8b,a9,7f,e2,ba,1d,61,c3,bf,50,40,f5,95,f8,77,93,e7,a7,1e,c2,2b,a3,10,80,\ 7d,4d,76,5b,00,c6,43,91,ca,60,cf,26,a3,52,c1,33,0a,af,33,81,79,99,11,56,eb,\ b1,c2,8f,9a,d3,0b,ef,0d,00,30,b7,52,9c,5c,77,88,da,42,23,a1,74,05,69,66,9f,\ 55,42,bc,3e,db,c8,25,56,d8,47,8a,c2,09,96,37,95,28,cd,a8,27,2b,89,5e,82,e2,\ 4c,9f,64,89,af,ab,e0,77,00,ac,45,50,9f,8e,9f,7c,a7,11,81,d8,d1,1d,02,ab,96,\ 55,06,db,94,ee,bf,61,33,c2,72,fa,88,a0,7f,1f,7a,e7,9c,38,23,53,61,0d,78,16,\ 09,7d,2d,2b,77,72,d3,e7,77,14,43,d1,47,3d,40,b3,55,95,2d,58,f1,4b,80,0b,1a,\ 49,5c,30,bd,71,ef,93,7e,a9,19,e3,68,9c,65,cc,85,02,3e,60,ac,22,60,bb,9b,95,\ 8c,e7,45,4c,80,fd,6d,d4,26,8d,74,d9,0c,40,70,ea,14,bc,7d,7b,6c,c8,58,30,c1,\ b1,2a,59,b0,ec,a1,b8,7e,fc,45,8b,08,96,0a,c6,fd,04,21,a1,95,4a,c7,14,52,d6,\ 80,12,1c,70,11,87,88,05,ff,f0,f2,17,1a,ee,48,6a,61,99,0f,01,20,16,a7,48,5b,\ 6c,cf,93,6f,93,6b,c7,f7,ce,85,57,ed,3b,93,73,11,a9,f8,7b,8f,a9,cd,ba,dc,e8,\ e0,51,e1,bc,fd,71,5b,fc,6d,ce,82,15,bd,50,e8,5a,c0,0b,a5,9c,d7,95,71,b1,fb,\ 70,c6,91,fb,cd,d5,36,da,07,e2,22,22,52,df,cc,7a,82,e2,46,c1,ce,d7,1d,5e,d5,\ 72,80,d1,de,68,a5,8e,64,df,69,0c,d2,23,37,19,8b,9a,2a,70,2d,fa,76,8d,17,b9,\ 04,c0,29,c5,5c,81,ca,76,c8,03,30,c1,b6,0b,db,ae,5f,03,63,0c,a6,4a,74,95,63,\ 43,cf,17,2a,20,de,33,3a,03,39,53,83,6e,6b,a9,fe,c3,59,53,e2,ac,1a,de,1b,ba,\ 09,09,f8,4c,18,cb,24,b3,67,97,d7,94,15,de,4d,8d,55,d5,78,1b,c5,7a,f1,bb,fc,\ d1,35,4f,62,74,0e,c4,45,4a,4f,f2,29,97,c4,c3,5f,35,69,98,d9,20,da,e8,3c,38,\ 95,0b,2a,37,43,39,f6,13,32,21,67,8c,a5,6f,c3,e0,b1,79,5e,25,e0,2d,bb,df,79,\ 48,f5,d2,02,c9,5d,15,04,a6,65,68,0e,bd,bd,c7,fc,0d,bb,3f,79,26,00,01,c3,de,\ 59,b5,ae,46,e3,11,ec,dd,73,a9,8b,03,34,09,bf,b0,92,01,e2,65,57,40,b9,63,14,\ 24,f9,95,1b,c3,d1,0a,e7,aa,81,0a,f7,82,1a,15,8e,d9,06,c4,6e,b5,3f,f3,90,7a,\ a9,c8,19,0e,a5,f0,8a,3a,e3,2c,37,54,77,0d,fa,1b,30,fb,28,e2,25,7c,c4,f1,90,\ b3,f3,28,e0,27,b0,e5,09,c6,c1,28,1f,2a,ea,f5,23,1b,60,fa,1c,54,80,72,6a,8a,\ c1,49,58,aa,95,e8,81,f0,62,7b,d4,13,e4,77,9b,c9,e7,45,ee,d5,ee,eb,0d,8c,cc,\ 7f,fe,e8,68,e2,78,d9,be,aa,00,db,26,60,52,cd,d9,ec,02,01,b1,4d,63,90,30,8e,\ a8,f0,c4,f5,49,c8,49,7d,a8,02,d0,86,f5,22,9f,cc,4f,d7,78,96,2c,d0,1f,2f,fa,\ d1,16,9a,06,06,ab,95,82,9e,97,34,70,72,7c,9a,40,40,93,14,d6,b1,f0,35,0d,7d,\ 74,29,f0,d6,a1,3b,2d,04,ac,9b,c6,4d,d4,5f,0a,17,f3,c7,c4,50,53,c5,b2,0e,c2,\ bd,39,73,e9,89,56,d4,d9,c0,d8,1a,e7,38,cd,68,ba,c9,3a,fd,a2,54,0f,5d,2b,04,\ 59,ab,f3,d4,ba,5a,b8,52,95,16,04,b5,a2,90,9a,2f,c5,b5,be,4b,1b,f6,6d,22,27,\ 5c,e1,17,93,77,b6,68,74,97,4b,04,ce,3f,6b,9d,5b,d7,2d,fd,88,a1,18,9d,c1,ee,\ 8b,74,ee,92,5c,0d,3e,95,c0,dc,23,2b,6b,d2,9d,e7,f8,2f,bc,2b,8a,98,60,e3,b4,\ 69,44,73,96,4c,3b,ed,49,0a,b9,95,88,7d,a2,94,4e,61,98,0c,14,c3,90,09,af,79,\ 1b,a5,65,ff,d1,ea,a2,61,a0,dd,ec,5c,63,bb,19,c0,b7,82,c0,18,0a,b3,ed,8d,f4,\ 57,19,08,cb,40,59,97,72,91,d5,12,71,80,7c,fe,4b,5b,f6,b1,0b,c9,da,b7,21,53,\ 22,75,6c,23,db,0c,98,0b,21,80,aa,c8,95,4b,1a,d9,89,63,0b,a0,ab,d9,51,11,c7,\ 78,df,6c,ee,98,f8,f0,33,96,dc,f1,6a,81,a6,2b,30,16,75,56,2b,ef,ca,fa,93,f7,\ 31,85,f2,21,24,9b,28,5a,2c,ad,b1,bb,49,cd,2b,04,94,c1,12,46,23,56,cf,df,2d,\ f6,f1,ab,6e,7d,ba,79,cd,49,dd,bc,3d,90,86,95,83,e1,f7,9b,ac,73,60,41,54,e6,\ 03,a3,91,4a,c0,ee,64,f1,b3,a0,e9,d0,0a,03,d1,27,13,f4,12,64,99,e9,dd,45,71,\ 33,d1,3e,50,7f,6e,1a,df,a3,cc,e4,12,98,8d,08,b5,c2,10,b6,47,78,e7,87,0c,c0,\ 8c,63,5e,5a,4f,a2,44,01,93,71,46,ed,3a,78,7f,9c,95,5e,b9,f3,d2,42,bc,23,de,\ 88,e9,df,20,a4,35,5c,c8,90,01,86,e0,c1,3e,97,8d,5a,d6,e9,92,a1,47,08,15,af,\ 91,0c,a6,6b,53,26,7d,b9,31,78,03,ee,78,2a,94,87,05,ba,84,1b,63,93,60,8f,33,\ e2,76,89,d1,a5,97,27,34,04,1b,f0,16,e5,26,0b,55,bb,2a,95,ae,9a,9e,ad,da,38,\ a1,4d,46,57,60,01,98,51,d8,a1,db,5c,7c,a9,2e,6a,84,39,b9,4d,89,61,e6,1f,4f,\ 9c,cd,e1,e1,9a,ef,62,e4,43,28,62,25,f8,df,f8,74,1c,80,31,b5,d3,2c,fa,34,09,\ ae,40,39,b6,b2,55,dc,61,31,96,1b,e3,30,4b,2a,6e,aa,ce,0a,ce,95,cb,ef,5d,ee,\ 5e,98,79,9d,89,ad,bb,92,b8,36,1e,ae,d7,c0,0c,82,c4,00,73,11,04,ba,1c,d7,b4,\ e1,39,0a,c3,00,3c,1f,5f,d8,f0,90,ad,4b,c2,dd,bd,79,5f,d0,bd,28,85,06,6d,69,\ 12,ab,d2,78,62,85,2f,e5,d7,34,31,f1,b9,b8,6a,3b,41,33,00,9c,f0,f0,95,a7,4f,\ 25,a5,cc,55,ef,f5,13,17,20,39,04,4e,a3,80,01,20,0f,d4,7c,8b,7b,bf,66,07,94,\ 0e,eb,67,ee,d5,5c,01,98,b4,6d,0e,f3,58,a0,53,c4,44,01,01,87,d1,14,db,06,73,\ 0c,96,2b,3f,3d,85,13,aa,d4,76,63,94,c6,d6,df,85,06,1c,39,36,fb,65,26,53,95,\ 31,5c,b7,7f,4f,5d,e7,98,49,da,70,3d,d6,fd,e4,8e,25,8f,f8,33,cb,18,23,a0,00,\ 48,68,97,0c,95,6f,ee,fc,26,db,92,99,f0,d8,cc,9b,1f,f3,c3,19,b7,2f,42,44,7b,\ 55,bc,55,0d,8b,8e,c4,58,28,83,bb,2b,c7,9d,ca,26,9a,13,dc,da,01,96,6a,2c,5c,\ d8,95,ee,fa,1d,4f,9b,02,21,36,4b,ff,40,d6,b9,14,23,03,f0,6e,55,e9,03,25,9d,\ 09,ff,64,8c,7e,1e,ca,52,85,3d,10,d5,3c,90,eb,05,aa,95,34,69,00,46,46,fe,1e,\ 93,a7,42,59,0f,eb,8c,7c,ea,d6,9e,0c,1f,c1,7d,d1,ee,3f,80,91,8d,00,a8,1f,1b,\ f5,2f,94,95,d5,b4,64,dd,8c,1f,b5,76,56,40,0e,74,84,78,62,c9,d5,d9,86,c4,e9,\ d0,46,d7,f9,07,b3,9d,c4,89,ba,1b,cd,27,fb,46,c3,1b,d7,c6,41,ec,cb,fa,b7,91,\ fd,3c,a8,d9,15,66,17,0b,4e,95,3b,c9,cd,2d,7a,3a,31,1d,95,67,6b,64,21,e6,d0,\ d3,36,b6,6c,15,95,6b,6b,9a,ee,01,8b,d1,c0,5e,37,c1,53,bd,0e,9f,d5,25,4e,bd,\ 20,97,3c,5d,3c,8c,c7,c7,25,9e,68,99,ce,86,4c,5f,65,46,b5,63,d9,a7,9d,c6,9a,\ e6,9d,d0,9f,ab,0e,85,ae,3a,6e,79,d8,ed,05,e5,42,e2,c8,f9,2c,f1,7d,74,2b,e1,\ 20,73,b9,db,86,86,f0,95,1e,40,09,93,f5,c2,b2,4e,e6,c4,66,3f,2d,e9,51,b4,68,\ 9f,35,37,94,46,02,c8,38,94,a8,69,e0,38,29,e0,cd,bd,f2,b8,eb,b2,6b,89,03,08,\ cd,79,32,bb,33,03,9a,b4,f4,f7,57,ee,31,c2,b5,d9,aa,f0,a0,fc,d6,ef,5b,dd,32,\ 16,75,25,d9,e5,fa,00,55,8f,95,e6,c3,b5,b5,df,d1,df,75,23,bf,28,a3,bf,b6,22,\ 56,01,19,b5,a7,31,68,72,b5,7c,65,23,ec,31,75,a7,88,30,48,fd,54,9e,bc,9e,b8,\ de,ff,10,f2,bd,f4,b8,a4,ed,d9,ef,8f,b5,26,59,9e,e6,b8,72,26,11,2e,6a,6c,f7,\ 94,33,68,41,3e,d8,c8,72,f7,10,38,f7,19,5b,13,e1,4b,82,ac,2f,50,df,90,d8,9d,\ 67,ee,1a,02,f5,47,43,25,ed,80,77,2f,1f,36,ae,c5,ef,51,fc,3a,b3,dc,15,03,5d,\ 13,10,6b,5a,be,6b,87,b9,be,50,6d,90,e6,16,a1,9c,0c,0b,d0,27,5f,71,c1,2f,fa,\ c6,88,c4,ba,48,fd,b2,4d,b9,6c,60,8c,60,aa,8e,f8,0b,50,b8,c8,ee,ec,53,e8,fe,\ ab,8c,1e,fb,19,4c,fe,34,1f,6b,56,56,83,20,c9,82,b2,bd,b9,a2,be,99,6a,fc,a3,\ 4d,65,07,ce,23,1b,7e,e0,cb,cb,b4,af,50,a6,27,8d,4b,30,57,cd,56,e9,d9,84,c4,\ 2d,a7,8d,8f,59,ba,d0,92,2f,db,c3,f9,7c,b6,30,fa,f5,f7,30,39,b4,6d,fa,9a,90,\ 1b,66,2f,87,5b,7a,b6,eb,84,43,d5,5a,0b,6c,5f,f1,ee,0f,d3,bd,52,cb,26,72,6a,\ 17,c2,60,9c,d6,ce,a2,df,2b,b0,99,68,8e,d0,98,85,20,9f,e1,c9,3b,d8,d1,69,4e,\ 06,57,e6,e8,47,aa,ec,12,4f,3c,7a,e2,b0,e9,44,4d,58,b9,75,56,3d,5b,35,f9,e3,\ f2,0c,da,4f,c4,99,69,3e,65,af,80,33,1d,06,45,c9,ea,30,51,47,c8,ce,12,75,2f,\ 03,6d,ae,de,29,a8,37,d7,c3,88,cf,ab,b3,b6,87,f7,ad,67,d4,2f,ec,3c,e3,9a,24,\ 67,2c,9e,b7,10,4a,3e,2b,f7,0a,e1,dc,5a,c2,55,ee,19,e4,13,a5,86,18,d2,c5,3a,\ e5,f4,05,c5,9b,08,68,00,06,ba,bb,0e,07,75,8c,d6,3a,78,ec,b6,d7,2c,74,75,d6,\ b5,86,7a,57,c7,d5,3c,40,bb,28,fa,28,e2,5a,ac,74,19,a6,39,bf,9d,21,ea,7f,21,\ 88,1f,e6,1e,3c,41,07,6b,8b,f7,3a,0d,31,9d,c1,50,1f,f1,ac,16,7b,f9,10,f9,70,\ e7,a2,00,6b,06,51,0e,2c,3c,7f,51,40,b6,38,f4,2d,ab,65,8a,4d,e1,43,b0,dc,72,\ 14,ee,4f,d0,14,df,e7,07,af,92,87,42,f1,2f,c2,91,3e,de,39,e9,43,e4,24,6c,2c,\ 0f,2e,eb,18,55,86,aa,ca,b8,33,63,a1,6c,a7,8d,ca,3c,98,dd,b4,2a,0b,0e,f1,c4,\ 56,b2,de,4b,21,77,59,b5,91,59,59,02,f7,77,4e,7a,d0,6a,3b,9d,ea,d8,01,5a,c7,\ 46,e0,81,46,2e,3b,79,80,52,9b,36,f1,4f,f7,66,d8,75,33,eb,e0,d6,e6,8e,ff,9d,\ 60,f2,9f,a2,ec,c6,fc,3b,52,3f,cd,54,a0,c6,26,c2,2a,ed,9d,d4,d0,a8,ab,2b,7f,\ e5,ba,56,cc,fa,6d,0d,74,db,86,d4,2b,d4,78,a0,1c,3b,d8,05,a4,c6,11,0e,a9,93,\ 59,6c,2d,6b,e4,d4,23,47,57,a2,81,13,7f,c2,96,b3,43,d0,9e,44,d7,7e,94,a4,33,\ 37,47,34,c4,01,b0,dc,61,a8,83,50,80,19,04,92,aa,0c,1c,b8,2c,e6,ac,f0,10,dd,\ 21,c1,cd,4b,5d,48,94,38,aa,64,72,45,c7,7f,0f,ec,97,fd,08,e6,43,77,69,9b,db,\ c6,72,dc,40,5d,9b,d4,41,dc,d5,3c,04,e3,13,cf,a8,24,09,fe,28,bd,33,e4,83,c4,\ 1a,7c,1a,23,d3,12,59,a6,c8,f7,99,52,ba,79,45,f9,07,12,3c,0b,29,e0,77,af,80,\ 55,ec,12,51,e4,30,b2,ff,0e,ac,65,b1,d8,f7,cc,e5,42,e5,b9,32,58,e6,31,9d,df,\ 35,cd,68,df,53,60,2c,5f,b4,da,27,70,b8,6d,d7,6d,dc,ee,c8,80,32,7d,aa,68,0e,\ 68,a6,7a,03,4d,f2,e6,0e,7f,a4,3c,10,ab,c4,2f,82,bc,a4,98,64,fb,74,bd,76,7b,\ 11,d4,ab,b4,1e,c3,9a,db,6e,56,2a,b8,e0,20,a3,03,1a,64,48,ff,a0,9e,76,27,58,\ 31,d1,1c,a6,fd,89,e1,d5,33,db,4a,b9,68,da,b2,92,e9,6f,ed,34,4f,9f,7d,65,53,\ 0c,00 "NoStartMenuMFUprogramsList"=dword:00000001 "LegacyDrive"=hex:b6,a2,ba,0a,c6,3d,c5,94,61,fe,0f,50,a2,21,35,74,b1,bf,3a,0a,\ 44,44,29,fe,66,24,fb,76,77,ca,ba,61,75,d1,e7,53,79,77,19,90,85,4f,e8,66,7c,\ 35,09,c1,72,87,ba,f9,26,92,61,ee,cd,4b,70,57,12,40,8b,57,5a,ce,ed,51,4c,93,\ 08,fe,91,26,6b,bd,f0,d8,06,e9,2a,1e,d1,f8,f1,2c,b7,57,e4,61,2d,f4,4c,b1,e6,\ 0c,7d,ee,ff,94,ae,46,79,d8,07,0d,ed,62,fa,bd,7b,1d,d7,3c,04,ba,9b,5d,99,53,\ 09,a8,33,4e,fd,5e,a4,85,fc,b8,cd,a3,0f,70,12,d1,d2,82,0b,93,c8,34,7c,ec,f1,\ 54,88,c9,9f,c1,21,9c,85,d7,2c,c3,48,11,20,62,3d,fb,40,a0,e4,1e,d0,44,3d,88,\ 78,e8,c6,cd,44,f1,a0,a0,ee,c5,ed,a4,60,37,7c,7f,75,46,a8,30,00,08,7d,a3,0f,\ e1,1d,83,71,f8,62,50,75,ec,c5,b1,f5,c2,7f,0b,93,23,ed,52,43,c4,39,20,09,25,\ 37,04,04,7e,8d,1c,ac,f6,17,e6,af,58,17,8a,53,03,7f,57,1d,4f,d8,d2,5b,ca,0a,\ 93,52,71,ae,1c,8f,72,c6,bd,32,36,ac,b5,8d,9f,49,9a,ee,8f,87,fb,b8,a9,09,43,\ b9,5b,19,e0,b7,1c,e2,a5,4c,f2,df,6d,f4,38,93,02,65,9e,7b,3d,1f,71,41,6e,43,\ 1d,32,fd,a8,f0,f2,52,2c,20,6e,f3,48,98,10,13,ec,e7,cf,3d,74,79,e1,f3,cd,43,\ 43,d1,6c,f9,a9,45,5a,8e,0a,fe,da,4b,5e,a2,4c,1f,a6,c0,51,36,2e,05,30,cc,0f,\ b2,79,44,f7,4d,e7,74,2d,97,8b,43,cf,bf,27,77,5e,d5,d8,c8,7d,81,f9,39,f6,f5,\ 43,a8,fe,20,39,a3,ba,25,c3,7d,02,0b,19,a1,bf,64,b6,e2,27,6c,16,9d,a5,22,9e,\ 41,48,d5,f8,20,23,17,f7,11,c6,09,cd,ce,13,d9,7e,9b,4d,88,94,29,72,f1,14,b9,\ cb,07,b2,84,c1,5e,41,5b,f2,ec,6d,8b,84,11,ac,03,b9,d6,72,b9,c4,72,a4,49,dc,\ 13,50,df,8e,db,9b,58,57,28,fb,a4,72,18,a6,6f,ef,c0,4c,49,00,05,ed,fe,61,a9,\ ed,78,c0,5f,90,81,15,51,2a,a7,05,9e,2a,32,06,f4,57,59,c5,61,5a,b5,c4,66,7d,\ f5,48,4e,b2,d4,72,bd,d7,48,ac,8c,38,fc,46,d4,56,01,61,49,e6,c0,0d,ca,1d,34,\ ae,35,2b,56,a4,80,05,d8,2b,06,68,15,7f,1e,1b,48,44,f2,97,74,fd,26,8f,1d,c6,\ bd,38,18,2f,b3,00,01,f4,28,97,94,71,55,65,6e,59,70,d5,18,ab,d0,f4,41,e2,52,\ 3a,4b,6c,fb,a7,0a,5e,df,12,c8,66,41,be,8c,01,fb,2f,9b,ee,20,3c,40,e2,e1,64,\ c9,7d,ad,66,d2,7d,9c,0b,c6,32,0e,47,a2,31,8f,80,fc,4d,fe,2e,97,44,c3,ef,a4,\ 4b,b5,4d,2d,01,da,44,5b,83,73,5e,9c,55,81,ec,0e,eb,35,a7,95,6f,a8,97,2a,be,\ cc,34,76,b3,a2,cb,9f,a9,ae,24,62,3b,a8,62,62,4e,75,2a,bf,52,55,08,eb,c4,5e,\ 0e,b9,f8,29,be,b7,15,cb,29,be,61,07,59,c7,bf,c1,ed,00,75,b6,03,1f,fb,33,6b,\ 5b,f7,51,63,b8,49,59,95,8a,dc,c5,1d,cb,d0,0a,32,27,2f,d5,58,5f,c5,94,d7,ef,\ 32,38,6b,ee,3d,39,3d,37,6b,db,12,c6,d0,b0,c3,64,26,5f,ed,87,1c,a3,e9,74,f0,\ 97,ff,a6,40,30,d6,73,1e,0b,2f,ed,62,69,d3,07,44,77,ca,f8,2a,d3,ce,e5,be,d0,\ 4d,ff,ba,44,ea,d8,58,2a,2f,62,f6,e1,9c,a8,c1,ec,76,6a,c6,37,c9,16,12,a9,ae,\ f3,18,fc,ca,a0,52,cd,17,bd,2b,ef,e7,e8,1d,05,26,eb,17,50,df,33,21,c5,01,84,\ 42,63,64,ec,a2,c3,07,f6,ec,f1,9b,1f,f6,7a,46,8e,a4,c6,a1,ff,09,a8,02,01,d0,\ 34,ea,01,61,db,d1,35,e6,29,8e,3f,3e,fd,ba,0a,39,3d,ae,50,35,18,ee,61,d9,eb,\ 71,20,07,66,3c,4e,0b,ea,35,0b,19,36,37,99,f6,43,62,64,f5,6c,b5,3f,25,d2,de,\ f1,c9,ff,50,f0,08,ca,97,6c,e6,7a,e8,8f,73,2e,fd,04,42,7b,1f,b6,1d,58,84,da,\ f7,37,dc,fb,2f,22,75,27,84,c2,f4,c9,7b,82,06,e0,8e,86,8e,d5,4f,a0,61,31,f4,\ c6,f3,b3,12,c4,2f,9f,a9,2e,a6,58,61,99,ec,31,13,0a,3f,81,8b,af,6a,f5,8d,cd,\ e9,2b,15,fa,4e,7c,e3,8c,e3,18,37,51,91,59,da,80,01,51,5d,f0,00,a5,a5,88,28,\ 9f,a7,f7,bd,7e,c4,71,a5,d5,11,6a,e9,bc,84,da,7c,96,79,ad,2e,46,5a,73,d7,8f,\ ee,ac,91,79,2b,43,24,f7,4c,58,c2,c6,22,42,f5,98,af,d5,d5,72,f1,e0,7e,53,fc,\ fa,c1,16,4b,7f,1a,99,58,d5,e2,1f,6a,f4,c6,f3,af,25,78,4e,8a,09,a4,7b,2e,de,\ 26,39,6c,fe,7a,61,c9,ec,a8,74,c9,d4,03,31,67,b7,60,4d,ba,0b,c0,56,65,f1,96,\ 81,1d,5e,ce,9c,c6,b6,0d,44,d9,9d,3b,58,09,09,3f,ad,26,9c,09,04,41,32,d6,39,\ 11,b5,af,bc,95,39,33,45,fb,45,97,c4,c1,6e,eb,97,1a,2b,9f,00,93,e4,45,d6,f6,\ 4c,98,7b,6f,f1,be,0d,ed,11,f7,ca,e1,cb,b0,85,2d,b0,e7,6e,04,b4,7f,ff,88,c4,\ be,32,5b,47,81,44,56,01,8b,b9,7e,38,1d,a0,33,16,c7,18,ab,4f,7d,13,9f,03,ed,\ 5a,44,e6,10,d1,7d,9e,00,fd,4f,6c,09,c3,95,0f,02,73,f5,e6,de,04,12,54,7e,a1,\ 03,68,c9,65,04,be,ff,64,6c,a0,4a,e9,ea,df,71,97,07,c5,4c,a3,4b,fb,e8,59,ce,\ c8,bf,5b,73,12,6f,df,6e,d2,60,bc,04,c5,a7,c4,92,64,2a,55,d1,17,05,2b,58,a6,\ 2d,78,63,f0,53,37,d2,df,0c,bd,75,9b,2e,91,86,fe,7d,7d,77,48,87,e5,ee,15,cc,\ 58,0e,8c,22,65,f9,d8,58,b0,93,dc,1a,44,a3,88,22,14,2b,90,15,5a,3c,f2,71,08,\ 35,46,f7,25,0a,80,65,ce,7c,2a,a5,90,ec,f1,45,15,72,63,27,03,2a,f7,7a,21,ce,\ 4e,e8,bb,8a,b8,11,48,0b,fa,39,4b,d9,4f,3d,77,e8,ac,cc,16,69,48,d3,ac,e6,5c,\ 39,d7,8e,27,cd,79,ce,36,7d,19,21,e2,c8,87,28,a2,1a,75,bf,fd,63,86,10,c4,1c,\ 68,7e,84,07,6c,64,35,05,7a,5d,1b,21,04,65,52,d0,3a,3c,a9,77,7d,0b,b3,2e,15,\ 4a,1c,c4,26,e1,3a,03,e0,8e,e4,35,f7,86,87,e6,53,5f,76,ec,08,2d,82,a5,88,ec,\ cb,80,17,1e,d5,bf,80,b4,df,7b,07,32,70,e8,9e,0f,32,95,da,5c,5a,03,88,2a,a3,\ 4a,90,c0,19,87,3c,d0,f0,2e,04,80,06,b6,54,1e,c5,ed,8e,0f,4b,8e,53,09,c8,15,\ ff,82,28,d2,72,69,f3,3d,16,13,71,89,1d,78,11,7c,0b,9f,0b,7d,75,57,45,ef,08,\ 28,73,bd,cc,89,83,36,aa,53,38,1c,2c,76,15,f7,85,eb,7c,af,b9,d1,e9,17,5a,9e,\ 5c,77,53,aa,93,fb,8c,ee,39,f4,25,dc,86,06,3d,e6,b6,d1,08,3f,bb,d1,21,e5,2f,\ 83,22,df,8c,ca,72,c3,9f,90,5f,7c,3a,b0,6d,4a,2a,14,ed,0a,68,1a,d1,b8,93,3d,\ be,32,9e,f1,63,3f,c6,ce,0a,cf,c8,f1,6c,84,50,a0,ca,72,b4,2c,39,bf,23,e2,1c,\ 3d,df,97,87,9a,2a,d3,c2,67,8d,89,3b,64,9a,9a,a5,8d,2a,04,56,f0,e9,57,ed,bb,\ 15,69,37,99,82,4b,54,3f,e2,7c,15,41,43,5c,a9,2b,d9,e3,79,cd,fe,92,50,d6,77,\ aa,bf,a4,f9,9d,c0,5b,eb,c2,99,35,6e,4c,03,19,9b,7d,8c,6e,0b,17,3a,31,95,9d,\ 14,71,45,73,96,16,0b,3e,21,f5,33,bc,08,60,d2,7e,25,19,b4,ef,cd,72,f3,92,03,\ b3,c8,8b,ec,bc,a2,61,83,ec,75,02,8e,41,55,08,d1,c0,43,3a,81,17,47,56,fb,81,\ be,0d,b6,ea,f6,50,77,53,f8,ca,c4,79,a5,ae,9a,b1,05,b2,62,17,db,5b,22,e7,7d,\ e5,7c,f1,2b,e2,f9,ad,97,fd,d1,f0,b1,49,5c,3f,34,a5,d0,85,b7,63,0a,c0,8a,9c,\ 8c,fb,e1,c6,c2,7c,34,88,89,3e,e5,cc,f1,a1,24,16,42,61,0f,15,3e,c5,1e,78,a6,\ 19,bf,03,00,5d,3d,e2,96,3f,e6,3d,c2,47,6d,0c,69,52,8d,2d,c6,41,ef,b4,69,f2,\ 4e,82,f9,7f,6f,d9,19,53,66,d9,ae,15,da,93,80,da,17,70,69,e5,eb,5b,b3,25,13,\ 6b,2c,fe,f4,c2,7d,4c,8b,b5,b7,a6,a7,2c,2f,df,56,4c,8c,d3,9d,54,1e,60,6c,c5,\ 71,b2,d0,c6,23,c4,6b,c6,f2,23,21,63,19,f5,15,8b,dd,3b,d4,e1,63,53,cf,62,c4,\ c1,0f,48,63,95,2e,24,2e,7f,b1,5f,76,04,4e,41,e8,a7,bc,32,9b,31,6c,76,19,1b,\ c6,5e,be,5c,b6,bb,61,7f,67,98,36,f8,4e,29,f3,b8,6b,fe,32,ff,cc,7c,17,72,52,\ 8e,32,6d,b7,98,a7,9a,d0,ac,8c,c3,10,01,92,e4,4e,a1,e8,85,c8,61,5c,46,67,16,\ c3,bc,45,06,9c,7b,d4,6c,9d,f0,74,e0,61,7c,82,e0,28,12,3f,6a,89,3d,1c,fd,90,\ 24,b1,a2,b6,b1,51,2d,10,f2,e2,c1,c6,bf,eb,92,c7,9d,ef,ef,bb,e2,fa,7f,39,1a,\ 79,cb,3b,aa,4e,fc,cf,b3,24,e6,0f,39,00,46,52,85,19,48,a4,c7,ea,4d,74,00,85,\ ea,8d,1f,2a,34,47,6a,18,e9,3b,ff,20,a3,d4,c4,5d,87,9c,53,3d,7c,39,46,44,0b,\ e3,88,fe,9f,23,0c,e2,df,db,bf,7c,3b,87,bb,cc,c5,c2,bd,e9,43,0c,d9,e9,82,ca,\ 6c,05,ed,8e,53,f9,5d,99,5a,aa,33,9e,f7,0b,a4,c9,39,41,55,00,fb,05,28,69,5d,\ 4b,55,2c,74,21,bc,7a,41,d9,79,bd,ce,e0,6a,ba,73,02,14,cd,46,9d,43,7d,bd,e2,\ b6,9f,28,70,e0,e8,37,c7,8f,02,bd,ff,cb,de,b3,ba,01,4b,80,57,60,c8,77,68,84,\ 96,a2,67,52,12,be,a4,23,42,86,82,24,ae,35,e3,fc,71,46,e1,b0,8f,7e,bf,c4,89,\ 2c,1f,a3,2f,af,75,41,b6,3a,bb,ff,0a,af,d4,66,cf,65,a3,9a,98,21,69,9a,dc,ca,\ 4f,82,98,78,e2,38,6c,5c,5b,a0,fb,98,23,0f,95,54,96,03,13,0e,07,11,03,31,05,\ 1e,06,ea,dd,d2,75,37,60,4a,4b,40,e7,0d,3f,eb,93,42,30,ab,da,20,c6,98,3f,a5,\ 57,c5,60,8b,07,ce,36,78,34,b0,99,74,11,de,e6,02,a1,90,91,95,26,86,5f,5f,6d,\ 09,0f,dc,8e,1d,ac,bc,0b,90,d8,e6,bd,23,63,be,0e,ea,1c,a3,69,f6,e7,bc,ef,30,\ 10,f5,6c,88,df,44,89,50,6d,31,42,e2,b5,95,9b,89,ee,a2,8f,9f,18,23,4a,f2,d6,\ 05,98,6c,7b,17,9c,f4,67,0e,c5,8f,94,cc,fe,cb,6c,95,e2,25,5d,de,53,bf,09,b0,\ 9a,ea,c2,17,ef,92,13,85,c7,e8,bd,c2,9a,10,a1,3e,e8,1a,e1,a5,7e,34,43,b5,f5,\ 1e,d6,4c,7d,de,d7,c6,d8,b4,d5,85,a9,50,14,d1,ef,43,2f,e3,cd,b4,02,3c,8c,54,\ c7,3b,e2,93,7f,ef,75,14,94,2a,9b,5f,bc,d7,64,d7,20,8d,fa,da,eb,be,63,87,90,\ 0c,07,38,ee,de,0a,01,59,89,7e,81,84,49,c3,67,f1,e0,9e,35,ac,80,8b,44,39,eb,\ 55,09,cb,d9,e3,96,b6,9a,55,64,27,fc,4f,4f,13,6f,95,e2,6d,67,d9,d5,9c,02,d0,\ d4,2c,eb,8b,82,c4,7e,05,be,58,2d,f9,25,9f,22,f6,d8,c8,25,b4,b7,7f,68,c1,a9,\ 8e,b8,a2,d8,c6,fd,42,ea,ff,47,c4,7f,26,5e,20,c6,82,fa,81,4b,3b,32,eb,11,1c,\ 37,21,e1,98,42,c6,e1,0b,cb,c2,68,43,fc,e7,11,3f,65,d5,0f,36,f1,1b,c0,db,19,\ 9e,84,e0,57,3f,cf,b9,de,b8,7d,a2,88,c7,66,e3,10,8f,33,53,81,3b,6f,af,1b,ee,\ e4,e1,bc,64,b5,1a,54,1d,4d,4a,1c,f6,64,58,36,23,b2,31,a6,22,0c,5f,9d,ed,d1,\ de,fe,74,84,2c,1b,4a,ba,a0,bf,9f,37,fc,72,6e,54,45,f8,f7,a3,d3,1b,70,d6,a4,\ aa,f8,dd,f5,c2,cc,4f,14,4c,bd,0b,70,c7,e2,1f,f2,48,8a,e9,90,bf,74,7b,1f,e7,\ 7b,43,44,68,f1,2c,ed,7f,b9,f2,82,50,d9,14,d2,7b,46,44,18,62,a8,1c,db,7f,5e,\ 0d,12,fb,c2,98,8c,7d,ae,c0,8f,40,3e,bf,bf,69,d8,f8,42,97,6a,2d,22,bb,f3,f2,\ f3,2a,45,61,b5,f0,09,10,fb,68,03,40,4d,0a,97,57,cc,83,8d,90,14,0b,11,f2,67,\ f3,f8,fe,7e,07,7d,5c,ad,e3,f1,26,1a,76,ed,51,7b,ed,fd,0b,d5,88,6b,40,f0,42,\ 59,63,09,b4,0c,6b,c8,37,8b,1c,71,49,69,87,5e,31,df,d4,ad,e6,1d,3f,36,2e,e2,\ 61,c0,03,4b,b1,74,3a,e8,4a,91,67,15,ef,62,fb,88,4c,6d,af,26,7e,ee,26,1b,d6,\ 84,cd,29,ec,da,29,06,40,8d,67,87,50,f1,c9,fc,5b,c9,90,f4,ce,a3,a8,fa,11,16,\ db,02,5d,49,43,08,ce,b4,05,f3,b9,2b,3c,bf,3f,18,34,db,22,07,d9,d0,d8,69,6f,\ 24,de,91,83,7e,4f,03,21,0a,b5,ee,47,1f,1f,f7,9a,20,73,38,58,a0,06,89,8e,c9,\ 6a,fe,8b,fe,87,fc,b0,94,bf,ee,c1,d9,cd,69,9a,a8,8f,d7,77,e1,b5,37,26,aa,1b,\ 02,0b,63,f0,be,68,dc,17,d0,db,c6,cd,92,28,68,8d,a5,39,93,30,88,63,d8,59,6a,\ eb,f8,10,3d,c9,9c,ad,0c,ac,47,f8,8e,3e,88,8e,fb,a8,74,87,1e,59,53,55,ac,03,\ 9a,ef,d4,e7,19,2f,17,ff,53,76,79,5a,69,da,9e,3a,21,ea,00,9f,91,f9,f6,94,6d,\ 7c,72,56,ca,be,e1,aa,27,d5,52,74,ad,d4,db,86,b6,42,38,b6,8d,cb,b6,33,74,36,\ 4f,19,ec,97,17,42,30,c6,d6,5f,03,0f,f7,48,ab,2b,a1,91,3e,6f,23,5e,1c,44,95,\ 78,bd,d7,bc,a0,ad,11,2f,23,a8,d4,ca,b8,ae,fb,3a,fd,64,8c,b0,60,2e,99,86,23,\ 52,20,54,d0,48,8e,64,d8,c8,81,66,7a,28,d2,65,e6,e5,d3,fa,a3,7f,d5,c0,2e,8b,\ ee,07,e4,03,f8,cd,21,e0,dd,e9,aa,eb,12,8a,48,d0,62,e0,b6,74,ed,19,bd,88,70,\ 8f,9e,5e,c7,40,b0,fc,b0,7e,4a,70,d4,d1,e7,e3,62,fd,98,78,f0,b3,9e,2e,b5,e7,\ ad,39,2b,05,15,fc,34,34,f1,72,f3,d7,a2,cc,e0,5a,7c,5c,1c,2b,be,b1,01,06,c8,\ 04,fe,76,88,d2,a2,99,36,cb,f6,23,41,eb,10,a5,89,e7,e5,0f,ce,ca,5f,74,68,e0,\ af,0e,39,d3,e5,82,e1,14,be,65,30,7c,bd,f1,fe,e1,33,7d,4e,85,d2,45,4d,bd,c4,\ dd,77,ac,f2,a0,87,ac,9f,d3,83,40,90,35,f8,4a,71,d7,87,7f,74,2e,a0,17,3b,67,\ 8e,c9,f8,fa,b4,f6,d3,82,16,25,8b,cc,1a,af,61,2e,90,bb,32,1a,f1,6d,e3,f2,e4,\ 5b,01,1e,07,41,a9,5d,eb,f5,a6,58,60,9d,da,7d,e7,f4,1f,df,0a,b6,d9,ed,68,40,\ 92,ff,bb,f4,b1,31,b7,85,ad,6d,b5,b9,c5,46,06,6e,f1,24,87,db,18,a2,75,19,83,\ 34,83,e2,92,0d,2a,98,ae,40,41,89,7e,25,cd,71,5e,fe,1a,40,0d,da,0b,1e,a5,ba,\ ae,ad,d1,f3,13,8e,3a,d3,5f,26,42,87,1c,a2,f5,3c,d3,95,38,3c,85,dd,b0,54,fd,\ 76,24,7f,2d,13,04,fa,b0,f5,5c,2e,94,ff,5a,2a,04,c5,0a,51,24,e5,65,50,3d,9a,\ 8a,53,1a,8e,4b,79,b2,f0,eb,85,06,c7,26,d6,4d,86,72,99,4f,e0,85,3d,0f,dd,17,\ 27,ac,2e,e9,a8,89,bd,06,2c,ac,89,49,b4,64,b1,1f,86,2f,ce,b0,8e,22,da,86,77,\ 79,ea,5e,18,5a,3b,d0,d4,2d,e7,9e,37,e3,69,65,35,2d,03,75,b2,ec,5c,e0,47,e9,\ 6e,d1,44,c7,9f,20,f1,35,2e,23,1a,68,d1,c6,ca,c9,9d,de,56,eb,25,ba,9d,bf,e6,\ fb,8f,0b,e3,a6,ec,18,8c,78,4e,ab,e4,7a,6a,37,e3,d4,93,51,19,e6,95,7f,64,95,\ 95,4e,a6,05,e3,c8,4b,1e,c3,e7,f8,3f,2b,95,7a,51,6a,b6,b8,f1,bc,69,e6,d1,1c,\ 8b,fc,5b,59,7d,67,98,6c,28,fe,51,09,3e,37,74,74,c2,9b,b8,96,ca,77,84,50,84,\ d5,0d,0f,77,aa,bf,a1,0b,51,df,47,4c,38,6e,0b,eb,da,50,53,85,ed,ad,b7,be,28,\ dc,98,10,14,77,ef,d1,be,e9,82,9b,1b,eb,77,0b,1a,38,ec,d6,72,41,df,19,9f,21,\ 4b,ea,27,d3,94,33,22,a3,25,c0,f9,e2,58,96,6e,de,96,87,dd,11,bf,03,c1,99,cc,\ 31,79,e8,b3,3e,4c,bd,8a,f5,ac,53,f0,91,b7,d8,a9,cf,03,20,88,47,9b,9b,92,fb,\ 99,45,85,60,31,07,5c,c5,7e,e9,97,b1,24,fb,95,55,9d,9a,d4,88,78,f0,63,6a,64,\ ba,9a,47,8b,4e,08,be,21,dc,ad,22,3c,f4,69,20,e6,48,b5,a2,70,b4,91,f4,0a,7b,\ bd,25,91,d3,2c,b1,a8,a5,b6,5c,0a,8e,0d,61,1e,29,f2,cc,cc,90,a9,25,90,20,aa,\ 4e,cd,fc,7d,99,ae,63,d6,78,8f,83,6b,1c,c5,c2,4c,dd,91,6d,63,92,c4,1d,b4,bc,\ 28,8b,e4,02,1b,a5,f8,de,7d,e1,60,95,cd,d1,34,6c,8e,f7,bd,19,f0,db,37,78,ac,\ 5c,d5,7f,30,44,06,74,fc,1f,f7,5d,4c,4c,59,b9,f7,54,64,6d,97,7b,1c,01,ea,95,\ d3,0c,78,1b,da,ef,ed,76,7e,ed,bc,eb,bb,a6,80,11,30,d1,a3,fe,ae,ca,a3,83,cf,\ 91,09,55,8a,16,9f,6a,04,b4,de,a6,a9,fb,a6,b7,7c,b2,31,3d,ab,1c,4a,2f,67,7b,\ ba,7a,f2,d3,04,eb,fa,f0,52,4e,25,aa,ae,d8,ed,68,75,c2,ae,e3,09,37,fd,2d,c7,\ 70,3c,f1,39,1d,6b,f8,fc,8c,08,41,fc,44,f5,7c,88,2e,cc,75,61,96,fa,f7,f8,bb,\ 14,51,30,80,bd,aa,64,64,cb,95,ac,b4,a5,e5,5c,ff,ef,c3,ce,cb,6a,fd,62,86,15,\ a1,c2,bf,98,cb,6b,96,e3,bb,69,72,13,2b,61,f2,95,df,d5,25,8d,7d,a4,fd,79,9f,\ d0,01,11,27,84,43,72,d2,e6,56,92,7c,10,c9,f0,79,14,16,46,ff,27,2c,57,17,41,\ f5,f3,9e,da,db,6d,ec,fe,8b,4e,b4,a0,f8,4b,2b,30,a3,75,6d,6f,1a,b0,1c,83,bf,\ 66,4a,46,cb,7d,99,e4,93,86,a0,a5,09,37,91,07,85,1b,19,10,c6,88,88,e2,33,d1,\ 32,90,67,be,15,30,ed,39,bc,32,95,48,4a,62,ef,37,46,5b,85,36,42,b0,e3,48,ce,\ 09,20,f4,e0,d1,11,8e,0f,94,1a,b7,02,ac,44,27,27,1c,90,aa,a8,bc,8b,69,9b,97,\ 23,6b,78,91,b9,5c,d1,4c,77,8c,3d,4d,e4,3a,95,5b,b6,13,64,28,e7,f6,98,34,0b,\ fa,7e,ed,e0,b2,ed,1b,27,b0,c0,7b,b2,de,47,8a,aa,bf,95,86,45,84,c1,cd,4f,0b,\ 82,cc,d3,40,e1,f4,ca,48,3f,b3,3e,15,99,a4,b0,38,0b,02,b8,f6,93,63,eb,9d,18,\ a3,01,18,ab,1e,37,c2,0c,22,f3,78,70,a3,a7,f2,81,31,f7,53,a7,28,1e,fe,86,27,\ 8e,ac,c7,c3,d6,bb,1c,7c,c9,c9,7e,ef,dd,82,c4,b9,4e,d1,b6,2b,0e,93,af,c9,df,\ 60,c1,62,e1,2d,22,28,15,46,fc,6c,11,35,c1,a9,f9,e5,bf,c4,aa,07,f4,92,38,b5,\ 23,9b,9b,55,27,1e,a5,c1,88,54,37,a4,4c,f9,b5,27,10,09,b7,ce,57,c7,02,9c,21,\ 04,b6,7e,bf,9e,c8,e6,e7,47,b3,b7,04,88,6b,61,cf,95,05,93,4d,23,02,ef,7b,0d,\ 26,1c,69,23,7f,7f,38,18,c7,7b,0a,8d,e6,e7,ae,29,b7,bf,7f,eb,0f,19,89,bf,fc,\ 5b,ee,50,4a,ac,88,1e,4c,a8,d0,d0,d8,58,ff,cb,94,61,72,03,70,7b,53,11,74,25,\ 76,86,bc,97,81,80,c1,f9,50,7b,d9,d2,98,69,01,c3,ca,04,b2,db,75,3a,63,f3,d0,\ 80,cb,46,6e,1e,c8,05,4f,64,7d,96,ce,91,39,dc,d3,3b,4a,b8,4b,f1,16,d0,d5,1e,\ 67,8f,be,30,07,6c,30,fa,8d,70,a6,57,76,f2,a3,11,78,a5,a4,01,12,d6,53,77,68,\ ee,fd,db,4e,3e,46,95,a3,fc,1c,2b,e0,88,e9,a9,f0,f4,0d,46,43,c0,c4,8b,44,1e,\ f2,02,18,35,35,e0,cb,7b,83,d2,a0,39,d5,7e,f7,5d,2a,75,71,15,ce,63,55,9d,dc,\ 89,33,55,02,6e,c7,17,84,d1,1f,c7,84,e1,00,2c,80,b0,87,fe,1c,e6,0c,40,22,b2,\ 4b,cf,c7,07,c6,3c,30,04,65,d7,34,b3,60,0c,64,f7,5e,f3,48,c0,de,22,db,ec,81,\ d7,c5,9b,e4,9b,f1,eb,bc,01,36,f9,3b,c3,74,f6,65,25,ef,e3,c4,d8,a5,98,5e,1d,\ de,0b,e4,2d,06,cf,2c,d9,b8,db,e1,6e,1b,8d,79,db,71,ee,68,16,ed,38,94,bb,c5,\ 96,08,f6,89,2a,ec,a4,b3,54,b5,b5,7f,32,99,d5,fd,63,46,4b,64,11,d3,21,a9,c1,\ 2e,f7,85,50,fd,79,6f,82,d5,e7,84,61,21,8b,3a,98,ac,9b,3e,36,1c,b0,12,bc,bb,\ 79,fb,74,7e,b1,1a,05,3f,4e,d9,45,4e,fc,88,4e,28,c9,48,d4,86,22,29,b5,9a,fe,\ 8f,d2,95,59,da,1e,6c,e4,46,f4,dc,fb,0f,ae,ab,d7,d9,73,32,05,50,50,18,16,0c,\ 8b,95,60,98,b7,34,a6,46,71,fc,a5,7c,73,4a,fd,ee,f3,8c,33,98,48,cb,fa,f8,4f,\ 83,b1,7c,0d,b1,2c,36,96,2d,b7,d7,2d,3a,58,db,ac,5c,55,01,26,69,f6,fe,cc,e3,\ 8c,72,0d,85,b2,1b,01,1c,d3,49,08,98,ed,92,ae,63,94,c6,d3,f2,39,25,08,99,ac,\ d0,3b,a3,de,e0,7e,97,a2,ee,70,a6,04,5d,a7,b9,e7,a1,54,89,2e,e1,90,1e,d5,fe,\ 4d,f0,81,d0,8d,4d,5c,b2,d1,fa,1f,42,d5,1d,70,62,7a,5a,6f,82,04,3d,8c,22,85,\ d8,9b,92,99,ad,2a,fd,54,cd,12,a5,79,42,4c,70,ed,ab,06,a4,6b,26,f6,ef,78,73,\ ef,aa,9a,55,b2,c1,5e,c5,3c,06,88,16,22,0b,99,c3,b3,cb,41,52,b0,12,ed,0a,95,\ 7f,8e,a8,7a,dc,9d,52,37,ab,5c,d1,cb,01,5e,fa,ff,98,49,6d,46,1f,db,83,e8,d4,\ 2b,81,5f,55,32,12,01,b3,89,f4,e0,c9,74,f1,ef,cc,20,11,66,22,29,0e,67,78,5f,\ 08,e1,0f,ca,7a,b4,56,cf,eb,6d,17,be,45,eb,37,ca,1c,b7,21,65,7d,3b,e2,79,7e,\ c2,ed,bd,c7,e7,bd,ce,52,4d,bb,82,6e,91,61,79,0a,7d,a0,f5,30,7f,7f,eb,d0,59,\ 05,59,bf,19,5a,db,ff,4c,29,79,41,6f,48,c4,a8,a6,9b,21,d0,b0,36,64,0f,1b,c1,\ a1,fb,b4,21,3e,2c,42,54,4d,95,42,74,9d,19,2a,17,e2,ff,9e,8c,52,80,eb,7a,4a,\ 93,f7,c0,7a,40,82,ae,44,6a,ac,74,64,ed,b8,da,d6,e8,0f,32,f4,5c,88,8b,df,f7,\ e6,28,21,2a,a2,30,91,81,eb,a7,76,34,ec,9d,ef,f9,4d,a6,92,1d,fc,8a,53,d3,2d,\ 3d,a7,cc,9f,11,ea,08,22,2a,fe,eb,c5,56,32,36,93,b5,4f,72,69,d4,52,8b,f6,e5,\ 31,f1,f8,81,b8,92,b6,a4,7b,fe,90,fa,0f,c9,da,59,7a,31,eb,8e,e7,01,70,5c,9e,\ b5,06,c2,34,df,09,7d,ff,ca,a6,ce,cd,5c,38,7d,d6,41,d1,1e,ee,45,16,93,00,02,\ 51,d2,b7,bc,c1,e8,7e,89,34,3e,ab,b5,d8,9d,1c,f7,64,4f,6b,32,79,01,bf,34,b7,\ b6,95,17,26,64,d8,a3,b9,45,aa,0a,2d,2d,62,d6,34,1b,d1,1f,d3,0e,ca,01,09,1a,\ e1,4d,b1,ba,72,7f,a9,68,e6,f1,34,6b,31,4e,9d,f1,9f,48,1e,5d,d1,8e,ff,e2,02,\ f8,02,51,8f,05,ff,2f,b7,88,cc,0b,9f,9e,5f,0e,c2,99,e3,37,d4,a5,e6,f7,7a,38,\ da,55,f9,3d,8e,32,b2,5a,9e,0a,49,74,eb,8f,b7,75,4a,91,9b,4d,79,21,d1,36,57,\ f6,46,3d,54,0f,0b,fe,26,9a,a8,af,bd,15,b2,60,7a,b3,a0,80,9c,01,da,a4,fa,c9,\ 13,84,f8,37,d9,46,b4,3a,6a,00,80,2d,ca,78,95,b7,12,e5,2d,05,f0,0b,9c,f2,c5,\ fb,bc,fe,9d,bf,cb,02,3c,1a,4c,03,e8,4d,51,62,cb,e8,f6,52,99,df,2e,8f,72,e0,\ c2,4d,0a,e4,96,6f,07,05,2e,fa,ab,8f,72,c9,b2,59,ae,82,7e,56,dd,c8,71,67,27,\ b3,9a,73,a8,7d,95,ba,73,7e,ac,66,d7,5a,42,63,e0,79,72,71,98,21,b7,f3,78,b1,\ 5d,3f,1b,74,50,f4,8f,9c,89,7a,ae,6f,c5,e6,47,4a,7e,1e,b9,e6,19,3e,c0,da,61,\ 3b,8e,61,34,c6,1e,5e,7c,74,c5,9d,61,1b,09,5c,bd,7f,b7,0a,d1,2e,30,4e,36,a8,\ 04,4b,16,c3,c2,22,9b,4e,0d,b9,a8,f5,f3,bb,c8,64,7b,e1,63,af,7d,95,6f,38,f2,\ b7,01,07,34,1c,87,8e,92,6f,8f,b7,99,11,c2,10,f3,18,b2,7b,46,a0,d3,27,59,66,\ c6,bf,79,92,de,e1,1b,d5,dd,d1,c2,b4,fe,6f,23,24,39,66,87,56,c2,a7,72,d4,d2,\ 16,82,cd,ab,82,99,ad,d6,db,3e,f1,b0,9f,41,3a,24,96,9e,a0,ba,bf,a4,48,e6,d1,\ 8a,57,39,28,47,12,6b,a4,df,71,21,4d,c2,6d,79,99,20,c9,42,ed,5c,ad,0d,61,be,\ 91,87,c3,67,5d,06,df,8b,cf,61,fe,da,1c,05,ad,3f,da,45,c0,cd,1d,f2,96,f6,e1,\ 2c,9d,ff,a8,77,19,b0,63,11,22,50,96,83,ec,d1,b8,77,4c,47,d8,c9,77,9e,86,e1,\ bc,0c,8d,f1,3f,55,c6,4d,57,c9,70,78,a0,d6,d6,dc,e8,de,61,97,ea,7f,c3,d9,22,\ 18,76,8e,e0,89,65,3e,9c,3a,e8,31,89,5e,f6,d6,6c,79,96,65,af,1f,97,c4,b1,ff,\ 81,a7,61,21,cb,fc,0b,6c,4f,86,71,6b,fa,c8,1e,50,c8,24,f7,3a,f0,44,13,b3,5b,\ b9,cd,dd,7d,5b,e2,17,8e,9a,10,10,59,50,e7,d9,4f,ba,07,a5,a6,c7,ec,10,59,14,\ 13,b2,70,1a,5f,f3,81,a6,ba,21,77,8a,ff,bf,92,93,18,21,af,bb,63,35,ca,9f,5b,\ a4,c1,33,74,1a,5a,b4,46,e1,88,de,ee,b5,ea,60,b2,d4,95,8d,e3,54,13,54,08,b9,\ ab,72,38,c7,95,e3,e6,c8,95,44,a5,26,e3,5d,90,05,ad,0a,a3,bb,00,f7,6f,e7,0d,\ 5f,ca,56,7c,1a,c5,28,03,d6,de,2e,36,a4,77,97,a1,b7,87,cc,14,69,90,98,3e,7f,\ d1,8c,7d,ae,bc,a2,f5,5e,aa,20,df,ad,ce,bf,24,b7,67,0d,2b,15,3a,10,ef,a3,40,\ 2c,54,87,9c,46,bb,e7,6f,cf,2a,d4,19,2f,2a,b3,19,95,08,27,d7,57,17,47,d7,76,\ 9c,4d,3d,18,7a,a8,90,38,0f,4c,be,9c,59,4d,60,07,5d,ac,40,b0,c9,70,18,f4,d8,\ f9,9d,48,76,92,bc,71,a4,45,24,f7,1f,f3,04,d7,3c,a3,16,78,17,1b,dc,e0,ec,ad,\ 29,28,c5,54,e4,2d,56,00,f8,09,89,25,2d,f0,c2,ed,ba,d2,c0,45,f9,89,85,7d,02,\ 97,18,c9,4e,6a,c2,a1,81,de,7d,67,86,04,aa,4b,e1,22,02,6c,41,fb,cf,3f,55,50,\ 5c,35,e1,a6,aa,98,11,4a,64,b6,0d,93,15,42,cd,67,99,f7,2f,00,d1,7e,47,f0,9b,\ 92,f6,63,02,62,be,a5,b1,37,d4,c6,e4,ae,56,77,36,45,28,81,dd,41,98,3c,ca,62,\ bd,76,61,0c,b9,d8,7c,3d,e1,73,b2,c1,1d,9c,d9,a9,92,fa,c9,f9,7f,dd,63,a1,65,\ d1,d2,af,6b,73,11,c2,00,84,ae,c2,c2,3c,cd,ce,9f,e1,6f,76,3a,97,f5,2b,90,7a,\ df,f3,db,ea,da,61,b6,26,fa,c5,83,1d,fb,44,a0,0a,80,6f,5b,62,1c,eb,38,15,67,\ 23,88,7f,59,ff,1e,77,7d,ae,05,31,47,a2,6e,63,a8,dc,ec,a7,e0,69,e4,21,93,2d,\ 3e,61,20,df,61,8b,2e,55,5f,b5,87,02,6c,90,2a,bd,95,4b,9b,c3,ae,b4,7e,00,8d,\ a1,64,8a,75,8e,e5,6e,d5,87,ef,b0,33,48,5d,95,8d,63,a4,cc,03,fc,23,aa,94,0c,\ ef,8f,46,0b,f1,d1,ee,0e,37,52,ae,3d,99,9d,bd,87,9c,32,66,94,96,1d,54,fc,13,\ ce,0c,b6,78,24,bb,d3,e6,cb,32,6c,61,c8,2f,d9,32,52,de,23,89,e4,9f,bc,67,90,\ 0a,6e,bb,96,30,92,cb,35,24,82,d6,c1,bb,50,f8,f6,d9,8f,b9,4d,8c,4a,54,59,0b,\ 21,0f,a8,e1,9e,dc,b1,b2,a3,a8,00,ef,ac,8d,95,aa,54,48,87,a9,1a,ed,ec,b9,66,\ d9,fd,44,c7,e9,76,26,7f,e9,3c,bd,41,50,42,3f,39,2a,ad,51,4d,55,37,d5,a3,f0,\ d1,03,63,11,8c,bb,be,b6,b9,19,2f,ff,4f,4a,00,9a,8e,9f,b3,10,7e,e2,e0,d5,dc,\ 0a,e3,9d,52,79,5d,19,62,fd,f7,1b,24,9e,a5,9f,37,c9,33,08,fd,ae,20,ad,08,e6,\ b0,94,cf,59,3d,7d,a6,5f,ce,23,ed,25,ea,be,87,52,af,cc,8d,eb,1e,11,44,74,b9,\ dd,4d,59,50,8d,1c,8c,18,54,ab,6e,fd,3c,70,f3,39,67,8c,01,26,ec,9b,45,1a,50,\ fd,b6,3b,cf,1d,c5,04,d4,33,56,18,81,a8,be,c7,fe,d9,7b,eb,c9,17,22,0f,4d,f2,\ 98,d7,b7,b7,85,9b,05,37,06,56,5f,ca,a2,bf,ab,94,80,b5,5c,07,d7,e0,8a,a9,a5,\ 96,48,18,a4,fb,32,4b,7a,6d,45,1a,30,1f,f3,01,e5,03,77,21,c4,ee,67,f4,87,33,\ f6,88,b1,4d,1f,e5,4e,93,37,23,46,de,ff,0f,fa,98,8b,79,cd,2c,ec,45,e3,bb,0c,\ bf,28,11,d8,2f,95,d7,a5,ad,ae,0a,cc,37,50,ab,98,01,a9,b9,63,0c,88,5c,fb,fa,\ d7,63,4a,21,65,f0,37,de,e9,72,c7,2c,44,d4,88,75,07,f4,2f,a7,35,57,80,8b,f6,\ 4a,1b,6e,52,7c,2d,84,71,40,bb,83,b0,10,ed,4d,7d,6c,d0,01,85,1f,92,68,86,c3,\ f5,90,5e,87,fe,b6,68,30,ed,69,09,5e,72,ed,86,11,1e,de,19,6b,18,15,43,b7,11,\ cf,63,ab,7a,0c,88,ea,f4,36,84,cd,08,03,41,63,18,9c,59,b7,95,ff,e0,51,73,a2,\ 84,b2,ff,da,59,d9,d4,1f,79,ee,72,f2,3e,24,85,d9,6a,40,90,dc,2f,be,ec,82,4f,\ 68,0d,fd,82,28,08,a2,18,1b,52,9c,df,e6,cb,e0,47,4d,fb,63,c4,01,9b,8b,74,ba,\ 57,e4,02,86,d2,15,ca,61,eb,12,3e,05,3e,93,88,03,ee,c4,70,13,a2,3e,81,a9,ce,\ 36,67,c9,e8,34,f4,9c,1b,aa,87,44,42,1d,b8,54,6a,d6,3c,fa,20,fc,2d,39,67,5b,\ bb,d4,08,63,1f,6e,29,74,d1,ef,21,58,fb,2a,8b,11,2d,bc,99,d6,52,37,ab,58,e3,\ 80,21,49,5a,75,6d,1f,ea,d3,6c,16,6d,57,f6,74,9e,24,b3,10,88,65,31,15,3e,33,\ 34,04,cd,b9,4e,d1,f8,6f,96,af,2e,02,82,3d,c4,b8,35,e7,c1,0f,84,37,56,04,ce,\ 27,63,83,96,36,3d,23,71,bb,af,10,23,78,3f,48,05,72,b2,0b,a9,00,d2,8c,c1,23,\ 6e,ed,3d,15,a3,6a,b4,25,5a,d5,05,c1,12,42,3e,d5,df,03,bd,53,b3,d7,94,13,dd,\ 5e,32,de,cf,d0,40,c5,ea,24,ef,ca,b8,e2,3a,9f,54,fc,64,fa,fb,1b,04,62,2a,9d,\ 8e,ce,07,de,82,0d,3a,b7,e3,65,fe,45,eb,7b,78,ec,fd,72,47,9b,db,57,5c,51,19,\ bd,0c,e0,d1,a4,63,f0,99,a0,bc,48,b2,36,8e,49,82,8a,89,bb,45,37,e2,cd,ff,7f,\ eb,56,b5,a4,e6,61,dc,95,1b,b6,e9,12,cd,28,e1,0c,79,99,77,d0,d9,b8,9a,24,e8,\ a6,ba,46,3f,ab,cf,dd,37,cb,9c,30,4e,9a,35,96,cc,50,bf,2d,a5,20,77,cf,a2,c6,\ f5,42,bc,60,b2,af,c8,7e,c9,56,5a,7c,fa,7f,e3,10,f4,b4,1c,1f,d4,2d,a8,d5,e9,\ 8c,f4,f4,ba,ca,63,6c,4a,72,a8,2c,cd,9a,0d,72,39,70,dd,4f,fd,57,ce,ca,e1,e7,\ a9,d7,1e,46,8b,72,cf,ef,95,82,4b,b2,e6,03,b3,fc,c6,64,c7,59,24,2e,fe,37,43,\ e7,d5,ed,b0,36,67,fc,77,47,3e,94,96,71,69,5a,b2,17,ce,68,09,cc,c2,95,a8,ba,\ d7,f7,de,44,f5,a7,f0,ea,ad,c4,0e,6d,c9,a7,bb,86,34,28,c5,38,ef,c9,b0,4a,7a,\ 25,e3,1d,04,c2,9d,7f,70,05,7d,22,fb,47,47,4c,20,2c,e5,d1,b8,30,ac,3e,66,83,\ e1,58,32,17,7c,c5,74,f7,2b,08,f4,da,9a,b3,4f,f8,f2,d7,9d,1c,9f,c0,50,fb,57,\ df,5f,c4,58,08,a4,f8,f1,dd,83,7c,43,8a,cd,ec,d9,49,b4,e4,33,16,ab,1f,59,5e,\ e7,70,9b,38,b2,44,c1,22,22,aa,ac,46,4a,b8,2f,fb,b1,2a,1f,8f,03,4d,ae,44,07,\ 1b,f4,98,d1,a8,cf,ca,39,bd,ed,99,8c,c2,27,4f,80,e1,11,fe,6e,68,cf,0a,bb,6f,\ 2a,e7,97,bb,e2,24,eb,e3,46,a9,8c,b1,03,3d,b5,cb,3a,f2,4a,b4,93,d5,e5,e3,4b,\ 1a,09,da,7d,80,23,e3,9a,c2,d4,ae,e1,33,f2,47,82,51,d0,44,04,9c,bf,43,e4,a9,\ d4,94,7f,72,ec,32,31,f0,ee,f8,bf,ec,50,11,f2,11,dd,b1,85,47,b5,02,41,3c,95,\ 61,67,43,58,cb,4e,62,be,92,4d,a6,6d,55,db,ba,35,2e,f5,b8,fb,98,2d,c0,3f,8a,\ 06,70,c6,75,06,68,30,80,4c,a3,a0,11,35,52,8e,90,18,c7,1b,6e,34,91,a1,67,e6,\ e9,8f,04,1f,4c,74,63,16,6a,59,3a,3a,3f,54,1a,6b,80,5a,f1,69,38,55,d3,8d,b3,\ 76,fa,b7,9b,cd,0b,87,61,17,9a,d0,de,d7,f1,49,3b,a8,0d,86,0e,d1,cf,ea,27,c5,\ 1a,00,50,48,de,0e,58,da,62,16,c6,40,65,a9,79,26,f8,64,26,be,90,bb,08,aa,5a,\ f5,d2,1c,ce,78,e9,3c,87,47,d0,ca,52,c9,e3,04,85,cc,49,ca,92,c9,24,00,db,6a,\ 0a,34,c8,49,b9,80,17,fb,06,b2,74,4d,17,ab,4a,cd,d2,05,d8,8d,95,f8,87,f7,23,\ 28,7f,7b,f4,f0,b6,68,b3,65,87,a7,24,c5,85,89,26,0a,18,eb,f0,1a,db,0a,9b,3f,\ 42,99,e0,d6,80,11,24,4b,a8,49,b1,45,12,46,47,1d,00,54,d3,95,81,55,7e,c7,96,\ 5a,e9,5b,94,70,b7,fd,c9,bc,4d,0e,62,cb,d5,9a,8c,23,89,8b,da,1e,2e,1c,e7,f8,\ a3,de,90,3c,26,0b,23,74,e9,c1,41,9d,24,2b,f6,e2,6a,59,a5,67,5c,40,fe,75,32,\ 03,2a,d7,97,70,48,84,ba,ce,1d,7d,a2,d6,07,f9,c1,ff,33,c0,cd,ff,10,d5,cb,8e,\ 04,57,6c,6d,5d,a9,9d,a7,8a,d1,5a,16,8b,1e,c3,2a,a6,0e,71,e6,5c,6e,0a,2b,9b,\ c3,13,da,39,35,e9,06,73,91,fa,a5,62,a0,71,8d,fd,13,90,0e,28,cc,fe,3a,7a,92,\ b5,3c,43,08,1b,eb,ce,e0,6f,9f,e3,4c,67,44,90,b5,18,ad,29,b0,15,2a,8e,2e,db,\ 5c,ac,f2,6d,48,47,49,3b,ab,f6,f5,48,8d,6f,6a,8c,19,04,3d,97,ac,6e,d9,78,2c,\ ca,73,dd,9b,c4,e1,41,7b,ec,ac,e7,b1,15,17,32,68,65,06,09,3d,18,96,a1,e2,29,\ a5,ef,c1,67,94,63,e3,cb,4b,d3,11,09,7e,b5,39,65,2f,92,12,c8,75,b7,03,13,00 "NoDriveAutoRun"=dword:03ffffff "NoDrives"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] OK, now for the DUAL boot question: I don't even know what that means, so I guess not. I DID have another OS (it was still XP though) on D drive because it was from an old computer, but I have since formatted it and now only use it for storage. I hope that answers your question.
  9. Ok, here is the LopR: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.40GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05 USER : Val ( Administrator ) BOOT : Normal boot Antivirus : CA Anti-Virus 8.4.0.28 (Activated) Firewall : CA Personal Firewall 9.1.0.38 (Activated) C:\ (Local Disk) - NTFS - Total:71 Go (Free:48 Go) D:\ (Local Disk) - NTFS - Total:37 Go (Free:35 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( Wed 04/14/2010|14:45 ) --------------------\\ Listing folders in APPLIC~1 [02/07/2009|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {83C91755-2546-441D-AC40-9A6B4B860800} [08/01/2008|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {F7498CBA-F30B-4739-8CF3-167AF0872B2E} [09/14/2009|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore [09/14/2009|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [09/14/2009|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [07/12/2007|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple [10/21/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [04/16/2008|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BWIBSQHDYG [02/19/2008|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CA [02/26/2008|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell [12/20/2009|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [08/16/2005|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [10/01/2006|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP [01/08/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software [01/08/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software Solutions [08/16/2005|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [12/18/2007|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JDJBSQHDYG [07/27/2008|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft [11/08/2007|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LGJBSQHDYG [03/31/2010|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [11/24/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [03/11/2010|03:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help [02/05/2010|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCPitstop [09/16/2005|06:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap [08/16/2005|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [12/14/2009|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RAJBSQHDYG [08/10/2004|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI [04/13/2010|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [03/13/2010|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sun [01/28/2008|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft [11/10/2005|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec [08/20/2009|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [09/14/2009|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [08/07/2006|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [03/29/2008|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller [06/16/2009|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! [08/22/2005|07:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL [08/10/2004|02:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [08/16/2005|08:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc [11/30/2009|08:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia [08/16/2005|08:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [08/16/2005|08:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [08/16/2005|08:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec [08/16/2005|08:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver [03/04/2008|04:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [08/10/2004|01:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [09/14/2009|12:18] C:\DOCUME~1\Val\APPLIC~1\<DIR> acccore [02/06/2008|01:46] C:\DOCUME~1\Val\APPLIC~1\<DIR> Adobe [07/18/2009|08:53] C:\DOCUME~1\Val\APPLIC~1\<DIR> AdobeUM [08/22/2005|07:32] C:\DOCUME~1\Val\APPLIC~1\<DIR> AOL [11/14/2009|09:22] C:\DOCUME~1\Val\APPLIC~1\<DIR> Apple Computer [09/17/2005|09:14] C:\DOCUME~1\Val\APPLIC~1\<DIR> ArcSoft [10/12/2009|02:52] C:\DOCUME~1\Val\APPLIC~1\<DIR> Blitware [11/14/2009|06:11] C:\DOCUME~1\Val\APPLIC~1\<DIR> COREL [01/31/2010|03:26] C:\DOCUME~1\Val\APPLIC~1\<DIR> Foxit [11/11/2007|03:01] C:\DOCUME~1\Val\APPLIC~1\<DIR> Google [04/13/2007|09:29] C:\DOCUME~1\Val\APPLIC~1\<DIR> Gtek [02/25/2006|09:00] C:\DOCUME~1\Val\APPLIC~1\<DIR> Help [10/08/2006|02:35] C:\DOCUME~1\Val\APPLIC~1\<DIR> HP [08/10/2004|02:08] C:\DOCUME~1\Val\APPLIC~1\<DIR> Identities [03/22/2008|01:50] C:\DOCUME~1\Val\APPLIC~1\<DIR> Image Zone Express [08/16/2005|08:53] C:\DOCUME~1\Val\APPLIC~1\<DIR> Jasc Software Inc [02/18/2008|02:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Lavasoft [08/22/2005|07:10] C:\DOCUME~1\Val\APPLIC~1\<DIR> Leadertech [12/25/2009|12:07] C:\DOCUME~1\Val\APPLIC~1\<DIR> LimeWire [08/22/2005|07:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Macromedia [03/31/2010|01:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Malwarebytes [11/18/2007|03:09] C:\DOCUME~1\Val\APPLIC~1\<DIR> Microsoft [09/12/2005|06:08] C:\DOCUME~1\Val\APPLIC~1\<DIR> Microsoft Web Folders [09/02/2008|06:06] C:\DOCUME~1\Val\APPLIC~1\<DIR> Mozilla [11/27/2009|03:18] C:\DOCUME~1\Val\APPLIC~1\<DIR> PCPitstop [05/20/2009|06:15] C:\DOCUME~1\Val\APPLIC~1\<DIR> Pogo Games [08/29/2005|07:22] C:\DOCUME~1\Val\APPLIC~1\<DIR> Share-to-Web Upload Folder [08/22/2005|07:13] C:\DOCUME~1\Val\APPLIC~1\<DIR> Sonic [08/16/2005|08:48] C:\DOCUME~1\Val\APPLIC~1\<DIR> Sun [08/16/2005|08:59] C:\DOCUME~1\Val\APPLIC~1\<DIR> Symantec [07/31/2008|03:06] C:\DOCUME~1\Val\APPLIC~1\<DIR> System Tweaker [01/05/2009|10:03] C:\DOCUME~1\Val\APPLIC~1\<DIR> SystemRequirementsLab [08/01/2008|01:29] C:\DOCUME~1\Val\APPLIC~1\<DIR> Uniblue [10/23/2009|08:58] C:\DOCUME~1\Val\APPLIC~1\<DIR> Viewpoint [11/02/2009|03:40] C:\DOCUME~1\Val\APPLIC~1\<DIR> WinPatrol [06/16/2009|11:47] C:\DOCUME~1\Val\APPLIC~1\<DIR> Yahoo! [08/16/2005|08:51] C:\DOCUME~1\Val\APPLIC~1\<DIR> You've Got Pictures Screensaver --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [03/27/2010 12:26 PM][--a------] C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job [04/12/2010 02:28 AM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [04/14/2010 01:02 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [09/17/2005|08:56] C:\Program Files\<DIR> ACD Systems [07/18/2009|08:30] C:\Program Files\<DIR> Adobe [12/27/2008|10:08] C:\Program Files\<DIR> Ahead [09/14/2009|12:17] C:\Program Files\<DIR> AIM6 [08/16/2005|08:37] C:\Program Files\<DIR> Analog Devices [07/12/2007|11:28] C:\Program Files\<DIR> Apple Software Update [09/17/2005|09:06] C:\Program Files\<DIR> ArcSoft [12/12/2009|06:05] C:\Program Files\<DIR> AutoPogo1 [11/16/2009|06:26] C:\Program Files\<DIR> Avery Wizard 3.1 [11/02/2009|02:07] C:\Program Files\<DIR> BillP Studios [11/29/2009|02:51] C:\Program Files\<DIR> Broadcom [08/16/2005|08:49] C:\Program Files\<DIR> Broadcom Management Programs [11/11/2007|03:48] C:\Program Files\<DIR> CA [04/13/2010|01:28] C:\Program Files\<DIR> CCleaner [02/14/2010|10:04] C:\Program Files\<DIR> Citrix [04/09/2010|07:56] C:\Program Files\<DIR> Common Files [08/16/2005|08:49] C:\Program Files\<DIR> Dell [08/16/2005|08:54] C:\Program Files\<DIR> Dell Inc [01/28/2008|12:44] C:\Program Files\<DIR> Dell Support Center [04/13/2007|03:32] C:\Program Files\<DIR> DellSupport [09/17/2005|09:08] C:\Program Files\<DIR> directx [01/31/2010|03:25] C:\Program Files\<DIR> Foxit Software [12/20/2009|12:34] C:\Program Files\<DIR> Google [05/10/2009|04:25] C:\Program Files\<DIR> Greeting Card Creator 32 [11/02/2006|06:10] C:\Program Files\<DIR> Hewlett-Packard [11/02/2006|06:11] C:\Program Files\<DIR> HP [11/29/2007|10:06] C:\Program Files\<DIR> InstallShield Installation Information [03/31/2010|01:25] C:\Program Files\<DIR> Internet Explorer [03/29/2008|08:24] C:\Program Files\<DIR> Jasc Software Inc [04/13/2010|02:57] C:\Program Files\<DIR> Java [02/07/2009|03:13] C:\Program Files\<DIR> Lavasoft [08/16/2005|08:51] C:\Program Files\<DIR> Learn2.com [03/31/2010|01:45] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [08/12/2008|11:20] C:\Program Files\<DIR> Messenger [03/29/2008|08:54] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2 [09/12/2005|06:07] C:\Program Files\<DIR> microsoft frontpage [11/11/2007|07:37] C:\Program Files\<DIR> Microsoft Office [08/16/2005|08:53] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition [08/16/2005|08:53] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE [11/11/2007|07:36] C:\Program Files\<DIR> Microsoft Visual Studio [10/20/2009|02:25] C:\Program Files\<DIR> Microsoft Works [11/11/2007|07:35] C:\Program Files\<DIR> Microsoft.NET [03/11/2010|03:29] C:\Program Files\<DIR> Movie Maker [04/03/2010|11:45] C:\Program Files\<DIR> Mozilla Firefox [02/18/2010|01:59] C:\Program Files\<DIR> MSBuild [10/07/2008|06:23] C:\Program Files\<DIR> MSN [08/10/2004|02:01] C:\Program Files\<DIR> MSN Gaming Zone [11/20/2006|08:47] C:\Program Files\<DIR> MSXML 4.0 [08/16/2005|08:55] C:\Program Files\<DIR> MUSICMATCH [08/05/2008|02:13] C:\Program Files\<DIR> NetMeeting [09/17/2005|09:07] C:\Program Files\<DIR> NuCam Corp [11/04/2009|01:28] C:\Program Files\<DIR> Oberon Media [10/10/2005|08:39] C:\Program Files\<DIR> OfficeUpdate11 [08/10/2004|02:01] C:\Program Files\<DIR> Online Services [08/13/2009|03:47] C:\Program Files\<DIR> Outlook Express [11/27/2009|03:18] C:\Program Files\<DIR> PCPitstop [07/12/2007|11:29] C:\Program Files\<DIR> QuickTime [02/18/2010|01:59] C:\Program Files\<DIR> Reference Assemblies [01/08/2008|07:52] C:\Program Files\<DIR> ShortKeys2 [08/16/2005|08:56] C:\Program Files\<DIR> Sonic [11/14/2009|03:39] C:\Program Files\<DIR> Spybot - Search & Destroy [11/10/2005|08:20] C:\Program Files\<DIR> Symantec [01/05/2009|10:03] C:\Program Files\<DIR> SystemRequirementsLab [11/17/2006|10:07] C:\Program Files\<DIR> tcConference [11/18/2007|08:51] C:\Program Files\<DIR> TheWeatherNetwork [08/01/2008|01:29] C:\Program Files\<DIR> Uniblue [12/18/2006|05:05] C:\Program Files\<DIR> Uninstall Information [09/14/2009|12:17] C:\Program Files\<DIR> Viewpoint [08/16/2005|09:04] C:\Program Files\<DIR> WebCyberCoach [03/29/2008|02:56] C:\Program Files\<DIR> Windows Live [04/04/2009|02:40] C:\Program Files\<DIR> Windows Live Safety Center [12/22/2007|01:59] C:\Program Files\<DIR> Windows Media Connect 2 [08/05/2008|02:13] C:\Program Files\<DIR> Windows Media Player [08/05/2008|02:13] C:\Program Files\<DIR> Windows NT [01/30/2010|08:56] C:\Program Files\<DIR> WindowsRepairKit [10/09/2005|03:44] C:\Program Files\<DIR> WON [08/23/2005|05:16] C:\Program Files\<DIR> WordPerfect Office 12 [05/21/2006|05:10] C:\Program Files\<DIR> World of Warcraft [08/10/2004|02:04] C:\Program Files\<DIR> xerox [06/16/2009|12:12] C:\Program Files\<DIR> Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [09/20/2005|04:25] C:\Program Files\Common Files\<DIR> Adobe [12/27/2008|10:08] C:\Program Files\Common Files\<DIR> Ahead [06/05/2009|12:27] C:\Program Files\Common Files\<DIR> AOL [11/29/2007|09:47] C:\Program Files\Common Files\<DIR> Avery [03/05/2007|09:39] C:\Program Files\Common Files\<DIR> Blizzard Entertainment [08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Borland Shared [08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Corel [11/11/2007|07:36] C:\Program Files\Common Files\<DIR> DESIGNER [04/27/2009|11:52] C:\Program Files\Common Files\<DIR> EasyInfo [11/08/2007|02:27] C:\Program Files\Common Files\<DIR> eSellerate [08/29/2005|07:21] C:\Program Files\Common Files\<DIR> Hewlett-Packard [11/02/2006|06:11] C:\Program Files\Common Files\<DIR> HP [01/08/2008|07:50] C:\Program Files\Common Files\<DIR> Insight Software Solutions [09/17/2005|09:05] C:\Program Files\Common Files\<DIR> InstallShield [04/13/2010|03:00] C:\Program Files\Common Files\<DIR> Java [10/20/2009|02:32] C:\Program Files\Common Files\<DIR> Microsoft Shared [08/10/2004|02:02] C:\Program Files\Common Files\<DIR> MSSoap [12/27/2008|10:09] C:\Program Files\Common Files\<DIR> Nero [08/16/2005|08:51] C:\Program Files\Common Files\<DIR> Nullsoft [11/11/2007|07:35] C:\Program Files\Common Files\<DIR> ODBC [08/30/2008|02:46] C:\Program Files\Common Files\<DIR> Real [11/11/2007|03:36] C:\Program Files\Common Files\<DIR> Scanner [08/10/2004|02:02] C:\Program Files\Common Files\<DIR> Services [10/09/2005|03:44] C:\Program Files\Common Files\<DIR> Sierra On-Line [08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Sonic Shared [08/10/2004|01:57] C:\Program Files\Common Files\<DIR> SpeechEngines [01/28/2008|12:44] C:\Program Files\Common Files\<DIR> supportsoft [11/10/2005|08:20] C:\Program Files\Common Files\<DIR> Symantec Shared [08/05/2008|02:13] C:\Program Files\Common Files\<DIR> System [03/29/2008|01:33] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller --------------------\\ Process ( 51 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-14 15:15:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Val\Desktop\Docs\My Music\Neil Diamond - Cracklin' Rosie.mp3 [F:18][D:3]-> C:\DOCUME~1\Val\LOCALS~1\Temp [F:1][D:0]-> C:\DOCUME~1\Val\Cookies [F:6][D:6]-> C:\DOCUME~1\Val\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Wed 04/14/2010|15:27 - Option : [1] --------------------\\ Scan completed at 15:27:17 Next....I still had DDS from before since I hadn't been told to delete it, but thought it might be important to download fresh, so I renamed the old one and the reports and downloaded again.....however, I was not given a prompt for Optional Scan. I disconnected from the internet and disabled my internet security suite totally since it can be a PITP (pain in the posterior) sometimes.....here is the DDS.txt DDS (Ver_10-03-17.01) - NTFSx86 Run by Val at 15:40:38.76 on Wed 04/14/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.402 [GMT -4:00] AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k tapisrv C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Documents\Webshit\WinPatrol\winpatrol.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Val\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Val\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.pogo.com/home/home.do mStart Page = hxxp://ca.yahoo.com uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe" mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe" mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe mRun: [WinPatrol] c:\documents\webshit\winpatrol\winpatrol.exe mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" uPolicies-explorer: LegacyDrive = b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990 854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e9 2 a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d99530 9 a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623d f b40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625 0 75ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d2 5 bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df 4 389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16c f 9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c 8 7d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711 c 609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449d c 1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206 f 45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48 0 05d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0 f 441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e4 7 a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc34 7 6b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0 0 75b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d37 6 bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5b e d04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d 0 526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161d b d135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56c b 53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f 4 c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde9 2 b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9 6 79ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a99 5 8d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc0566 5 f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c1 6 eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b4 7 814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6 d e0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed26 0 bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc 5 80e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf1451 5 726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79 c e367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0 b b32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b0732 7 0e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff822 8 d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7c a fb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f9 0 5f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e2 1 c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca 9 2bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396 1 60b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a811 7 4756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0 b 1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619b f 03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da17 7 069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc 6 f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76 1 91bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc310019 2 e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6 b 1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c 7 ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf 7 c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4 b 552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba 0 14b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf754 1 b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e0711 0 331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b099741 1 dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c 8 8df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e22 5 5dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4 d 585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe63879 0 0c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f13 6 f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6f d 42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f1 1 bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf 6 64583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8 d df5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b464 4 1862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910 f b6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f 0 42596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62 f b884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494 3 08ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858 a 006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc 6 cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039a e fd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64 2 38b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad11 2 f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c 0 2e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1 e 7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe768 8 d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e 8 5d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d382162 5 8bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed6840 9 2ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715 e fe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304 f ab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853 d 0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37 e 36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0 b e3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6 b 8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b5 1 df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f 2 14bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d 8 a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e 0 8be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a 9 259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de160 9 5cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30 c 781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2 3 13dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8f c 8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd62 8 615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c 9 f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb 7 d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853 6 42b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c 3 d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b8 2 ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f281 3 1f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d222 8 1546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7 0 29c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de 6 e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc 9 78180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab 8 4bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc 1 c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559dd c 893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64 f 75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06c f 2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411 d 321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454 e fc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b95 6 098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c5 5 012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2 e e70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2 2 85d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b 9 9c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f553 2 1201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb72165 7 d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c29794 1 6f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93 f 7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94 d a6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6 a 47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee45169 3 000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d 6 2d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518 f 05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b 4 d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a0 0 802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0 c 24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e 0 7972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e 5 e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d9 5 6f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4 f e6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a573 9 2847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45 c 0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d5 7 c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1 f f81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d 9 4fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a 5 ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb0 0 f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20df a dcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4 d 3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca3 1 678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a18 1 de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47 f 09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9 c d9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbea d a61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e 0 69e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587ef b 033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13c e 0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6 d 98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e9762 6 7fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2 e 0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25e a be8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63b c f1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55 c 07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e9337 2 346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbf a d7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d 7 d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c8 8 eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2f b eec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e0 5 3e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd4 0 8631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b 3 10886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371 b baf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d7941 3 dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b 7 8ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e 6 61dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da5 2 077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82 c cd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7 d 5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863 4 28c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574 f 72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1 f 595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2 2 74f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7 d 8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb185 4 7b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca 3 a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db3 7 6fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a9792 6 f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b980 1 7fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01ad b 0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62 c bd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad 7 97704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e 7 1e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06 f 9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed978 2 cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb53 9 652f9212c875b7031300 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\VetRedir.dll Trusted Zone: pogo.com\www DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxsrvc.dll Notify: PFW - UmxWnp.Dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\val\applic~1\mozilla\firefox\profiles\v7nm513q.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584] R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216] R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-11-11 26352] R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-11-11 21104] R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696] R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-11-11 21488] R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-11-11 32240] R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2007-11-11 144960] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456] R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296] R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104] R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2007-11-11 238832] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-14 24652] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816] R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704] R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520] S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-11-27 85504] =============== Created Last 30 ================ 2010-04-14 18:43:22 0 d-----w- C:\Lop SD 2010-04-13 18:58:27 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-04-09 23:47:15 0 d-sha-r- C:\cmdcons 2010-04-09 23:41:26 98816 ----a-w- c:\windows\sed.exe 2010-04-09 23:41:26 77312 ----a-w- c:\windows\MBR.exe 2010-04-09 23:41:26 261632 ----a-w- c:\windows\PEV.exe 2010-04-09 23:41:26 161792 ----a-w- c:\windows\SWREG.exe 2010-04-02 19:31:25 0 ----a-w- c:\documents and settings\val\defogger_reenable 2010-03-31 17:45:19 0 d-----w- c:\docume~1\val\applic~1\Malwarebytes 2010-03-31 17:44:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 17:44:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-31 17:44:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 17:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7 2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6 2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5 2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4 2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3 2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2 2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1 2010-04-14 07:29:29 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0 2010-04-13 18:57:52 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-06 07:28:45 15688 ----a-w- c:\windows\system32\lsdelete.exe 2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll 2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe 2010-02-15 02:01:27 70984 ----a-w- c:\documents and settings\val\g2mdlhlpx.exe 2010-02-14 05:00:00 30976 ----a-w- c:\windows\rascntrl.dll 2010-02-14 05:00:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll 2010-02-14 05:00:00 16384 ----a-w- c:\windows\system32\msdrve.dll 2010-02-14 05:00:00 10816 ----a-w- c:\windows\vmoptver.dll 2004-08-04 10:00:00 94784 --sh--w- c:\windows\twain.dll 2009-11-14 22:11:59 56 --sh--r- c:\windows\system32\9B0176E0FA.sys 2009-11-14 22:11:59 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll 2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll 2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe 2008-08-05 16:37:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat ============= FINISH: 15:43:02.18 =============== and here is the Attach.txt (instructions in the report said to zip it up and attach, if you want me to copy and paste, let me know) Attach.zip
  10. Hi, Java updated, and here is my online scan report: Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 89033 Threats found: 2 Infected objects found: 3 Suspicious objects found: 0 Scan duration: 03:12:13 File name / Threat / Threats count D:\AV files\Coolpic.exe Infected: Hoax.Win32.BadJoke.JepRuss 1 D:\Games\POGO\Tri_Peaks_Solitaire_2-setup.exe Infected: Trojan.Win32.Inject.hrj 1 D:\images\Coolpic.exe Infected: Hoax.Win32.BadJoke.JepRuss 1 Selected area has been scanned. I guess I'm not surprised that coolpic is considered an infection, what surprises me is that there's 2 of them lol, but I'm REALLY surprised by the pogo game!
  11. Hi, first of all, thank you, thank you, thank you for helping me. Here is my ComboFix log: ComboFix 10-04-08.06 - Val 04/09/2010 19:49:28.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.520 [GMT -4:00] Running from: c:\documents and settings\Val\Desktop\ComboFix.exe AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} . ((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 ))))))))))))))))))))))))))))))) . 2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll 2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll 2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll 2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll 2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll 2010-03-12 21:37 . 2010-03-12 22:10 -------- d-----w- c:\windows\system32\NtmsData 2010-03-11 00:08 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7 2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6 2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5 2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4 2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3 2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2 2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1 2010-04-09 07:27 . 2007-11-11 23:06 539510 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0 2010-03-31 03:50 . 2008-12-16 18:26 410984 ----a-w- c:\windows\system32\deploytk.dll 2010-03-31 03:50 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java 2010-03-31 03:29 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java 2010-03-27 20:37 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-11 07:32 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild 2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies 2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe 2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe 2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe 2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe 2010-02-15 02:04 . 2010-02-15 02:04 -------- d-----w- c:\program files\Citrix 2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe 2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll 2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll 2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll 2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll 2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe 2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll 2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys 2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll 2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 00:12 . 2004-08-10 17:51 343040 --sha-w- c:\windows\system32\msvcrt.dll 2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll 2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392] "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088] "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664] "cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200] "capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296] "capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312] "WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-31 148888] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LegacyDrive"= b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990 854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e9 2 a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d99530 9 a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623d f b40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625 0 75ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d2 5 bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df 4 389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16c f 9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c 8 7d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711 c 609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449d c 1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206 f 45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48 0 05d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0 f 441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e4 7 a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc34 7 6b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0 0 75b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d37 6 bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5b e d04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d 0 526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161d b d135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56c b 53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f 4 c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde9 2 b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9 6 79ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a99 5 8d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc0566 5 f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c1 6 eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b4 7 814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6 d e0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed26 0 bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc 5 80e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf1451 5 726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79 c e367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0 b b32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b0732 7 0e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff822 8 d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7c a fb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f9 0 5f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e2 1 c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca 9 2bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396 1 60b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a811 7 4756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0 b 1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619b f 03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da17 7 069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc 6 f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76 1 91bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc310019 2 e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6 b 1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c 7 ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf 7 c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4 b 552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba 0 14b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf754 1 b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e0711 0 331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b099741 1 dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c 8 8df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e22 5 5dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4 d 585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe63879 0 0c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f13 6 f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6f d 42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f1 1 bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf 6 64583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8 d df5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b464 4 1862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910 f b6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f 0 42596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62 f b884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494 3 08ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858 a 006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc 6 cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039a e fd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64 2 38b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad11 2 f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c 0 2e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1 e 7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe768 8 d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e 8 5d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d382162 5 8bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed6840 9 2ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715 e fe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304 f ab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853 d 0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37 e 36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0 b e3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6 b 8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b5 1 df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f 2 14bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d 8 a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e 0 8be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a 9 259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de160 9 5cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30 c 781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2 3 13dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8f c 8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd62 8 615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c 9 f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb 7 d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853 6 42b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c 3 d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b8 2 ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f281 3 1f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d222 8 1546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7 0 29c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de 6 e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc 9 78180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab 8 4bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc 1 c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559dd c 893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64 f 75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06c f 2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411 d 321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454 e fc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b95 6 098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c5 5 012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2 e e70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2 2 85d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b 9 9c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f553 2 1201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb72165 7 d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c29794 1 6f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93 f 7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94 d a6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6 a 47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee45169 3 000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d 6 2d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518 f 05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b 4 d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a0 0 802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0 c 24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e 0 7972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e 5 e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d9 5 6f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4 f e6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a573 9 2847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45 c 0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d5 7 c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1 f f81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d 9 4fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a 5 ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb0 0 f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20df a dcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4 d 3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca3 1 678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a18 1 de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47 f 09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9 c d9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbea d a61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e 0 69e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587ef b 033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13c e 0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6 d 98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e9762 6 7fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2 e 0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25e a be8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63b c f1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55 c 07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e9337 2 346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbf a d7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d 7 d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c8 8 eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2f b eec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e0 5 3e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd4 0 8631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b 3 10886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371 b baf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d7941 3 dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b 7 8ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e 6 61dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da5 2 077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82 c cd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7 d 5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863 4 28c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574 f 72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1 f 595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2 2 74f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7 d 8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb185 4 7b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca 3 a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db3 7 6fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a9792 6 f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b980 1 7fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01ad b 0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62 c bd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad 7 97704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e 7 1e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06 f 9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed978 2 cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb53 9 652f9212c875b7031300 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW] 2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon] 2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents\\Webshit\\setupxv.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= R0 lwctth;lwctth;c:\windows\System32\drivers\sjlimgl.sys [x] R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504] S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2008-06-24 93712] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160] S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504] S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584] S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216] S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648] S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-06 1029456] S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-04 1010192] S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296] S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816] S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-17 189704] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] tapisrv REG_MULTI_SZ Tapisrv . Contents of the 'Scheduled Tasks' folder 2010-04-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27] 2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pogo.com/home/home.do mStart Page = hxxp://ca.yahoo.com uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\VetRedir.dll Trusted Zone: pogo.com\www DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-CamCheck - c:\program files\NuCam\CamCheck\CamCheck.exe MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-09 20:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(2020) c:\windows\system32\UmxWnp.Dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll - - - - - - - > 'lsass.exe'(436) c:\windows\system32\VetRedir.dll c:\windows\system32\ISafeIf.dll - - - - - - - > 'explorer.exe'(3996) c:\windows\system32\WININET.dll c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-04-09 20:10:34 ComboFix-quarantined-files.txt 2010-04-10 00:10 Pre-Run: 52,231,049,216 bytes free Post-Run: 52,209,897,472 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 74DB93D7466710C0BE65EC68476E3E1D ComboFix did not reboot my computer, so I did because there were no icons in my system tray when it finished. After the reboot, I received an alert from WinPatrol, I am attaching a screen print, please advise if this change is ok......Thanks
  12. Hi again, I followed directions and posted my logs over 4 days ago, after 48 hours I contacted a moderator and was asked to be patient as the traffic is high since the release of version 1.45, however, I have been reading some of the other posts and some people that posted after me have already been assisted and their computers cleaned, so I am getting a bit disheartened. I have read a lot of posts and noticed that the people being helped are asked not to download anything or try to clean things up by themselves after logs are sent in, but I feel it is unreasonable to not update things (downloads) after this amount of time and of course my internet security updates several times a day. Before I read this advice, I did run my ISS anti-spyware and it removed a couple of malware cookies, but now I feel my hands are tied as far as using my computer. I have noticed that my logs have been downloaded once, but there is no way of knowing by whom. I would really appreciate some help if someone has the time.....Thank you.
  13. Hello, I have followed all the steps detailed in "I'm Infected - What do I do now? I ran MBAM and my AV full scan....both clean...this is the MBAM log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/1/2010 6:17:22 PM mbam-log-2010-04-01 (18-17-22).txt Scan type: Quick scan Objects scanned: 102132 Time elapsed: 22 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 I then tried to update MBAM but still got the message: MBAM_ERROR_UPDATING (122,0, MultiByteToWideChar) The data area passed to a system call is too small I disabled CD Emulation drivers with DeFogger......no error message I ran DDS and GMER and am attaching logs as instructed. I hope I did it all right DDS (Ver_10-03-17.01) - NTFSx86 Run by Val at 16:03:18.78 on Fri 04/02/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -4:00] AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k tapisrv C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Documents\Webshit\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\Val\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.pogo.com/home/home.do uDefault_Page_URL = hxxp://www.dell.ca/myway uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html?p=DC mDefault_Page_URL = hxxp://ca.yahoo.com mDefault_Search_URL = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com mSearch Page = hxxp://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ca.search.yahoo.com mStart Page = hxxp://ca.yahoo.com uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com mSearchAssistant = hxxp://www.google.com/ie BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe" mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe" mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe mRun: [<NO NAME>] mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe mRun: [WinPatrol] c:\documents\webshit\winpatrol\winpatrol.exe mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" uPolicies-explorer: LegacyDrive = b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990 854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e9 2 a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d99530 9 a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623d f b40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625 0 75ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d2 5 bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df 4 389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16c f 9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c 8 7d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711 c 609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449d c 1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206 f 45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48 0 05d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0 f 441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e4 7 a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc34 7 6b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0 0 75b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d37 6 bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5b e d04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d 0 526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161d b d135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56c b 53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f 4 c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde9 2 b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9 6 79ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a99 5 8d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc0566 5 f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c1 6 eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b4 7 814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6 d e0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed26 0 bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc 5 80e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf1451 5 726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79 c e367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0 b b32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b0732 7 0e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff822 8 d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7c a fb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f9 0 5f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e2 1 c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca 9 2bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396 1 60b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a811 7 4756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0 b 1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619b f 03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da17 7 069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc 6 f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76 1 91bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc310019 2 e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6 b 1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c 7 ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf 7 c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4 b 552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba 0 14b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf754 1 b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e0711 0 331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b099741 1 dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c 8 8df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e22 5 5dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4 d 585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe63879 0 0c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f13 6 f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6f d 42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f1 1 bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf 6 64583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8 d df5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b464 4 1862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910 f b6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f 0 42596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62 f b884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494 3 08ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858 a 006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc 6 cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039a e fd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64 2 38b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad11 2 f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c 0 2e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1 e 7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe768 8 d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e 8 5d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d382162 5 8bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed6840 9 2ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715 e fe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304 f ab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853 d 0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37 e 36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0 b e3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6 b 8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b5 1 df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f 2 14bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d 8 a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e 0 8be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a 9 259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de160 9 5cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30 c 781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2 3 13dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8f c 8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd62 8 615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c 9 f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb 7 d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853 6 42b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c 3 d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b8 2 ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f281 3 1f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d222 8 1546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7 0 29c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de 6 e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc 9 78180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab 8 4bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc 1 c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559dd c 893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64 f 75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06c f 2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411 d 321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454 e fc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b95 6 098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c5 5 012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2 e e70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2 2 85d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b 9 9c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f553 2 1201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb72165 7 d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c29794 1 6f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93 f 7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94 d a6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6 a 47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee45169 3 000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d 6 2d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518 f 05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b 4 d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a0 0 802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0 c 24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e 0 7972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e 5 e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d9 5 6f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4 f e6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a573 9 2847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45 c 0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d5 7 c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1 f f81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d 9 4fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a 5 ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb0 0 f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20df a dcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4 d 3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca3 1 678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a18 1 de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47 f 09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9 c d9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbea d a61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e 0 69e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587ef b 033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13c e 0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6 d 98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e9762 6 7fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2 e 0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25e a be8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63b c f1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55 c 07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e9337 2 346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbf a d7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d 7 d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c8 8 eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2f b eec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e0 5 3e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd4 0 8631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b 3 10886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371 b baf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d7941 3 dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b 7 8ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e 6 61dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da5 2 077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82 c cd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7 d 5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863 4 28c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574 f 72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1 f 595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2 2 74f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7 d 8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb185 4 7b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca 3 a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db3 7 6fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a9792 6 f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b980 1 7fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01ad b 0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62 c bd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad 7 97704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e 7 1e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06 f 9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed978 2 cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb53 9 652f9212c875b7031300 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\windows\system32\VetRedir.dll Trusted Zone: pogo.com\www DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxsrvc.dll Notify: PFW - UmxWnp.Dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\val\applic~1\mozilla\firefox\profiles\v7nm513q.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504] R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584] R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216] R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-11-11 26352] R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-11-11 21104] R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696] R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-11-11 21488] R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-11-11 32240] R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2007-11-11 144960] R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648] R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456] R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296] R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104] R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2007-11-11 238832] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-14 24652] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816] R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704] R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520] S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-11-27 85504] =============== Created Last 30 ================ 2010-04-02 19:31:25 0 ----a-w- c:\documents and settings\val\defogger_reenable 2010-03-31 17:45:19 0 d-----w- c:\docume~1\val\applic~1\Malwarebytes 2010-03-31 17:44:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-31 17:44:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-31 17:44:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-31 17:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-31 03:51:17 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-03-12 21:37:27 0 d-----w- c:\windows\system32\NtmsData 2010-03-11 00:08:19 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe ==================== Find3M ==================== 2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7 2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6 2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5 2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4 2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3 2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2 2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1 2010-04-02 19:34:45 539510 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0 2010-03-31 03:50:35 410984 ----a-w- c:\windows\system32\deploytk.dll 2010-03-06 07:28:45 15688 ----a-w- c:\windows\system32\lsdelete.exe 2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll 2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe 2010-02-15 02:01:27 70984 ----a-w- c:\documents and settings\val\g2mdlhlpx.exe 2010-02-14 05:00:00 30976 ----a-w- c:\windows\rascntrl.dll 2010-02-14 05:00:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll 2010-02-14 05:00:00 16384 ----a-w- c:\windows\system32\msdrve.dll 2010-02-14 05:00:00 10816 ----a-w- c:\windows\vmoptver.dll 2004-08-04 10:00:00 94784 --sh--w- c:\windows\twain.dll 2009-11-14 22:11:59 56 --sh--r- c:\windows\system32\9B0176E0FA.sys 2009-11-14 22:11:59 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll 2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll 2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll 2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll 2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll 2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe 2008-08-05 16:37:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat ============= FINISH: 16:08:42.43 =============== Attach.zip
  14. My OS is XP Home SP3 I am running Computer Associates AV and Firewall (CAISS) English Language As for symptoms that my system may be infected? I really am a noob, my system is about 4 years old, and has been getting slower and slower so I have been downloading things that may fix it...THEN I started getting blue screen stop errors and a friend advised me to try MBAM but I could not update it. I ran the scan anyway, it found 7 infections and cleaned them, I was trying to update to run the scan again but got the same error I did the first time I tried, so I thought I should seek help....I have not run the scan again yet.
  15. Hello, I am trying to update Malwarebytes' Anti-Malware 1.45 and I am receiving the following error message: MBAM_ERROR_UPDATING (122,0, MultiByteToWideChar) The data area passed to a system call is too small I don't know what this means, can someone please help me? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.