Jump to content

Unable to update MBAM


Recommended Posts

Hello, I have followed all the steps detailed in "I'm Infected - What do I do now?

I ran MBAM and my AV full scan....both clean...this is the MBAM log:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/1/2010 6:17:22 PM

mbam-log-2010-04-01 (18-17-22).txt

Scan type: Quick scan

Objects scanned: 102132

Time elapsed: 22 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

I then tried to update MBAM but still got the message:

MBAM_ERROR_UPDATING (122,0, MultiByteToWideChar)

The data area passed to a system call is too small

I disabled CD Emulation drivers with DeFogger......no error message

I ran DDS and GMER and am attaching logs as instructed. I hope I did it all right :)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Val at 16:03:18.78 on Fri 04/02/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

svchost.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k tapisrv

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

C:\Documents\Webshit\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Val\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pogo.com/home/home.do

uDefault_Page_URL = hxxp://www.dell.ca/myway

uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html?p=DC

mDefault_Page_URL = hxxp://ca.yahoo.com

mDefault_Search_URL = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com

mSearch Page = hxxp://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ca.search.yahoo.com

mStart Page = hxxp://ca.yahoo.com

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl

mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe

mRun: [<NO NAME>]

mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe

mRun: [WinPatrol] c:\documents\webshit\winpatrol\winpatrol.exe

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

uPolicies-explorer: LegacyDrive = b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990

854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e9

2

a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d99530

9

a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623d

f

b40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625

0

75ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d2

5

bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df

4

389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16c

f

9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c

8

7d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711

c

609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449d

c

1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206

f

45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48

0

05d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0

f

441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e4

7

a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc34

7

6b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0

0

75b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d37

6

bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5b

e

d04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d

0

526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161d

b

d135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56c

b

53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f

4

c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde9

2

b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9

6

79ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a99

5

8d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc0566

5

f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c1

6

eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b4

7

814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6

d

e0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed26

0

bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc

5

80e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf1451

5

726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79

c

e367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0

b

b32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b0732

7

0e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff822

8

d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7c

a

fb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f9

0

5f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e2

1

c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca

9

2bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396

1

60b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a811

7

4756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0

b

1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619b

f

03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da17

7

069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc

6

f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76

1

91bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc310019

2

e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6

b

1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c

7

ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf

7

c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4

b

552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba

0

14b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf754

1

b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e0711

0

331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b099741

1

dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c

8

8df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e22

5

5dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4

d

585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe63879

0

0c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f13

6

f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6f

d

42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f1

1

bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf

6

64583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8

d

df5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b464

4

1862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910

f

b6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f

0

42596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62

f

b884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494

3

08ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858

a

006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc

6

cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039a

e

fd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64

2

38b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad11

2

f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c

0

2e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1

e

7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe768

8

d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e

8

5d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d382162

5

8bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed6840

9

2ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715

e

fe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304

f

ab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853

d

0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37

e

36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0

b

e3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6

b

8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b5

1

df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f

2

14bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d

8

a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e

0

8be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a

9

259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de160

9

5cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30

c

781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2

3

13dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8f

c

8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd62

8

615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c

9

f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb

7

d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853

6

42b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c

3

d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b8

2

ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f281

3

1f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d222

8

1546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7

0

29c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de

6

e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc

9

78180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab

8

4bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc

1

c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559dd

c

893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64

f

75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06c

f

2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411

d

321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454

e

fc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b95

6

098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c5

5

012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2

e

e70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2

2

85d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b

9

9c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f553

2

1201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb72165

7

d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c29794

1

6f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93

f

7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94

d

a6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6

a

47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee45169

3

000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d

6

2d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518

f

05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b

4

d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a0

0

802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0

c

24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e

0

7972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e

5

e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d9

5

6f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4

f

e6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a573

9

2847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45

c

0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d5

7

c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1

f

f81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d

9

4fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a

5

ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb0

0

f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20df

a

dcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4

d

3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca3

1

678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a18

1

de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47

f

09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9

c

d9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbea

d

a61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e

0

69e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587ef

b

033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13c

e

0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6

d

98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e9762

6

7fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2

e

0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25e

a

be8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63b

c

f1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55

c

07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e9337

2

346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbf

a

d7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d

7

d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c8

8

eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2f

b

eec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e0

5

3e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd4

0

8631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b

3

10886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371

b

baf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d7941

3

dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b

7

8ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e

6

61dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da5

2

077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82

c

cd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7

d

5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863

4

28c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574

f

72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1

f

595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2

2

74f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7

d

8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb185

4

7b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca

3

a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db3

7

6fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a9792

6

f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b980

1

7fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01ad

b

0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62

c

bd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad

7

97704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e

7

1e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06

f

9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed978

2

cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb53

9

652f9212c875b7031300

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: pogo.com\www

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxsrvc.dll

Notify: PFW - UmxWnp.Dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\val\applic~1\mozilla\firefox\profiles\v7nm513q.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-11-11 26352]

R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-11-11 21104]

R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696]

R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-11-11 21488]

R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-11-11 32240]

R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2007-11-11 144960]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]

R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]

R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]

R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2007-11-11 238832]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-14 24652]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]

R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]

R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520]

S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-11-27 85504]

=============== Created Last 30 ================

2010-04-02 19:31:25 0 ----a-w- c:\documents and settings\val\defogger_reenable

2010-03-31 17:45:19 0 d-----w- c:\docume~1\val\applic~1\Malwarebytes

2010-03-31 17:44:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-31 17:44:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-31 17:44:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 17:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-31 03:51:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-03-12 21:37:27 0 d-----w- c:\windows\system32\NtmsData

2010-03-11 00:08:19 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-04-02 19:34:45 539510 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-03-31 03:50:35 410984 ----a-w- c:\windows\system32\deploytk.dll

2010-03-06 07:28:45 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-02-15 02:01:27 70984 ----a-w- c:\documents and settings\val\g2mdlhlpx.exe

2010-02-14 05:00:00 30976 ----a-w- c:\windows\rascntrl.dll

2010-02-14 05:00:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll

2010-02-14 05:00:00 16384 ----a-w- c:\windows\system32\msdrve.dll

2010-02-14 05:00:00 10816 ----a-w- c:\windows\vmoptver.dll

2004-08-04 10:00:00 94784 --sh--w- c:\windows\twain.dll

2009-11-14 22:11:59 56 --sh--r- c:\windows\system32\9B0176E0FA.sys

2009-11-14 22:11:59 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll

2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

2008-08-05 16:37:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 16:08:42.43 ===============

Attach.zip

Link to post
Share on other sites

Hi again, I followed directions and posted my logs over 4 days ago, after 48 hours I contacted a moderator and was asked to be patient as the traffic is high since the release of version 1.45, however, I have been reading some of the other posts and some people that posted after me have already been assisted and their computers cleaned, so I am getting a bit disheartened.

I have read a lot of posts and noticed that the people being helped are asked not to download anything or try to clean things up by themselves after logs are sent in, but I feel it is unreasonable to not update things (downloads) after this amount of time and of course my internet security updates several times a day. Before I read this advice, I did run my ISS anti-spyware and it removed a couple of malware cookies, but now I feel my hands are tied as far as using my computer.

I have noticed that my logs have been downloaded once, but there is no way of knowing by whom. I would really appreciate some help if someone has the time.....Thank you.

Link to post
Share on other sites

  • Root Admin

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hi, first of all, thank you, thank you, thank you for helping me.

Here is my ComboFix log:

ComboFix 10-04-08.06 - Val 04/09/2010 19:49:28.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.520 [GMT -4:00]

Running from: c:\documents and settings\Val\Desktop\ComboFix.exe

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

.

((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))

.

2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll

2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll

2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll

2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll

2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll

2010-03-12 21:37 . 2010-03-12 22:10 -------- d-----w- c:\windows\system32\NtmsData

2010-03-11 00:08 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-04-09 07:27 . 2007-11-11 23:06 539510 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-03-31 03:50 . 2008-12-16 18:26 410984 ----a-w- c:\windows\system32\deploytk.dll

2010-03-31 03:50 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java

2010-03-31 03:29 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java

2010-03-27 20:37 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-11 07:32 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe

2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe

2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild

2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies

2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe

2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe

2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe

2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe

2010-02-15 02:04 . 2010-02-15 02:04 -------- d-----w- c:\program files\Citrix

2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe

2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll

2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll

2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll

2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll

2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe

2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll

2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys

2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 . 2004-08-10 17:51 343040 --sha-w- c:\windows\system32\msvcrt.dll

2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]

"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]

"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]

"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]

"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-31 148888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LegacyDrive"= b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990

854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e9

2

a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d99530

9

a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623d

f

b40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625

0

75ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d2

5

bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df

4

389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16c

f

9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c

8

7d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711

c

609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449d

c

1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206

f

45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48

0

05d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0

f

441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e4

7

a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc34

7

6b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0

0

75b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d37

6

bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5b

e

d04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d

0

526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161d

b

d135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56c

b

53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f

4

c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde9

2

b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9

6

79ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a99

5

8d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc0566

5

f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c1

6

eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b4

7

814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6

d

e0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed26

0

bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc

5

80e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf1451

5

726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79

c

e367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0

b

b32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b0732

7

0e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff822

8

d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7c

a

fb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f9

0

5f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e2

1

c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca

9

2bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396

1

60b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a811

7

4756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0

b

1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619b

f

03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da17

7

069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc

6

f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76

1

91bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc310019

2

e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6

b

1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c

7

ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf

7

c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4

b

552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba

0

14b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf754

1

b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e0711

0

331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b099741

1

dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c

8

8df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e22

5

5dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4

d

585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe63879

0

0c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f13

6

f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6f

d

42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f1

1

bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf

6

64583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8

d

df5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b464

4

1862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910

f

b6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f

0

42596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62

f

b884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494

3

08ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858

a

006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc

6

cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039a

e

fd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64

2

38b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad11

2

f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c

0

2e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1

e

7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe768

8

d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e

8

5d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d382162

5

8bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed6840

9

2ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715

e

fe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304

f

ab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853

d

0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37

e

36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0

b

e3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6

b

8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b5

1

df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f

2

14bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d

8

a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e

0

8be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a

9

259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de160

9

5cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30

c

781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2

3

13dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8f

c

8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd62

8

615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c

9

f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb

7

d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853

6

42b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c

3

d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b8

2

ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f281

3

1f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d222

8

1546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7

0

29c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de

6

e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc

9

78180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab

8

4bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc

1

c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559dd

c

893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64

f

75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06c

f

2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411

d

321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454

e

fc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b95

6

098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c5

5

012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2

e

e70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2

2

85d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b

9

9c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f553

2

1201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb72165

7

d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c29794

1

6f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93

f

7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94

d

a6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6

a

47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee45169

3

000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d

6

2d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518

f

05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b

4

d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a0

0

802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0

c

24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e

0

7972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e

5

e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d9

5

6f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4

f

e6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a573

9

2847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45

c

0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d5

7

c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1

f

f81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d

9

4fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a

5

ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb0

0

f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20df

a

dcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4

d

3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca3

1

678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a18

1

de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47

f

09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9

c

d9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbea

d

a61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e

0

69e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587ef

b

033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13c

e

0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6

d

98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e9762

6

7fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2

e

0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25e

a

be8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63b

c

f1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55

c

07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e9337

2

346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbf

a

d7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d

7

d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c8

8

eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2f

b

eec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e0

5

3e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd4

0

8631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b

3

10886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371

b

baf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d7941

3

dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b

7

8ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e

6

61dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da5

2

077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82

c

cd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7

d

5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863

4

28c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574

f

72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1

f

595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2

2

74f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7

d

8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb185

4

7b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca

3

a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db3

7

6fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a9792

6

f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b980

1

7fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01ad

b

0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62

c

bd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad

7

97704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e

7

1e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06

f

9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed978

2

cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb53

9

652f9212c875b7031300

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents\\Webshit\\setupxv.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

R0 lwctth;lwctth;c:\windows\System32\drivers\sjlimgl.sys [x]

R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]

S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2008-06-24 93712]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160]

S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]

S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]

S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]

S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]

S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-06 1029456]

S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-04 1010192]

S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]

S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]

S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-17 189704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrv REG_MULTI_SZ Tapisrv

.

Contents of the 'Scheduled Tasks' folder

2010-04-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]

2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.pogo.com/home/home.do

mStart Page = hxxp://ca.yahoo.com

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: pogo.com\www

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CamCheck - c:\program files\NuCam\CamCheck\CamCheck.exe

MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-09 20:02

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2020)

c:\windows\system32\UmxWnp.Dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(436)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3996)

c:\windows\system32\WININET.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-04-09 20:10:34

ComboFix-quarantined-files.txt 2010-04-10 00:10

Pre-Run: 52,231,049,216 bytes free

Post-Run: 52,209,897,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 74DB93D7466710C0BE65EC68476E3E1D

ComboFix did not reboot my computer, so I did because there were no icons in my system tray when it finished. After the reboot, I received an alert from WinPatrol, I am attaching a screen print, please advise if this change is ok......Thanks

post-37725-1270860555_thumb.jpg

Link to post
Share on other sites

  • Root Admin

No I don't see why your browser should be loading or changing so go ahead and keep it blocked for now.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 19 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 19 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u19 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

What we need to do now is run this online scan to search for any remnants. It can take several hours, so please be patient and allow it to run it's full course.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Link to post
Share on other sites

Hi,

Java updated, and here is my online scan report:

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Objects scanned: 89033

Threats found: 2

Infected objects found: 3

Suspicious objects found: 0

Scan duration: 03:12:13

File name / Threat / Threats count

D:\AV files\Coolpic.exe Infected: Hoax.Win32.BadJoke.JepRuss 1

D:\Games\POGO\Tri_Peaks_Solitaire_2-setup.exe Infected: Trojan.Win32.Inject.hrj 1

D:\images\Coolpic.exe Infected: Hoax.Win32.BadJoke.JepRuss 1

Selected area has been scanned.

I guess I'm not surprised that coolpic is considered an infection, what surprises me is that there's 2 of them lol, but I'm REALLY surprised by the pogo game!

Link to post
Share on other sites

  • Root Admin

Okay those don't appear to really be anything to worry about.

Please run the following scanners.

Please download Lop S&D

Double-click on Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt), typcially C:\lopR.txt

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Ok, here is the LopR:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.40GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05

USER : Val ( Administrator )

BOOT : Normal boot

Antivirus : CA Anti-Virus 8.4.0.28 (Activated)

Firewall : CA Personal Firewall 9.1.0.38 (Activated)

C:\ (Local Disk) - NTFS - Total:71 Go (Free:48 Go)

D:\ (Local Disk) - NTFS - Total:37 Go (Free:35 Go)

E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( Wed 04/14/2010|14:45 )

--------------------\\ Listing folders in APPLIC~1

[02/07/2009|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {83C91755-2546-441D-AC40-9A6B4B860800}

[08/01/2008|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {F7498CBA-F30B-4739-8CF3-167AF0872B2E}

[09/14/2009|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore

[09/14/2009|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL

[09/14/2009|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP

[07/12/2007|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple

[10/21/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer

[04/16/2008|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BWIBSQHDYG

[02/19/2008|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CA

[02/26/2008|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell

[12/20/2009|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google

[08/16/2005|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek

[10/01/2006|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP

[01/08/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software

[01/08/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software Solutions

[08/16/2005|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield

[12/18/2007|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JDJBSQHDYG

[07/27/2008|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft

[11/08/2007|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LGJBSQHDYG

[03/31/2010|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes

[11/24/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[03/11/2010|03:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help

[02/05/2010|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCPitstop

[09/16/2005|06:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap

[08/16/2005|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime

[12/14/2009|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RAJBSQHDYG

[08/10/2004|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI

[04/13/2010|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy

[03/13/2010|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sun

[01/28/2008|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft

[11/10/2005|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec

[08/20/2009|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP

[09/14/2009|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint

[08/07/2006|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[03/29/2008|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[06/16/2009|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[08/22/2005|07:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL

[08/10/2004|02:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities

[08/16/2005|08:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc

[11/30/2009|08:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia

[08/16/2005|08:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[08/16/2005|08:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[08/16/2005|08:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[08/16/2005|08:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[03/04/2008|04:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[08/10/2004|01:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[09/14/2009|12:18] C:\DOCUME~1\Val\APPLIC~1\<DIR> acccore

[02/06/2008|01:46] C:\DOCUME~1\Val\APPLIC~1\<DIR> Adobe

[07/18/2009|08:53] C:\DOCUME~1\Val\APPLIC~1\<DIR> AdobeUM

[08/22/2005|07:32] C:\DOCUME~1\Val\APPLIC~1\<DIR> AOL

[11/14/2009|09:22] C:\DOCUME~1\Val\APPLIC~1\<DIR> Apple Computer

[09/17/2005|09:14] C:\DOCUME~1\Val\APPLIC~1\<DIR> ArcSoft

[10/12/2009|02:52] C:\DOCUME~1\Val\APPLIC~1\<DIR> Blitware

[11/14/2009|06:11] C:\DOCUME~1\Val\APPLIC~1\<DIR> COREL

[01/31/2010|03:26] C:\DOCUME~1\Val\APPLIC~1\<DIR> Foxit

[11/11/2007|03:01] C:\DOCUME~1\Val\APPLIC~1\<DIR> Google

[04/13/2007|09:29] C:\DOCUME~1\Val\APPLIC~1\<DIR> Gtek

[02/25/2006|09:00] C:\DOCUME~1\Val\APPLIC~1\<DIR> Help

[10/08/2006|02:35] C:\DOCUME~1\Val\APPLIC~1\<DIR> HP

[08/10/2004|02:08] C:\DOCUME~1\Val\APPLIC~1\<DIR> Identities

[03/22/2008|01:50] C:\DOCUME~1\Val\APPLIC~1\<DIR> Image Zone Express

[08/16/2005|08:53] C:\DOCUME~1\Val\APPLIC~1\<DIR> Jasc Software Inc

[02/18/2008|02:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Lavasoft

[08/22/2005|07:10] C:\DOCUME~1\Val\APPLIC~1\<DIR> Leadertech

[12/25/2009|12:07] C:\DOCUME~1\Val\APPLIC~1\<DIR> LimeWire

[08/22/2005|07:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Macromedia

[03/31/2010|01:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Malwarebytes

[11/18/2007|03:09] C:\DOCUME~1\Val\APPLIC~1\<DIR> Microsoft

[09/12/2005|06:08] C:\DOCUME~1\Val\APPLIC~1\<DIR> Microsoft Web Folders

[09/02/2008|06:06] C:\DOCUME~1\Val\APPLIC~1\<DIR> Mozilla

[11/27/2009|03:18] C:\DOCUME~1\Val\APPLIC~1\<DIR> PCPitstop

[05/20/2009|06:15] C:\DOCUME~1\Val\APPLIC~1\<DIR> Pogo Games

[08/29/2005|07:22] C:\DOCUME~1\Val\APPLIC~1\<DIR> Share-to-Web Upload Folder

[08/22/2005|07:13] C:\DOCUME~1\Val\APPLIC~1\<DIR> Sonic

[08/16/2005|08:48] C:\DOCUME~1\Val\APPLIC~1\<DIR> Sun

[08/16/2005|08:59] C:\DOCUME~1\Val\APPLIC~1\<DIR> Symantec

[07/31/2008|03:06] C:\DOCUME~1\Val\APPLIC~1\<DIR> System Tweaker

[01/05/2009|10:03] C:\DOCUME~1\Val\APPLIC~1\<DIR> SystemRequirementsLab

[08/01/2008|01:29] C:\DOCUME~1\Val\APPLIC~1\<DIR> Uniblue

[10/23/2009|08:58] C:\DOCUME~1\Val\APPLIC~1\<DIR> Viewpoint

[11/02/2009|03:40] C:\DOCUME~1\Val\APPLIC~1\<DIR> WinPatrol

[06/16/2009|11:47] C:\DOCUME~1\Val\APPLIC~1\<DIR> Yahoo!

[08/16/2005|08:51] C:\DOCUME~1\Val\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/27/2010 12:26 PM][--a------] C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job

[04/12/2010 02:28 AM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[04/14/2010 01:02 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT

[08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/17/2005|08:56] C:\Program Files\<DIR> ACD Systems

[07/18/2009|08:30] C:\Program Files\<DIR> Adobe

[12/27/2008|10:08] C:\Program Files\<DIR> Ahead

[09/14/2009|12:17] C:\Program Files\<DIR> AIM6

[08/16/2005|08:37] C:\Program Files\<DIR> Analog Devices

[07/12/2007|11:28] C:\Program Files\<DIR> Apple Software Update

[09/17/2005|09:06] C:\Program Files\<DIR> ArcSoft

[12/12/2009|06:05] C:\Program Files\<DIR> AutoPogo1

[11/16/2009|06:26] C:\Program Files\<DIR> Avery Wizard 3.1

[11/02/2009|02:07] C:\Program Files\<DIR> BillP Studios

[11/29/2009|02:51] C:\Program Files\<DIR> Broadcom

[08/16/2005|08:49] C:\Program Files\<DIR> Broadcom Management Programs

[11/11/2007|03:48] C:\Program Files\<DIR> CA

[04/13/2010|01:28] C:\Program Files\<DIR> CCleaner

[02/14/2010|10:04] C:\Program Files\<DIR> Citrix

[04/09/2010|07:56] C:\Program Files\<DIR> Common Files

[08/16/2005|08:49] C:\Program Files\<DIR> Dell

[08/16/2005|08:54] C:\Program Files\<DIR> Dell Inc

[01/28/2008|12:44] C:\Program Files\<DIR> Dell Support Center

[04/13/2007|03:32] C:\Program Files\<DIR> DellSupport

[09/17/2005|09:08] C:\Program Files\<DIR> directx

[01/31/2010|03:25] C:\Program Files\<DIR> Foxit Software

[12/20/2009|12:34] C:\Program Files\<DIR> Google

[05/10/2009|04:25] C:\Program Files\<DIR> Greeting Card Creator 32

[11/02/2006|06:10] C:\Program Files\<DIR> Hewlett-Packard

[11/02/2006|06:11] C:\Program Files\<DIR> HP

[11/29/2007|10:06] C:\Program Files\<DIR> InstallShield Installation Information

[03/31/2010|01:25] C:\Program Files\<DIR> Internet Explorer

[03/29/2008|08:24] C:\Program Files\<DIR> Jasc Software Inc

[04/13/2010|02:57] C:\Program Files\<DIR> Java

[02/07/2009|03:13] C:\Program Files\<DIR> Lavasoft

[08/16/2005|08:51] C:\Program Files\<DIR> Learn2.com

[03/31/2010|01:45] C:\Program Files\<DIR> Malwarebytes' Anti-Malware

[08/12/2008|11:20] C:\Program Files\<DIR> Messenger

[03/29/2008|08:54] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2

[09/12/2005|06:07] C:\Program Files\<DIR> microsoft frontpage

[11/11/2007|07:37] C:\Program Files\<DIR> Microsoft Office

[08/16/2005|08:53] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition

[08/16/2005|08:53] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE

[11/11/2007|07:36] C:\Program Files\<DIR> Microsoft Visual Studio

[10/20/2009|02:25] C:\Program Files\<DIR> Microsoft Works

[11/11/2007|07:35] C:\Program Files\<DIR> Microsoft.NET

[03/11/2010|03:29] C:\Program Files\<DIR> Movie Maker

[04/03/2010|11:45] C:\Program Files\<DIR> Mozilla Firefox

[02/18/2010|01:59] C:\Program Files\<DIR> MSBuild

[10/07/2008|06:23] C:\Program Files\<DIR> MSN

[08/10/2004|02:01] C:\Program Files\<DIR> MSN Gaming Zone

[11/20/2006|08:47] C:\Program Files\<DIR> MSXML 4.0

[08/16/2005|08:55] C:\Program Files\<DIR> MUSICMATCH

[08/05/2008|02:13] C:\Program Files\<DIR> NetMeeting

[09/17/2005|09:07] C:\Program Files\<DIR> NuCam Corp

[11/04/2009|01:28] C:\Program Files\<DIR> Oberon Media

[10/10/2005|08:39] C:\Program Files\<DIR> OfficeUpdate11

[08/10/2004|02:01] C:\Program Files\<DIR> Online Services

[08/13/2009|03:47] C:\Program Files\<DIR> Outlook Express

[11/27/2009|03:18] C:\Program Files\<DIR> PCPitstop

[07/12/2007|11:29] C:\Program Files\<DIR> QuickTime

[02/18/2010|01:59] C:\Program Files\<DIR> Reference Assemblies

[01/08/2008|07:52] C:\Program Files\<DIR> ShortKeys2

[08/16/2005|08:56] C:\Program Files\<DIR> Sonic

[11/14/2009|03:39] C:\Program Files\<DIR> Spybot - Search & Destroy

[11/10/2005|08:20] C:\Program Files\<DIR> Symantec

[01/05/2009|10:03] C:\Program Files\<DIR> SystemRequirementsLab

[11/17/2006|10:07] C:\Program Files\<DIR> tcConference

[11/18/2007|08:51] C:\Program Files\<DIR> TheWeatherNetwork

[08/01/2008|01:29] C:\Program Files\<DIR> Uniblue

[12/18/2006|05:05] C:\Program Files\<DIR> Uninstall Information

[09/14/2009|12:17] C:\Program Files\<DIR> Viewpoint

[08/16/2005|09:04] C:\Program Files\<DIR> WebCyberCoach

[03/29/2008|02:56] C:\Program Files\<DIR> Windows Live

[04/04/2009|02:40] C:\Program Files\<DIR> Windows Live Safety Center

[12/22/2007|01:59] C:\Program Files\<DIR> Windows Media Connect 2

[08/05/2008|02:13] C:\Program Files\<DIR> Windows Media Player

[08/05/2008|02:13] C:\Program Files\<DIR> Windows NT

[01/30/2010|08:56] C:\Program Files\<DIR> WindowsRepairKit

[10/09/2005|03:44] C:\Program Files\<DIR> WON

[08/23/2005|05:16] C:\Program Files\<DIR> WordPerfect Office 12

[05/21/2006|05:10] C:\Program Files\<DIR> World of Warcraft

[08/10/2004|02:04] C:\Program Files\<DIR> xerox

[06/16/2009|12:12] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/20/2005|04:25] C:\Program Files\Common Files\<DIR> Adobe

[12/27/2008|10:08] C:\Program Files\Common Files\<DIR> Ahead

[06/05/2009|12:27] C:\Program Files\Common Files\<DIR> AOL

[11/29/2007|09:47] C:\Program Files\Common Files\<DIR> Avery

[03/05/2007|09:39] C:\Program Files\Common Files\<DIR> Blizzard Entertainment

[08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Borland Shared

[08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Corel

[11/11/2007|07:36] C:\Program Files\Common Files\<DIR> DESIGNER

[04/27/2009|11:52] C:\Program Files\Common Files\<DIR> EasyInfo

[11/08/2007|02:27] C:\Program Files\Common Files\<DIR> eSellerate

[08/29/2005|07:21] C:\Program Files\Common Files\<DIR> Hewlett-Packard

[11/02/2006|06:11] C:\Program Files\Common Files\<DIR> HP

[01/08/2008|07:50] C:\Program Files\Common Files\<DIR> Insight Software Solutions

[09/17/2005|09:05] C:\Program Files\Common Files\<DIR> InstallShield

[04/13/2010|03:00] C:\Program Files\Common Files\<DIR> Java

[10/20/2009|02:32] C:\Program Files\Common Files\<DIR> Microsoft Shared

[08/10/2004|02:02] C:\Program Files\Common Files\<DIR> MSSoap

[12/27/2008|10:09] C:\Program Files\Common Files\<DIR> Nero

[08/16/2005|08:51] C:\Program Files\Common Files\<DIR> Nullsoft

[11/11/2007|07:35] C:\Program Files\Common Files\<DIR> ODBC

[08/30/2008|02:46] C:\Program Files\Common Files\<DIR> Real

[11/11/2007|03:36] C:\Program Files\Common Files\<DIR> Scanner

[08/10/2004|02:02] C:\Program Files\Common Files\<DIR> Services

[10/09/2005|03:44] C:\Program Files\Common Files\<DIR> Sierra On-Line

[08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Sonic Shared

[08/10/2004|01:57] C:\Program Files\Common Files\<DIR> SpeechEngines

[01/28/2008|12:44] C:\Program Files\Common Files\<DIR> supportsoft

[11/10/2005|08:20] C:\Program Files\Common Files\<DIR> Symantec Shared

[08/05/2008|02:13] C:\Program Files\Common Files\<DIR> System

[03/29/2008|01:33] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 51 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-14 15:15:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Val\Desktop\Docs\My Music\Neil Diamond - Cracklin' Rosie.mp3

[F:18][D:3]-> C:\DOCUME~1\Val\LOCALS~1\Temp

[F:1][D:0]-> C:\DOCUME~1\Val\Cookies

[F:6][D:6]-> C:\DOCUME~1\Val\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 04/14/2010|15:27 - Option : [1]

--------------------\\ Scan completed at 15:27:17

Next....I still had DDS from before since I hadn't been told to delete it, but thought it might be important to download fresh, so I renamed the old one and the reports and downloaded again.....however, I was not given a prompt for Optional Scan. I disconnected from the internet and disabled my internet security suite totally since it can be a PITP (pain in the posterior) sometimes.....here is the DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86

Run by Val at 15:40:38.76 on Wed 04/14/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.402 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

svchost.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k tapisrv

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

C:\Documents\Webshit\WinPatrol\winpatrol.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\Val\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Val\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pogo.com/home/home.do

mStart Page = hxxp://ca.yahoo.com

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -s

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl

mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe

mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe

mRun: [WinPatrol] c:\documents\webshit\winpatrol\winpatrol.exe

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-explorer: LegacyDrive = b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990

854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e9

2

a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d99530

9

a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623d

f

b40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625

0

75ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d2

5

bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df

4

389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16c

f

9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c

8

7d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711

c

609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449d

c

1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206

f

45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48

0

05d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0

f

441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e4

7

a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc34

7

6b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0

0

75b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d37

6

bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5b

e

d04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d

0

526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161d

b

d135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56c

b

53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f

4

c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde9

2

b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9

6

79ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a99

5

8d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc0566

5

f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c1

6

eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b4

7

814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6

d

e0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed26

0

bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc

5

80e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf1451

5

726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79

c

e367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0

b

b32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b0732

7

0e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff822

8

d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7c

a

fb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f9

0

5f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e2

1

c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca

9

2bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396

1

60b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a811

7

4756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0

b

1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619b

f

03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da17

7

069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc

6

f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76

1

91bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc310019

2

e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6

b

1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c

7

ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf

7

c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4

b

552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba

0

14b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf754

1

b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e0711

0

331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b099741

1

dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c

8

8df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e22

5

5dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4

d

585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe63879

0

0c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f13

6

f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6f

d

42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f1

1

bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf

6

64583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8

d

df5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b464

4

1862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910

f

b6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f

0

42596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62

f

b884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494

3

08ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858

a

006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc

6

cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039a

e

fd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64

2

38b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad11

2

f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c

0

2e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1

e

7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe768

8

d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e

8

5d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d382162

5

8bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed6840

9

2ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715

e

fe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304

f

ab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853

d

0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37

e

36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0

b

e3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6

b

8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b5

1

df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f

2

14bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d

8

a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e

0

8be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a

9

259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de160

9

5cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30

c

781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2

3

13dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8f

c

8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd62

8

615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c

9

f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb

7

d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853

6

42b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c

3

d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b8

2

ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f281

3

1f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d222

8

1546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7

0

29c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de

6

e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc

9

78180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab

8

4bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc

1

c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559dd

c

893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64

f

75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06c

f

2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411

d

321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454

e

fc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b95

6

098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c5

5

012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2

e

e70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2

2

85d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b

9

9c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f553

2

1201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb72165

7

d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c29794

1

6f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93

f

7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94

d

a6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6

a

47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee45169

3

000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d

6

2d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518

f

05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b

4

d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a0

0

802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0

c

24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e

0

7972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e

5

e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d9

5

6f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4

f

e6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a573

9

2847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45

c

0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d5

7

c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1

f

f81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d

9

4fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a

5

ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb0

0

f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20df

a

dcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4

d

3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca3

1

678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a18

1

de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47

f

09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9

c

d9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbea

d

a61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e

0

69e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587ef

b

033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13c

e

0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6

d

98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e9762

6

7fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2

e

0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25e

a

be8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63b

c

f1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55

c

07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e9337

2

346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbf

a

d7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d

7

d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c8

8

eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2f

b

eec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e0

5

3e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd4

0

8631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b

3

10886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371

b

baf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d7941

3

dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b

7

8ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e

6

61dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da5

2

077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82

c

cd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7

d

5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863

4

28c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574

f

72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1

f

595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2

2

74f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7

d

8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb185

4

7b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca

3

a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db3

7

6fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a9792

6

f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b980

1

7fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01ad

b

0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62

c

bd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad

7

97704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e

7

1e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06

f

9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed978

2

cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb53

9

652f9212c875b7031300

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: pogo.com\www

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxsrvc.dll

Notify: PFW - UmxWnp.Dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\val\applic~1\mozilla\firefox\profiles\v7nm513q.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-11-11 26352]

R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-11-11 21104]

R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696]

R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-11-11 21488]

R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-11-11 32240]

R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2007-11-11 144960]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]

R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]

R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]

R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2007-11-11 238832]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-14 24652]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]

R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]

R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520]

S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-11-27 85504]

=============== Created Last 30 ================

2010-04-14 18:43:22 0 d-----w- C:\Lop SD

2010-04-13 18:58:27 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-04-09 23:47:15 0 d-sha-r- C:\cmdcons

2010-04-09 23:41:26 98816 ----a-w- c:\windows\sed.exe

2010-04-09 23:41:26 77312 ----a-w- c:\windows\MBR.exe

2010-04-09 23:41:26 261632 ----a-w- c:\windows\PEV.exe

2010-04-09 23:41:26 161792 ----a-w- c:\windows\SWREG.exe

2010-04-02 19:31:25 0 ----a-w- c:\documents and settings\val\defogger_reenable

2010-03-31 17:45:19 0 d-----w- c:\docume~1\val\applic~1\Malwarebytes

2010-03-31 17:44:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-31 17:44:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-31 17:44:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 17:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-04-14 07:29:29 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-04-13 18:57:52 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-06 07:28:45 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-02-15 02:01:27 70984 ----a-w- c:\documents and settings\val\g2mdlhlpx.exe

2010-02-14 05:00:00 30976 ----a-w- c:\windows\rascntrl.dll

2010-02-14 05:00:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll

2010-02-14 05:00:00 16384 ----a-w- c:\windows\system32\msdrve.dll

2010-02-14 05:00:00 10816 ----a-w- c:\windows\vmoptver.dll

2004-08-04 10:00:00 94784 --sh--w- c:\windows\twain.dll

2009-11-14 22:11:59 56 --sh--r- c:\windows\system32\9B0176E0FA.sys

2009-11-14 22:11:59 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

2008-08-05 16:37:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 15:43:02.18 ===============

and here is the Attach.txt (instructions in the report said to zip it up and attach, if you want me to copy and paste, let me know)

Attach.zip

Link to post
Share on other sites

  • Root Admin

Please start REGEDIT and browse to the following key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Then on the file menu chose File, Export and select "Win9x/NT4 Registration Files (*.reg)" and export it out to your desktop.

Then close REGEDIT and right click over the file you just exported and choose EDIT and okay any warning. Then copy all and paste it back on your next reply.

Do you DUAL boot this system with another OS?

Link to post
Share on other sites

OK, that was scary, and I had to google REGEDIT to find out how to do it (blushing), but I managed and here it is:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDriveTypeAutoRun"=dword:00000143

"DriveConfiguration"=hex:0c,a3,56,46,10,d6,45,25,ad,8e,b1,66,9b,f3,34,0d,59,d9,\

5d,39,20,e8,4a,62,15,fb,79,df,c2,c7,db,ab,c7,bd,2a,68,cd,31,7d,a4,bc,bb,1a,\

5c,2e,de,8b,be,23,e7,f4,33,f6,18,a3,9d,8f,06,e9,dd,db,40,28,99,79,31,2e,3c,\

b7,48,c1,3e,bc,55,7b,a5,c1,06,37,d8,cc,18,b4,8e,63,6c,a8,1d,b7,af,62,a6,33,\

2d,4b,00,27,8a,c8,09,c9,b4,62,3a,79,15,24,7f,4a,0d,45,45,bd,9f,07,d4,cf,6b,\

df,df,37,dc,d6,59,e9,a2,2f,8b,de,63,4a,64,17,ad,c8,10,e0,30,f0,cb,52,2a,52,\

f8,1b,22,aa,6d,81,d9,07,12,a5,d7,7e,2c,aa,05,21,36,f0,45,6a,7f,e6,2f,8b,c3,\

6a,f8,73,81,0a,c5,44,a4,19,6d,08,63,02,81,9f,66,dd,8a,fc,2a,40,91,91,a6,58,\

e5,08,2f,38,18,34,99,70,4b,47,9f,e2,ab,45,84,d1,3c,b9,fb,3b,d5,a6,44,69,6c,\

c0,99,c4,94,dc,c8,ea,44,a6,21,01,da,e7,92,92,4b,60,15,11,fb,0d,14,3a,48,0f,\

9c,3a,bf,87,d5,eb,dd,d6,31,40,dd,17,e9,e4,cf,ec,aa,1e,ea,7e,8b,f8,23,bf,43,\

a0,fe,f2,99,0e,a5,6e,1b,e7,37,9f,13,a2,62,4d,b7,e9,34,21,a0,42,2e,65,7e,ee,\

9b,0b,09,11,1f,f1,3a,14,93,63,bc,48,10,e1,c1,9d,cc,4a,23,4a,b0,20,5b,ba,5a,\

70,ba,e9,29,30,35,88,59,bb,89,f3,27,68,7d,63,35,61,67,65,2f,b3,f1,8b,af,a1,\

1d,61,5e,3e,87,a2,5c,3b,ea,ac,e3,fd,e6,32,27,f2,01,31,80,26,eb,25,ca,11,06,\

7c,0c,b3,25,4b,59,e3,94,40,f4,e5,59,d7,b7,3a,ba,a4,d1,b6,bc,00,e2,1f,ea,7a,\

ab,64,80,c4,e7,9d,4a,48,e9,27,3b,06,46,92,b9,91,cf,ba,3c,5a,c2,33,17,31,40,\

eb,95,09,02,0a,48,fc,48,1d,9e,8e,13,74,b5,36,94,c8,71,1b,e4,21,cb,1b,f5,f7,\

6c,11,c9,98,7a,58,e2,c9,b2,8b,f9,b0,b7,8f,f3,f2,a9,d4,9f,10,18,fa,d7,66,37,\

7d,ec,8e,d0,c0,3a,9d,f5,9c,07,55,ad,0a,35,9d,9a,38,0d,2f,d9,dd,3c,91,2a,c9,\

1b,46,51,c0,34,45,bb,88,01,aa,65,41,f6,ac,fa,f5,c2,cf,3b,70,d3,5a,a4,52,18,\

0c,4d,62,0a,0b,0e,25,ed,1d,e6,af,53,1a,9e,ba,e3,a1,a9,f5,58,b0,0b,4f,9e,cc,\

9d,0a,53,37,02,31,26,33,f8,d3,ef,02,49,e6,e6,d1,fd,a1,71,3e,ce,26,3a,19,dc,\

64,85,67,a2,3c,c0,ad,29,e2,5c,6b,7b,87,dc,e6,5b,35,2c,2a,33,fa,33,50,4e,48,\

ab,fd,47,9c,31,2b,c2,5e,98,2c,59,08,83,eb,d9,8b,33,76,af,ee,9d,b9,be,9d,39,\

c0,8c,b1,91,35,f1,78,a4,08,96,6f,48,c6,a2,ba,5e,d7,ad,19,fd,0e,10,17,cc,7f,\

60,84,b0,91,35,26,a8,53,30,ac,f4,14,3c,e3,7d,2d,13,2d,71,22,04,2e,2e,ea,f4,\

c8,61,8a,a4,4a,6f,e9,31,e4,14,df,e1,5e,49,8f,1c,0a,6c,f7,b9,f8,9b,c5,7b,c5,\

68,60,6c,dc,85,94,78,09,50,7d,1e,2d,da,3a,18,f2,b6,61,af,45,ae,e6,1a,5a,b5,\

3f,06,f1,1d,c5,76,d7,0a,5e,cd,af,27,59,29,f2,97,99,f3,35,2e,f6,b4,ab,e2,e0,\

2b,ea,7c,45,9c,f2,93,b5,6a,6b,bb,c5,e8,2e,fa,b1,6d,07,7b,45,a6,b9,87,fd,31,\

43,af,b0,6b,67,62,50,d9,79,57,32,2f,be,ea,8e,18,4b,af,3b,61,c5,88,20,a1,73,\

6b,eb,1f,97,66,06,f0,ff,e0,c7,60,d7,21,e8,93,c1,14,36,6c,27,4c,8d,ae,d0,46,\

03,62,b2,ee,64,78,08,64,df,b1,a4,ff,fe,bb,85,92,db,9e,ac,ef,91,58,2c,aa,f2,\

c4,81,20,de,78,c1,22,b7,7d,8f,59,66,ae,7c,53,79,bd,c1,73,8e,56,a7,ec,e4,55,\

ee,8f,d5,36,6e,e1,a0,cc,ff,71,6c,36,97,69,8a,0f,b2,62,fb,e6,f7,7d,32,ee,18,\

af,1a,f6,fa,5c,5b,9b,16,28,d9,bc,1e,09,7e,2e,e4,a1,3a,b1,78,cc,48,23,91,75,\

b2,f4,2f,ad,17,d0,da,7e,fe,ac,c6,fc,fc,81,16,de,1e,06,0c,b0,cc,cd,7f,3d,b9,\

91,d0,ae,73,78,20,f6,38,95,c0,6d,0c,b1,e9,ba,08,4b,ae,f7,f5,dd,2e,10,1a,61,\

0e,6c,51,14,27,d0,60,7a,7b,80,87,a2,6e,a7,56,ab,32,f8,c1,87,84,96,76,ff,96,\

31,6e,f7,4c,72,c3,f4,c5,aa,9a,c1,db,8d,66,3f,fb,9a,35,30,4e,75,6c,75,fc,33,\

1a,f5,21,11,d8,f0,d0,66,f3,90,58,d6,ce,c2,c6,c9,81,43,ab,1b,c6,fe,1f,15,16,\

95,05,9d,0f,3e,91,a9,19,d0,08,f9,49,1d,c7,06,85,83,87,36,ea,be,df,51,6a,00,\

0a,38,ba,44,eb,d5,6b,df,4e,bd,4e,56,58,71,7e,3e,79,c3,a5,b1,a6,eb,5e,2f,6e,\

0c,d2,8e,60,48,2c,9d,20,83,4c,08,b9,69,c0,7c,35,b2,f0,0b,6b,a4,98,d1,19,da,\

7c,d8,33,45,56,39,7a,70,14,84,4f,08,40,62,ca,9b,c0,79,07,a0,bf,90,c0,b8,eb,\

f4,21,33,e1,1a,d7,d6,e5,85,6b,db,95,d7,ea,ce,3a,62,93,34,27,77,01,26,dc,fa,\

d5,d3,98,bb,f0,a8,e8,a7,da,20,25,3f,60,dc,3e,4a,82,f6,b7,c7,8c,93,f2,26,82,\

b7,ae,b8,c1,5d,cd,63,e4,c8,5a,9a,e5,14,ca,8c,84,10,82,9c,ed,50,9a,12,95,7d,\

e1,10,65,f0,21,c7,1a,7f,a4,ea,ec,97,f6,95,63,6d,8b,ed,46,b5,2c,e7,03,bc,9a,\

53,df,07,59,73,a5,87,a8,5f,98,be,0e,4e,ad,23,35,11,f7,c8,fb,e0,63,3a,c7,59,\

a5,a8,19,c6,72,48,66,9f,f0,f7,22,4f,6b,1f,1e,3b,49,de,14,01,40,65,80,fd,c6,\

9e,b2,12,c9,11,22,a7,a1,08,03,ef,43,f1,1b,6e,95,b7,05,d1,b9,cc,27,88,7d,0a,\

0f,2b,c2,e8,a7,09,71,3f,b5,e4,14,ff,bb,44,de,20,1b,11,eb,dc,7f,61,c8,1c,78,\

8f,36,30,65,8d,2b,c2,97,7b,1a,0d,b3,78,74,4a,57,b8,6f,6b,00,d6,06,0c,2b,6c,\

41,a7,ba,e2,b6,07,9a,83,50,ff,a3,d6,4f,5b,bf,2b,90,95,17,4f,74,0f,cf,ca,56,\

aa,77,a7,80,28,4c,7e,3c,79,0a,6a,43,3f,60,b1,d6,8e,a1,a7,0a,f0,bc,cf,64,ad,\

6e,44,a5,49,b6,57,e7,4d,8a,7a,e9,4a,c8,5c,a8,1c,6f,56,2f,6c,0f,06,af,78,7e,\

39,d2,17,cd,0f,4d,f7,7a,59,b4,2a,e7,46,93,e1,0b,3f,ba,77,95,68,0f,d8,b1,3d,\

47,4c,44,fc,e1,37,97,fe,23,d6,cb,76,c6,0f,f8,a4,58,49,ba,4b,df,81,ed,64,bf,\

9a,b4,14,de,f5,c0,dc,05,42,cf,0f,89,96,72,8a,2c,bd,14,9f,3e,d1,38,52,07,0b,\

02,c8,6a,da,f9,fc,c2,32,0b,b4,10,27,d1,b3,58,ba,15,31,48,f3,92,95,88,1b,30,\

fa,30,bd,bc,3e,ed,30,a3,09,47,2e,c5,8d,3b,10,2a,83,30,ee,95,6d,2c,08,5c,1f,\

48,64,76,7d,62,b9,d6,86,11,8c,f7,92,de,99,b9,d7,b1,74,6b,32,89,70,29,24,70,\

c0,68,1b,ae,dc,cf,f4,3e,26,48,bd,7e,ce,58,bf,2a,f3,ab,bc,8b,0b,f4,75,95,ec,\

84,f3,6f,4e,ab,d7,f7,5d,ce,c7,64,a2,9d,bc,9c,f9,d6,91,da,46,22,5d,ae,64,39,\

00,44,5e,4d,fc,ea,e2,a6,86,cd,f2,89,dd,03,dd,5f,db,cf,6e,13,ca,20,63,bc,78,\

5a,20,7c,8e,59,a5,a8,1d,b3,be,29,7a,3e,79,22,4c,d3,dd,d2,e3,51,d9,bc,cc,e4,\

95,7b,06,a2,87,62,20,26,c7,76,a5,92,ca,d6,86,2b,91,12,65,16,7a,9b,3f,6c,09,\

78,4e,90,e7,3a,2e,c1,2b,31,3e,eb,d9,e0,49,c3,a8,af,66,12,09,e0,1c,51,64,c4,\

ca,77,a5,2f,46,0f,f7,29,c5,8d,cf,e6,fb,e2,2d,f8,82,4e,1e,c4,80,76,86,33,85,\

b6,1c,95,a9,b2,b8,b6,3b,20,46,c7,1d,7f,5c,26,59,fe,82,11,c7,6b,58,71,39,9c,\

73,5f,f6,0d,67,e8,6a,ca,25,0d,1b,90,88,0e,df,2f,2a,e9,4c,32,7c,1d,71,c2,16,\

b3,c3,c8,4b,7f,5a,52,01,a4,5e,38,bf,56,bc,ff,08,e4,1d,fd,e8,f5,18,be,cc,11,\

a6,a7,96,64,95,d7,d9,f1,bf,c4,58,e2,e0,c5,6d,a0,f3,e4,49,a6,58,91,ea,06,a7,\

96,43,00,f2,4e,97,d3,4a,12,26,d3,84,f5,0b,bc,3c,b1,65,46,1b,e0,b5,fa,56,70,\

87,43,77,51,55,c8,60,70,a8,f9,8d,e9,80,e8,99,78,f6,5b,04,31,20,1f,33,72,35,\

9f,b8,15,f1,b4,d4,95,ea,3b,bf,3a,64,06,f6,16,92,75,fb,4e,51,42,b3,08,c1,60,\

55,6c,f5,df,c1,ab,ef,10,14,40,cb,eb,79,75,3a,ad,41,2a,32,c5,37,d2,e4,f1,2d,\

be,ef,a5,db,9e,d3,ac,ea,45,a8,11,4b,ac,0f,40,cd,3a,6a,69,ef,42,48,25,f2,cd,\

23,5c,33,9b,4e,66,b8,64,95,29,70,09,63,97,22,41,15,b2,7e,64,3f,bd,0c,f3,2e,\

59,34,be,42,fc,eb,fa,ae,a0,91,93,79,b8,1a,c3,c8,68,6d,e4,60,f5,09,83,67,7b,\

ee,b5,6a,de,bb,ae,a4,02,14,8f,7e,3f,46,80,52,0f,2e,ff,74,0a,56,77,73,15,62,\

15,9c,d6,ab,d7,c0,6a,29,e6,37,95,5b,96,25,25,cc,d0,0a,fc,f7,80,ac,43,da,f9,\

1e,95,2c,62,fc,ec,96,18,43,1f,20,4e,66,aa,e9,f6,9e,ae,1c,e5,81,38,1f,32,d6,\

c6,0e,df,a8,08,67,bb,99,e3,07,86,79,bb,55,57,17,f2,bd,3b,57,ac,60,1f,85,d6,\

09,f0,e9,66,63,00,9c,e4,6a,ac,99,29,95,20,3b,17,66,81,0a,17,69,b8,e6,39,1c,\

93,ba,d3,4f,35,6a,44,b7,0a,fe,86,36,00,03,03,5c,f5,2e,aa,2e,6b,43,41,27,83,\

35,fd,7d,29,8f,50,a5,8c,12,02,19,d1,a0,83,59,08,58,80,30,5f,03,b4,38,95,af,\

01,a0,b2,99,bf,2d,f6,51,53,7f,0f,18,04,96,95,8e,8d,0b,94,9c,89,e9,c5,e9,47,\

fe,dc,e6,c8,56,80,34,75,c6,07,5c,06,38,81,c0,a4,43,f8,d1,4a,ff,f6,83,71,17,\

48,fe,ec,1f,02,97,11,28,c3,fe,19,92,3a,b9,c9,22,e9,d1,52,54,29,cb,77,f3,6f,\

d9,ed,e6,cd,52,07,4d,bc,60,92,cd,18,f8,fe,27,6c,d5,10,bf,10,70,0c,f3,3c,d0,\

79,45,bd,2f,fd,11,8b,6c,8e,c9,64,24,e3,97,d6,78,28,44,99,10,f6,58,23,5f,82,\

83,77,29,15,3b,3e,43,bc,a7,18,9a,40,bc,34,77,58,a5,1e,02,1e,69,d9,04,c0,c8,\

2e,f1,78,65,43,25,be,2b,6f,6e,bb,e9,4d,cb,02,3f,10,73,95,7b,be,16,19,9f,4b,\

bf,6f,eb,c4,7f,e9,8e,e6,32,c3,65,6f,b0,45,2a,7f,a2,46,e9,44,94,ef,b3,d6,4a,\

c1,95,60,58,d9,cb,81,ed,73,32,f2,f0,ae,fc,68,4e,8e,a7,bc,92,47,30,49,b6,b9,\

84,95,38,37,37,34,71,8c,78,ea,22,40,45,10,50,17,db,39,53,db,95,71,14,29,5b,\

25,94,10,b4,37,4f,53,cf,75,24,64,2b,f6,21,2b,dd,0b,a4,9e,d5,73,c0,92,62,ce,\

e2,d0,f8,54,b4,6c,31,c7,41,52,13,a6,5a,22,91,a4,39,3e,54,58,65,20,bb,36,d5,\

f2,20,be,58,58,5d,f3,34,90,8e,0f,0e,be,19,75,0a,81,ec,e7,32,ca,06,95,f9,1c,\

ee,39,c6,c7,fa,2e,e1,c7,46,a9,8e,a2,4d,0e,33,79,bb,24,09,eb,c8,1a,17,36,c5,\

c8,61,9f,f4,36,5d,14,9d,62,a6,11,5e,3e,f4,c0,c3,f9,4c,64,16,7f,74,f7,79,43,\

aa,12,31,3c,95,0e,45,2d,7c,69,48,2a,b6,6b,73,58,62,09,f6,f4,57,09,90,97,95,\

5e,67,5e,b8,9f,f8,f0,72,5a,4d,a2,87,d8,da,2a,a6,a0,57,6d,e9,ed,67,97,a2,60,\

78,6a,57,f3,ea,d6,0b,2e,73,cb,bf,9d,c2,4b,39,81,62,c3,04,c6,e2,9b,b8,35,33,\

0c,7b,eb,51,32,c8,0a,25,62,6f,ae,aa,bd,de,23,50,05,9e,55,9d,b0,20,87,1a,3b,\

ba,95,48,6d,c1,ed,a3,c3,cc,e9,97,71,6b,53,c6,da,85,45,71,93,6c,97,a4,c5,b5,\

5d,ae,d3,48,b0,d4,3d,b3,b2,47,c4,c3,cc,52,d0,56,3a,d8,0e,6b,ca,fe,5d,7b,e0,\

25,eb,0c,be,1b,9b,83,02,92,ab,3a,70,d1,93,d2,f2,a9,30,cb,dd,ab,21,51,76,98,\

71,59,b5,95,19,77,ed,49,b0,fb,c4,db,ef,9a,16,97,e8,6c,ae,e9,e4,e3,41,84,57,\

f7,fe,a9,14,80,66,a6,be,e3,5e,9d,7f,f0,83,86,fc,0b,bd,77,88,8a,17,23,97,5f,\

ce,a1,76,f7,a7,6f,3a,61,86,b7,f6,b3,3d,d1,32,aa,a2,08,98,90,e4,a1,ef,63,1f,\

19,4e,33,2d,af,95,89,cc,bf,22,f0,95,ad,bc,39,b8,8b,8f,ba,83,7d,ff,db,0e,4c,\

81,cc,1f,b9,a1,73,4a,11,4a,a9,5d,01,42,a5,fb,ac,f4,b8,86,fb,72,3b,42,34,ba,\

c6,b8,cf,38,a3,59,84,8d,83,64,a9,8f,6f,0a,bb,91,01,cf,3b,e4,d3,33,bb,9d,38,\

92,38,99,2a,49,aa,bf,95,84,1a,da,85,71,d1,74,b6,25,28,5d,72,cb,e9,46,76,be,\

52,82,9d,fb,bd,14,a7,d6,80,0d,3a,ed,13,15,26,5b,70,47,ed,2e,c0,42,83,1a,33,\

7c,52,6e,30,da,81,48,ae,7e,76,05,e1,e0,9a,fc,1a,21,5c,6c,e8,9b,78,b2,84,bd,\

79,c0,6c,16,7c,ca,4d,af,38,95,42,26,9e,3b,07,ab,d8,76,da,e7,47,fc,11,26,1d,\

07,8f,12,67,3c,f3,1c,e5,30,10,1e,19,2a,9d,3e,9e,2a,2e,15,bb,2b,63,10,38,a6,\

60,17,70,57,7d,6d,a8,43,3e,d8,9f,fa,85,01,66,1a,06,1d,72,14,fc,cd,f0,33,1a,\

43,58,da,c5,a7,45,0c,80,b9,84,32,95,a8,b7,6b,19,61,81,6c,3b,d0,fb,e9,3f,8a,\

b3,4a,c3,4d,c4,4e,58,ee,f9,9e,ce,93,36,a8,b2,22,14,aa,16,fa,cc,0d,90,e0,56,\

f5,85,3c,d2,16,a8,85,26,c9,bd,fa,e9,5f,a3,93,7f,b5,91,37,86,08,a0,2f,71,0b,\

8a,db,73,37,b1,a3,9f,63,63,31,4d,94,5c,95,dd,bf,16,8c,69,05,cc,1b,ef,1d,c4,\

ab,17,5f,0e,dd,8d,18,cf,16,b3,76,91,83,92,a4,dd,5a,17,35,0c,63,7c,c6,5a,b7,\

04,df,3c,c8,eb,1b,f3,a2,9d,89,62,71,26,51,1d,42,ea,9b,c2,0e,96,ac,8c,f4,56,\

52,25,c6,48,83,bc,c7,31,41,58,b3,70,c0,6c,00,95,30,cb,ab,64,e1,64,1d,97,e8,\

ab,73,5a,95,00,97,b8,56,6c,88,8c,2b,3d,65,43,5a,f1,c7,e3,64,56,54,4c,37,ee,\

92,be,a5,98,f8,9c,15,6d,4b,70,79,e9,28,2e,80,4b,dc,bd,0c,3e,7c,b3,e6,b8,32,\

60,b0,23,d6,0f,1c,bb,be,88,5c,37,d6,da,d9,ab,f3,57,95,28,ad,64,df,3a,b6,ca,\

62,d3,cc,2a,a0,3d,5e,41,33,3d,70,18,d0,46,f7,d7,ca,ed,87,de,d7,9d,2b,12,17,\

8c,94,75,52,ed,77,fa,81,67,30,97,91,c7,ab,9b,63,f2,84,42,17,1d,6d,87,8a,40,\

d1,39,1d,c7,b6,51,b9,8b,e8,83,0f,02,54,13,25,b2,b2,ea,0e,95,ec,67,e9,f8,b6,\

a9,7d,6d,09,e4,74,d2,3d,5c,0f,34,c1,14,58,43,0f,ef,b5,9f,df,16,be,53,9b,99,\

4c,9f,14,59,d2,fb,73,25,f1,58,72,23,46,a9,cc,72,87,a2,f1,0d,ce,c0,ff,f3,34,\

89,ee,85,a2,15,0a,2f,e4,cd,a7,4a,ff,73,10,41,c5,62,c0,f3,a6,18,95,d5,59,c9,\

f1,c1,69,5b,35,43,3a,27,55,95,68,68,72,e7,ba,db,1f,0d,02,18,68,75,45,21,13,\

5b,1c,3c,25,40,5a,fe,a8,98,ef,a9,ac,c3,0c,b7,8c,3e,88,b7,73,1b,83,58,1e,ae,\

49,c4,e3,8a,79,2f,f2,ab,66,af,db,f5,bd,4e,50,dd,68,5d,2c,66,b3,0c,b5,95,50,\

ae,38,1e,8c,d2,84,50,f2,e7,ab,ea,36,24,14,87,19,99,a8,3f,dc,ca,e0,70,fa,9d,\

22,be,16,76,4d,58,33,a0,92,7d,23,ef,87,3f,42,a3,76,88,64,90,fb,5a,0b,7c,ce,\

5b,dd,c9,dd,90,56,53,9e,69,bb,9c,a3,fe,4f,27,6e,98,c8,21,88,73,04,46,cd,c2,\

95,f9,03,0a,f4,ea,d8,ca,36,e1,01,6c,39,59,55,79,35,3b,6e,35,2e,0c,0a,74,75,\

64,b1,af,73,a2,98,57,a2,de,c6,69,dc,1f,75,43,d8,ce,bb,b6,f1,6b,6a,5c,2a,7f,\

34,2c,70,d2,13,4b,1e,dd,e7,25,c7,82,61,bd,2f,fb,21,41,9a,11,1b,e2,4a,8e,3f,\

e2,43,95,f4,59,ef,51,6f,36,af,4c,09,08,9c,9b,1d,0b,12,f7,0e,69,a6,71,38,5b,\

ba,b7,27,92,4e,93,07,d5,19,b4,5c,eb,d9,b1,f3,bb,e7,4b,19,b2,0e,f2,0a,65,9d,\

8b,ac,78,bb,71,7e,be,fb,ba,cb,a1,30,bb,23,c5,83,ce,0b,e8,c3,52,f4,0d,fb,f4,\

6a,d9,4a,2d,95,8e,3d,ef,0c,c6,55,a4,36,b3,90,2d,2b,64,12,30,cb,c9,56,47,18,\

6a,18,54,3d,58,72,14,cf,64,45,f8,54,90,da,30,02,c3,c9,08,c8,c1,1a,77,93,59,\

ab,f5,ca,e0,d1,8e,1a,df,42,35,79,09,33,5a,65,70,bd,be,6d,f8,85,87,f3,0b,9c,\

8f,30,8e,a4,02,78,f8,14,35,28,c0,52,7e,7f,5d,d3,30,0d,0e,ed,97,f4,3d,f4,0a,\

47,82,ad,86,1c,69,06,96,e3,75,04,76,f6,65,fc,77,70,b5,06,a5,43,68,af,a8,85,\

05,ee,e8,0b,e0,59,f4,39,9a,99,25,18,eb,1c,7e,a9,9f,09,d7,7a,df,79,3b,76,b2,\

e4,8e,01,c3,d9,73,45,65,95,f3,6c,c6,d4,08,43,3d,be,a3,aa,a3,02,b5,1e,8c,b7,\

87,11,b6,70,f3,47,e2,be,d4,81,e2,f7,bb,59,f4,36,e3,6d,4e,a3,68,bf,fa,f5,b3,\

5c,e4,34,39,3c,32,c4,65,6a,d3,9f,d2,64,5b,e2,be,c5,0e,8b,bc,21,3a,81,a8,31,\

ca,d4,e0,30,19,47,b1,84,04,0c,95,10,a1,43,ce,8b,2b,f9,f4,7e,5a,89,25,8a,a3,\

ac,07,43,95,c0,4d,29,01,63,f0,da,5d,41,bc,85,6a,2a,0f,a2,15,68,de,e1,9b,4f,\

f8,60,f1,15,8f,20,63,e4,f4,ba,7b,2e,a2,4e,24,41,7e,bd,0f,1b,5d,18,56,7f,c7,\

57,60,48,fa,4f,04,fe,32,de,f1,a7,28,95,69,4d,e0,d9,88,9c,2c,88,ff,e4,8b,06,\

f1,0e,4f,31,50,90,2b,bb,98,49,8d,2d,bd,ac,2d,2b,61,21,e6,f9,4b,a8,c5,3e,15,\

c0,60,08,24,87,6a,11,dd,22,84,40,16,5f,55,73,cb,99,dc,7c,13,dc,05,69,52,4a,\

7b,09,af,be,be,ab,c9,ae,75,29,a5,56,05,26,95,eb,13,62,93,53,0d,25,78,5a,18,\

e0,f1,39,dc,ae,76,17,34,0e,60,7e,d5,f1,a9,0c,30,11,f4,6b,99,85,cd,82,a8,92,\

31,ed,e0,c5,51,ab,8e,3e,93,17,f4,4f,da,1a,a7,46,07,9e,36,86,bf,46,0c,dd,6f,\

5c,98,11,8e,0a,aa,bc,22,ce,21,5a,86,28,c3,a1,6a,95,95,6c,10,1b,c1,6b,cb,05,\

f9,29,a6,76,df,0b,80,a4,61,9a,d2,f2,ec,e2,87,6f,dc,17,0f,a0,38,7f,af,7f,9c,\

8b,1b,c3,76,47,46,62,75,f5,79,55,3f,f5,a2,9b,63,e9,ef,80,8e,15,9c,1f,01,0c,\

09,26,42,89,10,d9,12,9b,95,5a,a0,05,5f,27,fc,e4,26,e4,95,ce,92,ed,5b,48,cb,\

91,c1,59,0e,a3,3a,24,46,73,a0,b0,aa,6d,80,e1,e2,a9,66,a7,6b,bd,5b,75,3c,d6,\

ab,f5,aa,07,ec,f9,89,e0,3b,b5,94,43,c9,2c,0e,73,96,e9,aa,6e,7d,ef,a9,7d,71,\

f2,42,09,06,c8,46,b0,33,1a,04,98,56,5f,6a,03,78,0b,6e,24,d3,95,03,ac,31,91,\

55,51,ba,d7,26,37,39,02,eb,51,ea,30,dc,4a,dd,03,a6,69,49,a1,61,b8,23,00,c1,\

65,ef,60,90,68,d7,19,5c,66,fa,96,6d,d6,06,a2,f9,62,09,e2,9b,90,84,a3,02,a1,\

c1,d6,e6,b9,67,59,41,41,4c,79,bb,8a,8a,b4,66,b3,d5,c3,ab,cc,0c,d7,95,84,3b,\

0d,24,ec,5f,ce,9c,94,74,a9,fd,d8,b7,f8,0d,f1,ca,e2,24,6c,59,74,ec,db,fe,f4,\

65,ca,62,72,2c,f5,a5,9f,fc,b7,01,e2,75,c6,aa,a9,1c,1e,f8,fd,a4,3b,c7,5a,6b,\

8b,1e,bd,48,23,10,fe,84,b1,e0,60,26,b2,68,67,74,e5,bc,ea,b6,ff,0a,68,3d,95,\

a0,c5,9f,a4,86,02,5b,56,00,22,8d,50,a6,b1,9c,28,48,8e,00,4f,24,4c,0c,93,5c,\

d9,0b,e8,a7,5d,8f,67,46,65,06,97,39,41,8e,ec,b4,aa,0a,8d,cd,a8,76,5a,77,b3,\

77,2e,b3,19,37,61,05,9f,6f,92,25,6b,c5,a3,f8,22,59,04,be,4d,9b,35,8d,01,5f,\

86,95,fe,bf,33,21,26,99,f0,4b,c8,96,8f,e7,c8,58,3e,3c,e3,fc,b3,f8,9e,42,c1,\

74,7c,ee,29,39,74,6e,b2,c3,a2,bc,7c,86,3d,86,91,2f,c9,8c,bd,2c,8e,4a,9f,6e,\

48,d8,01,6e,20,0e,65,6e,db,eb,e0,01,52,38,2c,cd,22,68,f8,90,a4,c3,82,61,20,\

c4,68,38,95,3d,bf,bb,b1,bc,c6,56,0d,66,ce,6e,7a,43,0e,69,94,0d,a8,f4,2b,e4,\

8b,50,47,43,98,ec,69,33,03,39,14,bf,fd,ba,8c,a7,90,5a,de,58,ca,03,20,1c,1d,\

6c,fa,8f,06,33,65,52,ed,2b,b3,03,4c,f7,d0,6c,14,d8,c7,fa,4c,c3,88,71,fc,b7,\

e8,df,49,4d,e9,95,ce,e1,90,3c,be,9a,10,04,d3,55,32,dd,ca,29,ca,1d,31,be,ec,\

59,d8,f6,fe,2b,83,d3,12,33,e1,95,73,5c,c2,22,7e,61,84,ab,b4,8f,ce,8d,0c,cc,\

81,75,8e,d8,ec,c8,1d,d3,3f,42,95,00,43,dc,16,c8,48,f4,9e,02,5e,a8,de,71,c8,\

82,46,8e,ad,5b,63,88,95,11,79,6a,8a,04,fb,15,3c,19,77,ad,8c,1a,e1,68,ae,fa,\

af,f6,61,0b,3a,57,75,71,68,ef,8a,d7,88,dc,1a,60,7d,87,ba,e1,1f,79,9c,4d,de,\

71,59,70,a8,b3,ed,e1,0d,a2,03,32,a2,91,73,69,a3,d7,0a,b4,dc,21,89,58,c9,0c,\

f0,eb,fc,f4,fc,c3,bf,06,ee,95,ae,fb,9d,8e,e3,58,cb,70,39,a6,35,76,97,7b,25,\

96,ac,1e,da,dd,e0,a4,22,b4,8a,59,2b,63,63,62,97,d3,3a,a0,ce,98,ea,d6,98,2e,\

8a,0f,eb,83,e3,3a,01,b6,27,18,ae,1f,df,58,f1,8f,26,ff,c9,d9,15,0e,4a,91,7e,\

5f,ef,13,dd,d1,32,c7,8b,a4,5a,a4,95,35,26,95,f3,8d,90,46,56,3f,2b,a0,08,27,\

b7,74,66,c1,0c,47,af,e1,02,a8,08,a4,8f,c0,c3,a6,2f,2b,e0,75,89,06,d4,46,4f,\

4a,8a,e7,66,58,a8,f5,47,d4,13,4f,a5,b7,b5,ca,4f,a0,7e,27,59,6b,a8,42,76,05,\

40,8b,a9,7f,e2,ba,1d,61,c3,bf,50,40,f5,95,f8,77,93,e7,a7,1e,c2,2b,a3,10,80,\

7d,4d,76,5b,00,c6,43,91,ca,60,cf,26,a3,52,c1,33,0a,af,33,81,79,99,11,56,eb,\

b1,c2,8f,9a,d3,0b,ef,0d,00,30,b7,52,9c,5c,77,88,da,42,23,a1,74,05,69,66,9f,\

55,42,bc,3e,db,c8,25,56,d8,47,8a,c2,09,96,37,95,28,cd,a8,27,2b,89,5e,82,e2,\

4c,9f,64,89,af,ab,e0,77,00,ac,45,50,9f,8e,9f,7c,a7,11,81,d8,d1,1d,02,ab,96,\

55,06,db,94,ee,bf,61,33,c2,72,fa,88,a0,7f,1f,7a,e7,9c,38,23,53,61,0d,78,16,\

09,7d,2d,2b,77,72,d3,e7,77,14,43,d1,47,3d,40,b3,55,95,2d,58,f1,4b,80,0b,1a,\

49,5c,30,bd,71,ef,93,7e,a9,19,e3,68,9c,65,cc,85,02,3e,60,ac,22,60,bb,9b,95,\

8c,e7,45,4c,80,fd,6d,d4,26,8d,74,d9,0c,40,70,ea,14,bc,7d,7b,6c,c8,58,30,c1,\

b1,2a,59,b0,ec,a1,b8,7e,fc,45,8b,08,96,0a,c6,fd,04,21,a1,95,4a,c7,14,52,d6,\

80,12,1c,70,11,87,88,05,ff,f0,f2,17,1a,ee,48,6a,61,99,0f,01,20,16,a7,48,5b,\

6c,cf,93,6f,93,6b,c7,f7,ce,85,57,ed,3b,93,73,11,a9,f8,7b,8f,a9,cd,ba,dc,e8,\

e0,51,e1,bc,fd,71,5b,fc,6d,ce,82,15,bd,50,e8,5a,c0,0b,a5,9c,d7,95,71,b1,fb,\

70,c6,91,fb,cd,d5,36,da,07,e2,22,22,52,df,cc,7a,82,e2,46,c1,ce,d7,1d,5e,d5,\

72,80,d1,de,68,a5,8e,64,df,69,0c,d2,23,37,19,8b,9a,2a,70,2d,fa,76,8d,17,b9,\

04,c0,29,c5,5c,81,ca,76,c8,03,30,c1,b6,0b,db,ae,5f,03,63,0c,a6,4a,74,95,63,\

43,cf,17,2a,20,de,33,3a,03,39,53,83,6e,6b,a9,fe,c3,59,53,e2,ac,1a,de,1b,ba,\

09,09,f8,4c,18,cb,24,b3,67,97,d7,94,15,de,4d,8d,55,d5,78,1b,c5,7a,f1,bb,fc,\

d1,35,4f,62,74,0e,c4,45,4a,4f,f2,29,97,c4,c3,5f,35,69,98,d9,20,da,e8,3c,38,\

95,0b,2a,37,43,39,f6,13,32,21,67,8c,a5,6f,c3,e0,b1,79,5e,25,e0,2d,bb,df,79,\

48,f5,d2,02,c9,5d,15,04,a6,65,68,0e,bd,bd,c7,fc,0d,bb,3f,79,26,00,01,c3,de,\

59,b5,ae,46,e3,11,ec,dd,73,a9,8b,03,34,09,bf,b0,92,01,e2,65,57,40,b9,63,14,\

24,f9,95,1b,c3,d1,0a,e7,aa,81,0a,f7,82,1a,15,8e,d9,06,c4,6e,b5,3f,f3,90,7a,\

a9,c8,19,0e,a5,f0,8a,3a,e3,2c,37,54,77,0d,fa,1b,30,fb,28,e2,25,7c,c4,f1,90,\

b3,f3,28,e0,27,b0,e5,09,c6,c1,28,1f,2a,ea,f5,23,1b,60,fa,1c,54,80,72,6a,8a,\

c1,49,58,aa,95,e8,81,f0,62,7b,d4,13,e4,77,9b,c9,e7,45,ee,d5,ee,eb,0d,8c,cc,\

7f,fe,e8,68,e2,78,d9,be,aa,00,db,26,60,52,cd,d9,ec,02,01,b1,4d,63,90,30,8e,\

a8,f0,c4,f5,49,c8,49,7d,a8,02,d0,86,f5,22,9f,cc,4f,d7,78,96,2c,d0,1f,2f,fa,\

d1,16,9a,06,06,ab,95,82,9e,97,34,70,72,7c,9a,40,40,93,14,d6,b1,f0,35,0d,7d,\

74,29,f0,d6,a1,3b,2d,04,ac,9b,c6,4d,d4,5f,0a,17,f3,c7,c4,50,53,c5,b2,0e,c2,\

bd,39,73,e9,89,56,d4,d9,c0,d8,1a,e7,38,cd,68,ba,c9,3a,fd,a2,54,0f,5d,2b,04,\

59,ab,f3,d4,ba,5a,b8,52,95,16,04,b5,a2,90,9a,2f,c5,b5,be,4b,1b,f6,6d,22,27,\

5c,e1,17,93,77,b6,68,74,97,4b,04,ce,3f,6b,9d,5b,d7,2d,fd,88,a1,18,9d,c1,ee,\

8b,74,ee,92,5c,0d,3e,95,c0,dc,23,2b,6b,d2,9d,e7,f8,2f,bc,2b,8a,98,60,e3,b4,\

69,44,73,96,4c,3b,ed,49,0a,b9,95,88,7d,a2,94,4e,61,98,0c,14,c3,90,09,af,79,\

1b,a5,65,ff,d1,ea,a2,61,a0,dd,ec,5c,63,bb,19,c0,b7,82,c0,18,0a,b3,ed,8d,f4,\

57,19,08,cb,40,59,97,72,91,d5,12,71,80,7c,fe,4b,5b,f6,b1,0b,c9,da,b7,21,53,\

22,75,6c,23,db,0c,98,0b,21,80,aa,c8,95,4b,1a,d9,89,63,0b,a0,ab,d9,51,11,c7,\

78,df,6c,ee,98,f8,f0,33,96,dc,f1,6a,81,a6,2b,30,16,75,56,2b,ef,ca,fa,93,f7,\

31,85,f2,21,24,9b,28,5a,2c,ad,b1,bb,49,cd,2b,04,94,c1,12,46,23,56,cf,df,2d,\

f6,f1,ab,6e,7d,ba,79,cd,49,dd,bc,3d,90,86,95,83,e1,f7,9b,ac,73,60,41,54,e6,\

03,a3,91,4a,c0,ee,64,f1,b3,a0,e9,d0,0a,03,d1,27,13,f4,12,64,99,e9,dd,45,71,\

33,d1,3e,50,7f,6e,1a,df,a3,cc,e4,12,98,8d,08,b5,c2,10,b6,47,78,e7,87,0c,c0,\

8c,63,5e,5a,4f,a2,44,01,93,71,46,ed,3a,78,7f,9c,95,5e,b9,f3,d2,42,bc,23,de,\

88,e9,df,20,a4,35,5c,c8,90,01,86,e0,c1,3e,97,8d,5a,d6,e9,92,a1,47,08,15,af,\

91,0c,a6,6b,53,26,7d,b9,31,78,03,ee,78,2a,94,87,05,ba,84,1b,63,93,60,8f,33,\

e2,76,89,d1,a5,97,27,34,04,1b,f0,16,e5,26,0b,55,bb,2a,95,ae,9a,9e,ad,da,38,\

a1,4d,46,57,60,01,98,51,d8,a1,db,5c,7c,a9,2e,6a,84,39,b9,4d,89,61,e6,1f,4f,\

9c,cd,e1,e1,9a,ef,62,e4,43,28,62,25,f8,df,f8,74,1c,80,31,b5,d3,2c,fa,34,09,\

ae,40,39,b6,b2,55,dc,61,31,96,1b,e3,30,4b,2a,6e,aa,ce,0a,ce,95,cb,ef,5d,ee,\

5e,98,79,9d,89,ad,bb,92,b8,36,1e,ae,d7,c0,0c,82,c4,00,73,11,04,ba,1c,d7,b4,\

e1,39,0a,c3,00,3c,1f,5f,d8,f0,90,ad,4b,c2,dd,bd,79,5f,d0,bd,28,85,06,6d,69,\

12,ab,d2,78,62,85,2f,e5,d7,34,31,f1,b9,b8,6a,3b,41,33,00,9c,f0,f0,95,a7,4f,\

25,a5,cc,55,ef,f5,13,17,20,39,04,4e,a3,80,01,20,0f,d4,7c,8b,7b,bf,66,07,94,\

0e,eb,67,ee,d5,5c,01,98,b4,6d,0e,f3,58,a0,53,c4,44,01,01,87,d1,14,db,06,73,\

0c,96,2b,3f,3d,85,13,aa,d4,76,63,94,c6,d6,df,85,06,1c,39,36,fb,65,26,53,95,\

31,5c,b7,7f,4f,5d,e7,98,49,da,70,3d,d6,fd,e4,8e,25,8f,f8,33,cb,18,23,a0,00,\

48,68,97,0c,95,6f,ee,fc,26,db,92,99,f0,d8,cc,9b,1f,f3,c3,19,b7,2f,42,44,7b,\

55,bc,55,0d,8b,8e,c4,58,28,83,bb,2b,c7,9d,ca,26,9a,13,dc,da,01,96,6a,2c,5c,\

d8,95,ee,fa,1d,4f,9b,02,21,36,4b,ff,40,d6,b9,14,23,03,f0,6e,55,e9,03,25,9d,\

09,ff,64,8c,7e,1e,ca,52,85,3d,10,d5,3c,90,eb,05,aa,95,34,69,00,46,46,fe,1e,\

93,a7,42,59,0f,eb,8c,7c,ea,d6,9e,0c,1f,c1,7d,d1,ee,3f,80,91,8d,00,a8,1f,1b,\

f5,2f,94,95,d5,b4,64,dd,8c,1f,b5,76,56,40,0e,74,84,78,62,c9,d5,d9,86,c4,e9,\

d0,46,d7,f9,07,b3,9d,c4,89,ba,1b,cd,27,fb,46,c3,1b,d7,c6,41,ec,cb,fa,b7,91,\

fd,3c,a8,d9,15,66,17,0b,4e,95,3b,c9,cd,2d,7a,3a,31,1d,95,67,6b,64,21,e6,d0,\

d3,36,b6,6c,15,95,6b,6b,9a,ee,01,8b,d1,c0,5e,37,c1,53,bd,0e,9f,d5,25,4e,bd,\

20,97,3c,5d,3c,8c,c7,c7,25,9e,68,99,ce,86,4c,5f,65,46,b5,63,d9,a7,9d,c6,9a,\

e6,9d,d0,9f,ab,0e,85,ae,3a,6e,79,d8,ed,05,e5,42,e2,c8,f9,2c,f1,7d,74,2b,e1,\

20,73,b9,db,86,86,f0,95,1e,40,09,93,f5,c2,b2,4e,e6,c4,66,3f,2d,e9,51,b4,68,\

9f,35,37,94,46,02,c8,38,94,a8,69,e0,38,29,e0,cd,bd,f2,b8,eb,b2,6b,89,03,08,\

cd,79,32,bb,33,03,9a,b4,f4,f7,57,ee,31,c2,b5,d9,aa,f0,a0,fc,d6,ef,5b,dd,32,\

16,75,25,d9,e5,fa,00,55,8f,95,e6,c3,b5,b5,df,d1,df,75,23,bf,28,a3,bf,b6,22,\

56,01,19,b5,a7,31,68,72,b5,7c,65,23,ec,31,75,a7,88,30,48,fd,54,9e,bc,9e,b8,\

de,ff,10,f2,bd,f4,b8,a4,ed,d9,ef,8f,b5,26,59,9e,e6,b8,72,26,11,2e,6a,6c,f7,\

94,33,68,41,3e,d8,c8,72,f7,10,38,f7,19,5b,13,e1,4b,82,ac,2f,50,df,90,d8,9d,\

67,ee,1a,02,f5,47,43,25,ed,80,77,2f,1f,36,ae,c5,ef,51,fc,3a,b3,dc,15,03,5d,\

13,10,6b,5a,be,6b,87,b9,be,50,6d,90,e6,16,a1,9c,0c,0b,d0,27,5f,71,c1,2f,fa,\

c6,88,c4,ba,48,fd,b2,4d,b9,6c,60,8c,60,aa,8e,f8,0b,50,b8,c8,ee,ec,53,e8,fe,\

ab,8c,1e,fb,19,4c,fe,34,1f,6b,56,56,83,20,c9,82,b2,bd,b9,a2,be,99,6a,fc,a3,\

4d,65,07,ce,23,1b,7e,e0,cb,cb,b4,af,50,a6,27,8d,4b,30,57,cd,56,e9,d9,84,c4,\

2d,a7,8d,8f,59,ba,d0,92,2f,db,c3,f9,7c,b6,30,fa,f5,f7,30,39,b4,6d,fa,9a,90,\

1b,66,2f,87,5b,7a,b6,eb,84,43,d5,5a,0b,6c,5f,f1,ee,0f,d3,bd,52,cb,26,72,6a,\

17,c2,60,9c,d6,ce,a2,df,2b,b0,99,68,8e,d0,98,85,20,9f,e1,c9,3b,d8,d1,69,4e,\

06,57,e6,e8,47,aa,ec,12,4f,3c,7a,e2,b0,e9,44,4d,58,b9,75,56,3d,5b,35,f9,e3,\

f2,0c,da,4f,c4,99,69,3e,65,af,80,33,1d,06,45,c9,ea,30,51,47,c8,ce,12,75,2f,\

03,6d,ae,de,29,a8,37,d7,c3,88,cf,ab,b3,b6,87,f7,ad,67,d4,2f,ec,3c,e3,9a,24,\

67,2c,9e,b7,10,4a,3e,2b,f7,0a,e1,dc,5a,c2,55,ee,19,e4,13,a5,86,18,d2,c5,3a,\

e5,f4,05,c5,9b,08,68,00,06,ba,bb,0e,07,75,8c,d6,3a,78,ec,b6,d7,2c,74,75,d6,\

b5,86,7a,57,c7,d5,3c,40,bb,28,fa,28,e2,5a,ac,74,19,a6,39,bf,9d,21,ea,7f,21,\

88,1f,e6,1e,3c,41,07,6b,8b,f7,3a,0d,31,9d,c1,50,1f,f1,ac,16,7b,f9,10,f9,70,\

e7,a2,00,6b,06,51,0e,2c,3c,7f,51,40,b6,38,f4,2d,ab,65,8a,4d,e1,43,b0,dc,72,\

14,ee,4f,d0,14,df,e7,07,af,92,87,42,f1,2f,c2,91,3e,de,39,e9,43,e4,24,6c,2c,\

0f,2e,eb,18,55,86,aa,ca,b8,33,63,a1,6c,a7,8d,ca,3c,98,dd,b4,2a,0b,0e,f1,c4,\

56,b2,de,4b,21,77,59,b5,91,59,59,02,f7,77,4e,7a,d0,6a,3b,9d,ea,d8,01,5a,c7,\

46,e0,81,46,2e,3b,79,80,52,9b,36,f1,4f,f7,66,d8,75,33,eb,e0,d6,e6,8e,ff,9d,\

60,f2,9f,a2,ec,c6,fc,3b,52,3f,cd,54,a0,c6,26,c2,2a,ed,9d,d4,d0,a8,ab,2b,7f,\

e5,ba,56,cc,fa,6d,0d,74,db,86,d4,2b,d4,78,a0,1c,3b,d8,05,a4,c6,11,0e,a9,93,\

59,6c,2d,6b,e4,d4,23,47,57,a2,81,13,7f,c2,96,b3,43,d0,9e,44,d7,7e,94,a4,33,\

37,47,34,c4,01,b0,dc,61,a8,83,50,80,19,04,92,aa,0c,1c,b8,2c,e6,ac,f0,10,dd,\

21,c1,cd,4b,5d,48,94,38,aa,64,72,45,c7,7f,0f,ec,97,fd,08,e6,43,77,69,9b,db,\

c6,72,dc,40,5d,9b,d4,41,dc,d5,3c,04,e3,13,cf,a8,24,09,fe,28,bd,33,e4,83,c4,\

1a,7c,1a,23,d3,12,59,a6,c8,f7,99,52,ba,79,45,f9,07,12,3c,0b,29,e0,77,af,80,\

55,ec,12,51,e4,30,b2,ff,0e,ac,65,b1,d8,f7,cc,e5,42,e5,b9,32,58,e6,31,9d,df,\

35,cd,68,df,53,60,2c,5f,b4,da,27,70,b8,6d,d7,6d,dc,ee,c8,80,32,7d,aa,68,0e,\

68,a6,7a,03,4d,f2,e6,0e,7f,a4,3c,10,ab,c4,2f,82,bc,a4,98,64,fb,74,bd,76,7b,\

11,d4,ab,b4,1e,c3,9a,db,6e,56,2a,b8,e0,20,a3,03,1a,64,48,ff,a0,9e,76,27,58,\

31,d1,1c,a6,fd,89,e1,d5,33,db,4a,b9,68,da,b2,92,e9,6f,ed,34,4f,9f,7d,65,53,\

0c,00

"NoStartMenuMFUprogramsList"=dword:00000001

"LegacyDrive"=hex:b6,a2,ba,0a,c6,3d,c5,94,61,fe,0f,50,a2,21,35,74,b1,bf,3a,0a,\

44,44,29,fe,66,24,fb,76,77,ca,ba,61,75,d1,e7,53,79,77,19,90,85,4f,e8,66,7c,\

35,09,c1,72,87,ba,f9,26,92,61,ee,cd,4b,70,57,12,40,8b,57,5a,ce,ed,51,4c,93,\

08,fe,91,26,6b,bd,f0,d8,06,e9,2a,1e,d1,f8,f1,2c,b7,57,e4,61,2d,f4,4c,b1,e6,\

0c,7d,ee,ff,94,ae,46,79,d8,07,0d,ed,62,fa,bd,7b,1d,d7,3c,04,ba,9b,5d,99,53,\

09,a8,33,4e,fd,5e,a4,85,fc,b8,cd,a3,0f,70,12,d1,d2,82,0b,93,c8,34,7c,ec,f1,\

54,88,c9,9f,c1,21,9c,85,d7,2c,c3,48,11,20,62,3d,fb,40,a0,e4,1e,d0,44,3d,88,\

78,e8,c6,cd,44,f1,a0,a0,ee,c5,ed,a4,60,37,7c,7f,75,46,a8,30,00,08,7d,a3,0f,\

e1,1d,83,71,f8,62,50,75,ec,c5,b1,f5,c2,7f,0b,93,23,ed,52,43,c4,39,20,09,25,\

37,04,04,7e,8d,1c,ac,f6,17,e6,af,58,17,8a,53,03,7f,57,1d,4f,d8,d2,5b,ca,0a,\

93,52,71,ae,1c,8f,72,c6,bd,32,36,ac,b5,8d,9f,49,9a,ee,8f,87,fb,b8,a9,09,43,\

b9,5b,19,e0,b7,1c,e2,a5,4c,f2,df,6d,f4,38,93,02,65,9e,7b,3d,1f,71,41,6e,43,\

1d,32,fd,a8,f0,f2,52,2c,20,6e,f3,48,98,10,13,ec,e7,cf,3d,74,79,e1,f3,cd,43,\

43,d1,6c,f9,a9,45,5a,8e,0a,fe,da,4b,5e,a2,4c,1f,a6,c0,51,36,2e,05,30,cc,0f,\

b2,79,44,f7,4d,e7,74,2d,97,8b,43,cf,bf,27,77,5e,d5,d8,c8,7d,81,f9,39,f6,f5,\

43,a8,fe,20,39,a3,ba,25,c3,7d,02,0b,19,a1,bf,64,b6,e2,27,6c,16,9d,a5,22,9e,\

41,48,d5,f8,20,23,17,f7,11,c6,09,cd,ce,13,d9,7e,9b,4d,88,94,29,72,f1,14,b9,\

cb,07,b2,84,c1,5e,41,5b,f2,ec,6d,8b,84,11,ac,03,b9,d6,72,b9,c4,72,a4,49,dc,\

13,50,df,8e,db,9b,58,57,28,fb,a4,72,18,a6,6f,ef,c0,4c,49,00,05,ed,fe,61,a9,\

ed,78,c0,5f,90,81,15,51,2a,a7,05,9e,2a,32,06,f4,57,59,c5,61,5a,b5,c4,66,7d,\

f5,48,4e,b2,d4,72,bd,d7,48,ac,8c,38,fc,46,d4,56,01,61,49,e6,c0,0d,ca,1d,34,\

ae,35,2b,56,a4,80,05,d8,2b,06,68,15,7f,1e,1b,48,44,f2,97,74,fd,26,8f,1d,c6,\

bd,38,18,2f,b3,00,01,f4,28,97,94,71,55,65,6e,59,70,d5,18,ab,d0,f4,41,e2,52,\

3a,4b,6c,fb,a7,0a,5e,df,12,c8,66,41,be,8c,01,fb,2f,9b,ee,20,3c,40,e2,e1,64,\

c9,7d,ad,66,d2,7d,9c,0b,c6,32,0e,47,a2,31,8f,80,fc,4d,fe,2e,97,44,c3,ef,a4,\

4b,b5,4d,2d,01,da,44,5b,83,73,5e,9c,55,81,ec,0e,eb,35,a7,95,6f,a8,97,2a,be,\

cc,34,76,b3,a2,cb,9f,a9,ae,24,62,3b,a8,62,62,4e,75,2a,bf,52,55,08,eb,c4,5e,\

0e,b9,f8,29,be,b7,15,cb,29,be,61,07,59,c7,bf,c1,ed,00,75,b6,03,1f,fb,33,6b,\

5b,f7,51,63,b8,49,59,95,8a,dc,c5,1d,cb,d0,0a,32,27,2f,d5,58,5f,c5,94,d7,ef,\

32,38,6b,ee,3d,39,3d,37,6b,db,12,c6,d0,b0,c3,64,26,5f,ed,87,1c,a3,e9,74,f0,\

97,ff,a6,40,30,d6,73,1e,0b,2f,ed,62,69,d3,07,44,77,ca,f8,2a,d3,ce,e5,be,d0,\

4d,ff,ba,44,ea,d8,58,2a,2f,62,f6,e1,9c,a8,c1,ec,76,6a,c6,37,c9,16,12,a9,ae,\

f3,18,fc,ca,a0,52,cd,17,bd,2b,ef,e7,e8,1d,05,26,eb,17,50,df,33,21,c5,01,84,\

42,63,64,ec,a2,c3,07,f6,ec,f1,9b,1f,f6,7a,46,8e,a4,c6,a1,ff,09,a8,02,01,d0,\

34,ea,01,61,db,d1,35,e6,29,8e,3f,3e,fd,ba,0a,39,3d,ae,50,35,18,ee,61,d9,eb,\

71,20,07,66,3c,4e,0b,ea,35,0b,19,36,37,99,f6,43,62,64,f5,6c,b5,3f,25,d2,de,\

f1,c9,ff,50,f0,08,ca,97,6c,e6,7a,e8,8f,73,2e,fd,04,42,7b,1f,b6,1d,58,84,da,\

f7,37,dc,fb,2f,22,75,27,84,c2,f4,c9,7b,82,06,e0,8e,86,8e,d5,4f,a0,61,31,f4,\

c6,f3,b3,12,c4,2f,9f,a9,2e,a6,58,61,99,ec,31,13,0a,3f,81,8b,af,6a,f5,8d,cd,\

e9,2b,15,fa,4e,7c,e3,8c,e3,18,37,51,91,59,da,80,01,51,5d,f0,00,a5,a5,88,28,\

9f,a7,f7,bd,7e,c4,71,a5,d5,11,6a,e9,bc,84,da,7c,96,79,ad,2e,46,5a,73,d7,8f,\

ee,ac,91,79,2b,43,24,f7,4c,58,c2,c6,22,42,f5,98,af,d5,d5,72,f1,e0,7e,53,fc,\

fa,c1,16,4b,7f,1a,99,58,d5,e2,1f,6a,f4,c6,f3,af,25,78,4e,8a,09,a4,7b,2e,de,\

26,39,6c,fe,7a,61,c9,ec,a8,74,c9,d4,03,31,67,b7,60,4d,ba,0b,c0,56,65,f1,96,\

81,1d,5e,ce,9c,c6,b6,0d,44,d9,9d,3b,58,09,09,3f,ad,26,9c,09,04,41,32,d6,39,\

11,b5,af,bc,95,39,33,45,fb,45,97,c4,c1,6e,eb,97,1a,2b,9f,00,93,e4,45,d6,f6,\

4c,98,7b,6f,f1,be,0d,ed,11,f7,ca,e1,cb,b0,85,2d,b0,e7,6e,04,b4,7f,ff,88,c4,\

be,32,5b,47,81,44,56,01,8b,b9,7e,38,1d,a0,33,16,c7,18,ab,4f,7d,13,9f,03,ed,\

5a,44,e6,10,d1,7d,9e,00,fd,4f,6c,09,c3,95,0f,02,73,f5,e6,de,04,12,54,7e,a1,\

03,68,c9,65,04,be,ff,64,6c,a0,4a,e9,ea,df,71,97,07,c5,4c,a3,4b,fb,e8,59,ce,\

c8,bf,5b,73,12,6f,df,6e,d2,60,bc,04,c5,a7,c4,92,64,2a,55,d1,17,05,2b,58,a6,\

2d,78,63,f0,53,37,d2,df,0c,bd,75,9b,2e,91,86,fe,7d,7d,77,48,87,e5,ee,15,cc,\

58,0e,8c,22,65,f9,d8,58,b0,93,dc,1a,44,a3,88,22,14,2b,90,15,5a,3c,f2,71,08,\

35,46,f7,25,0a,80,65,ce,7c,2a,a5,90,ec,f1,45,15,72,63,27,03,2a,f7,7a,21,ce,\

4e,e8,bb,8a,b8,11,48,0b,fa,39,4b,d9,4f,3d,77,e8,ac,cc,16,69,48,d3,ac,e6,5c,\

39,d7,8e,27,cd,79,ce,36,7d,19,21,e2,c8,87,28,a2,1a,75,bf,fd,63,86,10,c4,1c,\

68,7e,84,07,6c,64,35,05,7a,5d,1b,21,04,65,52,d0,3a,3c,a9,77,7d,0b,b3,2e,15,\

4a,1c,c4,26,e1,3a,03,e0,8e,e4,35,f7,86,87,e6,53,5f,76,ec,08,2d,82,a5,88,ec,\

cb,80,17,1e,d5,bf,80,b4,df,7b,07,32,70,e8,9e,0f,32,95,da,5c,5a,03,88,2a,a3,\

4a,90,c0,19,87,3c,d0,f0,2e,04,80,06,b6,54,1e,c5,ed,8e,0f,4b,8e,53,09,c8,15,\

ff,82,28,d2,72,69,f3,3d,16,13,71,89,1d,78,11,7c,0b,9f,0b,7d,75,57,45,ef,08,\

28,73,bd,cc,89,83,36,aa,53,38,1c,2c,76,15,f7,85,eb,7c,af,b9,d1,e9,17,5a,9e,\

5c,77,53,aa,93,fb,8c,ee,39,f4,25,dc,86,06,3d,e6,b6,d1,08,3f,bb,d1,21,e5,2f,\

83,22,df,8c,ca,72,c3,9f,90,5f,7c,3a,b0,6d,4a,2a,14,ed,0a,68,1a,d1,b8,93,3d,\

be,32,9e,f1,63,3f,c6,ce,0a,cf,c8,f1,6c,84,50,a0,ca,72,b4,2c,39,bf,23,e2,1c,\

3d,df,97,87,9a,2a,d3,c2,67,8d,89,3b,64,9a,9a,a5,8d,2a,04,56,f0,e9,57,ed,bb,\

15,69,37,99,82,4b,54,3f,e2,7c,15,41,43,5c,a9,2b,d9,e3,79,cd,fe,92,50,d6,77,\

aa,bf,a4,f9,9d,c0,5b,eb,c2,99,35,6e,4c,03,19,9b,7d,8c,6e,0b,17,3a,31,95,9d,\

14,71,45,73,96,16,0b,3e,21,f5,33,bc,08,60,d2,7e,25,19,b4,ef,cd,72,f3,92,03,\

b3,c8,8b,ec,bc,a2,61,83,ec,75,02,8e,41,55,08,d1,c0,43,3a,81,17,47,56,fb,81,\

be,0d,b6,ea,f6,50,77,53,f8,ca,c4,79,a5,ae,9a,b1,05,b2,62,17,db,5b,22,e7,7d,\

e5,7c,f1,2b,e2,f9,ad,97,fd,d1,f0,b1,49,5c,3f,34,a5,d0,85,b7,63,0a,c0,8a,9c,\

8c,fb,e1,c6,c2,7c,34,88,89,3e,e5,cc,f1,a1,24,16,42,61,0f,15,3e,c5,1e,78,a6,\

19,bf,03,00,5d,3d,e2,96,3f,e6,3d,c2,47,6d,0c,69,52,8d,2d,c6,41,ef,b4,69,f2,\

4e,82,f9,7f,6f,d9,19,53,66,d9,ae,15,da,93,80,da,17,70,69,e5,eb,5b,b3,25,13,\

6b,2c,fe,f4,c2,7d,4c,8b,b5,b7,a6,a7,2c,2f,df,56,4c,8c,d3,9d,54,1e,60,6c,c5,\

71,b2,d0,c6,23,c4,6b,c6,f2,23,21,63,19,f5,15,8b,dd,3b,d4,e1,63,53,cf,62,c4,\

c1,0f,48,63,95,2e,24,2e,7f,b1,5f,76,04,4e,41,e8,a7,bc,32,9b,31,6c,76,19,1b,\

c6,5e,be,5c,b6,bb,61,7f,67,98,36,f8,4e,29,f3,b8,6b,fe,32,ff,cc,7c,17,72,52,\

8e,32,6d,b7,98,a7,9a,d0,ac,8c,c3,10,01,92,e4,4e,a1,e8,85,c8,61,5c,46,67,16,\

c3,bc,45,06,9c,7b,d4,6c,9d,f0,74,e0,61,7c,82,e0,28,12,3f,6a,89,3d,1c,fd,90,\

24,b1,a2,b6,b1,51,2d,10,f2,e2,c1,c6,bf,eb,92,c7,9d,ef,ef,bb,e2,fa,7f,39,1a,\

79,cb,3b,aa,4e,fc,cf,b3,24,e6,0f,39,00,46,52,85,19,48,a4,c7,ea,4d,74,00,85,\

ea,8d,1f,2a,34,47,6a,18,e9,3b,ff,20,a3,d4,c4,5d,87,9c,53,3d,7c,39,46,44,0b,\

e3,88,fe,9f,23,0c,e2,df,db,bf,7c,3b,87,bb,cc,c5,c2,bd,e9,43,0c,d9,e9,82,ca,\

6c,05,ed,8e,53,f9,5d,99,5a,aa,33,9e,f7,0b,a4,c9,39,41,55,00,fb,05,28,69,5d,\

4b,55,2c,74,21,bc,7a,41,d9,79,bd,ce,e0,6a,ba,73,02,14,cd,46,9d,43,7d,bd,e2,\

b6,9f,28,70,e0,e8,37,c7,8f,02,bd,ff,cb,de,b3,ba,01,4b,80,57,60,c8,77,68,84,\

96,a2,67,52,12,be,a4,23,42,86,82,24,ae,35,e3,fc,71,46,e1,b0,8f,7e,bf,c4,89,\

2c,1f,a3,2f,af,75,41,b6,3a,bb,ff,0a,af,d4,66,cf,65,a3,9a,98,21,69,9a,dc,ca,\

4f,82,98,78,e2,38,6c,5c,5b,a0,fb,98,23,0f,95,54,96,03,13,0e,07,11,03,31,05,\

1e,06,ea,dd,d2,75,37,60,4a,4b,40,e7,0d,3f,eb,93,42,30,ab,da,20,c6,98,3f,a5,\

57,c5,60,8b,07,ce,36,78,34,b0,99,74,11,de,e6,02,a1,90,91,95,26,86,5f,5f,6d,\

09,0f,dc,8e,1d,ac,bc,0b,90,d8,e6,bd,23,63,be,0e,ea,1c,a3,69,f6,e7,bc,ef,30,\

10,f5,6c,88,df,44,89,50,6d,31,42,e2,b5,95,9b,89,ee,a2,8f,9f,18,23,4a,f2,d6,\

05,98,6c,7b,17,9c,f4,67,0e,c5,8f,94,cc,fe,cb,6c,95,e2,25,5d,de,53,bf,09,b0,\

9a,ea,c2,17,ef,92,13,85,c7,e8,bd,c2,9a,10,a1,3e,e8,1a,e1,a5,7e,34,43,b5,f5,\

1e,d6,4c,7d,de,d7,c6,d8,b4,d5,85,a9,50,14,d1,ef,43,2f,e3,cd,b4,02,3c,8c,54,\

c7,3b,e2,93,7f,ef,75,14,94,2a,9b,5f,bc,d7,64,d7,20,8d,fa,da,eb,be,63,87,90,\

0c,07,38,ee,de,0a,01,59,89,7e,81,84,49,c3,67,f1,e0,9e,35,ac,80,8b,44,39,eb,\

55,09,cb,d9,e3,96,b6,9a,55,64,27,fc,4f,4f,13,6f,95,e2,6d,67,d9,d5,9c,02,d0,\

d4,2c,eb,8b,82,c4,7e,05,be,58,2d,f9,25,9f,22,f6,d8,c8,25,b4,b7,7f,68,c1,a9,\

8e,b8,a2,d8,c6,fd,42,ea,ff,47,c4,7f,26,5e,20,c6,82,fa,81,4b,3b,32,eb,11,1c,\

37,21,e1,98,42,c6,e1,0b,cb,c2,68,43,fc,e7,11,3f,65,d5,0f,36,f1,1b,c0,db,19,\

9e,84,e0,57,3f,cf,b9,de,b8,7d,a2,88,c7,66,e3,10,8f,33,53,81,3b,6f,af,1b,ee,\

e4,e1,bc,64,b5,1a,54,1d,4d,4a,1c,f6,64,58,36,23,b2,31,a6,22,0c,5f,9d,ed,d1,\

de,fe,74,84,2c,1b,4a,ba,a0,bf,9f,37,fc,72,6e,54,45,f8,f7,a3,d3,1b,70,d6,a4,\

aa,f8,dd,f5,c2,cc,4f,14,4c,bd,0b,70,c7,e2,1f,f2,48,8a,e9,90,bf,74,7b,1f,e7,\

7b,43,44,68,f1,2c,ed,7f,b9,f2,82,50,d9,14,d2,7b,46,44,18,62,a8,1c,db,7f,5e,\

0d,12,fb,c2,98,8c,7d,ae,c0,8f,40,3e,bf,bf,69,d8,f8,42,97,6a,2d,22,bb,f3,f2,\

f3,2a,45,61,b5,f0,09,10,fb,68,03,40,4d,0a,97,57,cc,83,8d,90,14,0b,11,f2,67,\

f3,f8,fe,7e,07,7d,5c,ad,e3,f1,26,1a,76,ed,51,7b,ed,fd,0b,d5,88,6b,40,f0,42,\

59,63,09,b4,0c,6b,c8,37,8b,1c,71,49,69,87,5e,31,df,d4,ad,e6,1d,3f,36,2e,e2,\

61,c0,03,4b,b1,74,3a,e8,4a,91,67,15,ef,62,fb,88,4c,6d,af,26,7e,ee,26,1b,d6,\

84,cd,29,ec,da,29,06,40,8d,67,87,50,f1,c9,fc,5b,c9,90,f4,ce,a3,a8,fa,11,16,\

db,02,5d,49,43,08,ce,b4,05,f3,b9,2b,3c,bf,3f,18,34,db,22,07,d9,d0,d8,69,6f,\

24,de,91,83,7e,4f,03,21,0a,b5,ee,47,1f,1f,f7,9a,20,73,38,58,a0,06,89,8e,c9,\

6a,fe,8b,fe,87,fc,b0,94,bf,ee,c1,d9,cd,69,9a,a8,8f,d7,77,e1,b5,37,26,aa,1b,\

02,0b,63,f0,be,68,dc,17,d0,db,c6,cd,92,28,68,8d,a5,39,93,30,88,63,d8,59,6a,\

eb,f8,10,3d,c9,9c,ad,0c,ac,47,f8,8e,3e,88,8e,fb,a8,74,87,1e,59,53,55,ac,03,\

9a,ef,d4,e7,19,2f,17,ff,53,76,79,5a,69,da,9e,3a,21,ea,00,9f,91,f9,f6,94,6d,\

7c,72,56,ca,be,e1,aa,27,d5,52,74,ad,d4,db,86,b6,42,38,b6,8d,cb,b6,33,74,36,\

4f,19,ec,97,17,42,30,c6,d6,5f,03,0f,f7,48,ab,2b,a1,91,3e,6f,23,5e,1c,44,95,\

78,bd,d7,bc,a0,ad,11,2f,23,a8,d4,ca,b8,ae,fb,3a,fd,64,8c,b0,60,2e,99,86,23,\

52,20,54,d0,48,8e,64,d8,c8,81,66,7a,28,d2,65,e6,e5,d3,fa,a3,7f,d5,c0,2e,8b,\

ee,07,e4,03,f8,cd,21,e0,dd,e9,aa,eb,12,8a,48,d0,62,e0,b6,74,ed,19,bd,88,70,\

8f,9e,5e,c7,40,b0,fc,b0,7e,4a,70,d4,d1,e7,e3,62,fd,98,78,f0,b3,9e,2e,b5,e7,\

ad,39,2b,05,15,fc,34,34,f1,72,f3,d7,a2,cc,e0,5a,7c,5c,1c,2b,be,b1,01,06,c8,\

04,fe,76,88,d2,a2,99,36,cb,f6,23,41,eb,10,a5,89,e7,e5,0f,ce,ca,5f,74,68,e0,\

af,0e,39,d3,e5,82,e1,14,be,65,30,7c,bd,f1,fe,e1,33,7d,4e,85,d2,45,4d,bd,c4,\

dd,77,ac,f2,a0,87,ac,9f,d3,83,40,90,35,f8,4a,71,d7,87,7f,74,2e,a0,17,3b,67,\

8e,c9,f8,fa,b4,f6,d3,82,16,25,8b,cc,1a,af,61,2e,90,bb,32,1a,f1,6d,e3,f2,e4,\

5b,01,1e,07,41,a9,5d,eb,f5,a6,58,60,9d,da,7d,e7,f4,1f,df,0a,b6,d9,ed,68,40,\

92,ff,bb,f4,b1,31,b7,85,ad,6d,b5,b9,c5,46,06,6e,f1,24,87,db,18,a2,75,19,83,\

34,83,e2,92,0d,2a,98,ae,40,41,89,7e,25,cd,71,5e,fe,1a,40,0d,da,0b,1e,a5,ba,\

ae,ad,d1,f3,13,8e,3a,d3,5f,26,42,87,1c,a2,f5,3c,d3,95,38,3c,85,dd,b0,54,fd,\

76,24,7f,2d,13,04,fa,b0,f5,5c,2e,94,ff,5a,2a,04,c5,0a,51,24,e5,65,50,3d,9a,\

8a,53,1a,8e,4b,79,b2,f0,eb,85,06,c7,26,d6,4d,86,72,99,4f,e0,85,3d,0f,dd,17,\

27,ac,2e,e9,a8,89,bd,06,2c,ac,89,49,b4,64,b1,1f,86,2f,ce,b0,8e,22,da,86,77,\

79,ea,5e,18,5a,3b,d0,d4,2d,e7,9e,37,e3,69,65,35,2d,03,75,b2,ec,5c,e0,47,e9,\

6e,d1,44,c7,9f,20,f1,35,2e,23,1a,68,d1,c6,ca,c9,9d,de,56,eb,25,ba,9d,bf,e6,\

fb,8f,0b,e3,a6,ec,18,8c,78,4e,ab,e4,7a,6a,37,e3,d4,93,51,19,e6,95,7f,64,95,\

95,4e,a6,05,e3,c8,4b,1e,c3,e7,f8,3f,2b,95,7a,51,6a,b6,b8,f1,bc,69,e6,d1,1c,\

8b,fc,5b,59,7d,67,98,6c,28,fe,51,09,3e,37,74,74,c2,9b,b8,96,ca,77,84,50,84,\

d5,0d,0f,77,aa,bf,a1,0b,51,df,47,4c,38,6e,0b,eb,da,50,53,85,ed,ad,b7,be,28,\

dc,98,10,14,77,ef,d1,be,e9,82,9b,1b,eb,77,0b,1a,38,ec,d6,72,41,df,19,9f,21,\

4b,ea,27,d3,94,33,22,a3,25,c0,f9,e2,58,96,6e,de,96,87,dd,11,bf,03,c1,99,cc,\

31,79,e8,b3,3e,4c,bd,8a,f5,ac,53,f0,91,b7,d8,a9,cf,03,20,88,47,9b,9b,92,fb,\

99,45,85,60,31,07,5c,c5,7e,e9,97,b1,24,fb,95,55,9d,9a,d4,88,78,f0,63,6a,64,\

ba,9a,47,8b,4e,08,be,21,dc,ad,22,3c,f4,69,20,e6,48,b5,a2,70,b4,91,f4,0a,7b,\

bd,25,91,d3,2c,b1,a8,a5,b6,5c,0a,8e,0d,61,1e,29,f2,cc,cc,90,a9,25,90,20,aa,\

4e,cd,fc,7d,99,ae,63,d6,78,8f,83,6b,1c,c5,c2,4c,dd,91,6d,63,92,c4,1d,b4,bc,\

28,8b,e4,02,1b,a5,f8,de,7d,e1,60,95,cd,d1,34,6c,8e,f7,bd,19,f0,db,37,78,ac,\

5c,d5,7f,30,44,06,74,fc,1f,f7,5d,4c,4c,59,b9,f7,54,64,6d,97,7b,1c,01,ea,95,\

d3,0c,78,1b,da,ef,ed,76,7e,ed,bc,eb,bb,a6,80,11,30,d1,a3,fe,ae,ca,a3,83,cf,\

91,09,55,8a,16,9f,6a,04,b4,de,a6,a9,fb,a6,b7,7c,b2,31,3d,ab,1c,4a,2f,67,7b,\

ba,7a,f2,d3,04,eb,fa,f0,52,4e,25,aa,ae,d8,ed,68,75,c2,ae,e3,09,37,fd,2d,c7,\

70,3c,f1,39,1d,6b,f8,fc,8c,08,41,fc,44,f5,7c,88,2e,cc,75,61,96,fa,f7,f8,bb,\

14,51,30,80,bd,aa,64,64,cb,95,ac,b4,a5,e5,5c,ff,ef,c3,ce,cb,6a,fd,62,86,15,\

a1,c2,bf,98,cb,6b,96,e3,bb,69,72,13,2b,61,f2,95,df,d5,25,8d,7d,a4,fd,79,9f,\

d0,01,11,27,84,43,72,d2,e6,56,92,7c,10,c9,f0,79,14,16,46,ff,27,2c,57,17,41,\

f5,f3,9e,da,db,6d,ec,fe,8b,4e,b4,a0,f8,4b,2b,30,a3,75,6d,6f,1a,b0,1c,83,bf,\

66,4a,46,cb,7d,99,e4,93,86,a0,a5,09,37,91,07,85,1b,19,10,c6,88,88,e2,33,d1,\

32,90,67,be,15,30,ed,39,bc,32,95,48,4a,62,ef,37,46,5b,85,36,42,b0,e3,48,ce,\

09,20,f4,e0,d1,11,8e,0f,94,1a,b7,02,ac,44,27,27,1c,90,aa,a8,bc,8b,69,9b,97,\

23,6b,78,91,b9,5c,d1,4c,77,8c,3d,4d,e4,3a,95,5b,b6,13,64,28,e7,f6,98,34,0b,\

fa,7e,ed,e0,b2,ed,1b,27,b0,c0,7b,b2,de,47,8a,aa,bf,95,86,45,84,c1,cd,4f,0b,\

82,cc,d3,40,e1,f4,ca,48,3f,b3,3e,15,99,a4,b0,38,0b,02,b8,f6,93,63,eb,9d,18,\

a3,01,18,ab,1e,37,c2,0c,22,f3,78,70,a3,a7,f2,81,31,f7,53,a7,28,1e,fe,86,27,\

8e,ac,c7,c3,d6,bb,1c,7c,c9,c9,7e,ef,dd,82,c4,b9,4e,d1,b6,2b,0e,93,af,c9,df,\

60,c1,62,e1,2d,22,28,15,46,fc,6c,11,35,c1,a9,f9,e5,bf,c4,aa,07,f4,92,38,b5,\

23,9b,9b,55,27,1e,a5,c1,88,54,37,a4,4c,f9,b5,27,10,09,b7,ce,57,c7,02,9c,21,\

04,b6,7e,bf,9e,c8,e6,e7,47,b3,b7,04,88,6b,61,cf,95,05,93,4d,23,02,ef,7b,0d,\

26,1c,69,23,7f,7f,38,18,c7,7b,0a,8d,e6,e7,ae,29,b7,bf,7f,eb,0f,19,89,bf,fc,\

5b,ee,50,4a,ac,88,1e,4c,a8,d0,d0,d8,58,ff,cb,94,61,72,03,70,7b,53,11,74,25,\

76,86,bc,97,81,80,c1,f9,50,7b,d9,d2,98,69,01,c3,ca,04,b2,db,75,3a,63,f3,d0,\

80,cb,46,6e,1e,c8,05,4f,64,7d,96,ce,91,39,dc,d3,3b,4a,b8,4b,f1,16,d0,d5,1e,\

67,8f,be,30,07,6c,30,fa,8d,70,a6,57,76,f2,a3,11,78,a5,a4,01,12,d6,53,77,68,\

ee,fd,db,4e,3e,46,95,a3,fc,1c,2b,e0,88,e9,a9,f0,f4,0d,46,43,c0,c4,8b,44,1e,\

f2,02,18,35,35,e0,cb,7b,83,d2,a0,39,d5,7e,f7,5d,2a,75,71,15,ce,63,55,9d,dc,\

89,33,55,02,6e,c7,17,84,d1,1f,c7,84,e1,00,2c,80,b0,87,fe,1c,e6,0c,40,22,b2,\

4b,cf,c7,07,c6,3c,30,04,65,d7,34,b3,60,0c,64,f7,5e,f3,48,c0,de,22,db,ec,81,\

d7,c5,9b,e4,9b,f1,eb,bc,01,36,f9,3b,c3,74,f6,65,25,ef,e3,c4,d8,a5,98,5e,1d,\

de,0b,e4,2d,06,cf,2c,d9,b8,db,e1,6e,1b,8d,79,db,71,ee,68,16,ed,38,94,bb,c5,\

96,08,f6,89,2a,ec,a4,b3,54,b5,b5,7f,32,99,d5,fd,63,46,4b,64,11,d3,21,a9,c1,\

2e,f7,85,50,fd,79,6f,82,d5,e7,84,61,21,8b,3a,98,ac,9b,3e,36,1c,b0,12,bc,bb,\

79,fb,74,7e,b1,1a,05,3f,4e,d9,45,4e,fc,88,4e,28,c9,48,d4,86,22,29,b5,9a,fe,\

8f,d2,95,59,da,1e,6c,e4,46,f4,dc,fb,0f,ae,ab,d7,d9,73,32,05,50,50,18,16,0c,\

8b,95,60,98,b7,34,a6,46,71,fc,a5,7c,73,4a,fd,ee,f3,8c,33,98,48,cb,fa,f8,4f,\

83,b1,7c,0d,b1,2c,36,96,2d,b7,d7,2d,3a,58,db,ac,5c,55,01,26,69,f6,fe,cc,e3,\

8c,72,0d,85,b2,1b,01,1c,d3,49,08,98,ed,92,ae,63,94,c6,d3,f2,39,25,08,99,ac,\

d0,3b,a3,de,e0,7e,97,a2,ee,70,a6,04,5d,a7,b9,e7,a1,54,89,2e,e1,90,1e,d5,fe,\

4d,f0,81,d0,8d,4d,5c,b2,d1,fa,1f,42,d5,1d,70,62,7a,5a,6f,82,04,3d,8c,22,85,\

d8,9b,92,99,ad,2a,fd,54,cd,12,a5,79,42,4c,70,ed,ab,06,a4,6b,26,f6,ef,78,73,\

ef,aa,9a,55,b2,c1,5e,c5,3c,06,88,16,22,0b,99,c3,b3,cb,41,52,b0,12,ed,0a,95,\

7f,8e,a8,7a,dc,9d,52,37,ab,5c,d1,cb,01,5e,fa,ff,98,49,6d,46,1f,db,83,e8,d4,\

2b,81,5f,55,32,12,01,b3,89,f4,e0,c9,74,f1,ef,cc,20,11,66,22,29,0e,67,78,5f,\

08,e1,0f,ca,7a,b4,56,cf,eb,6d,17,be,45,eb,37,ca,1c,b7,21,65,7d,3b,e2,79,7e,\

c2,ed,bd,c7,e7,bd,ce,52,4d,bb,82,6e,91,61,79,0a,7d,a0,f5,30,7f,7f,eb,d0,59,\

05,59,bf,19,5a,db,ff,4c,29,79,41,6f,48,c4,a8,a6,9b,21,d0,b0,36,64,0f,1b,c1,\

a1,fb,b4,21,3e,2c,42,54,4d,95,42,74,9d,19,2a,17,e2,ff,9e,8c,52,80,eb,7a,4a,\

93,f7,c0,7a,40,82,ae,44,6a,ac,74,64,ed,b8,da,d6,e8,0f,32,f4,5c,88,8b,df,f7,\

e6,28,21,2a,a2,30,91,81,eb,a7,76,34,ec,9d,ef,f9,4d,a6,92,1d,fc,8a,53,d3,2d,\

3d,a7,cc,9f,11,ea,08,22,2a,fe,eb,c5,56,32,36,93,b5,4f,72,69,d4,52,8b,f6,e5,\

31,f1,f8,81,b8,92,b6,a4,7b,fe,90,fa,0f,c9,da,59,7a,31,eb,8e,e7,01,70,5c,9e,\

b5,06,c2,34,df,09,7d,ff,ca,a6,ce,cd,5c,38,7d,d6,41,d1,1e,ee,45,16,93,00,02,\

51,d2,b7,bc,c1,e8,7e,89,34,3e,ab,b5,d8,9d,1c,f7,64,4f,6b,32,79,01,bf,34,b7,\

b6,95,17,26,64,d8,a3,b9,45,aa,0a,2d,2d,62,d6,34,1b,d1,1f,d3,0e,ca,01,09,1a,\

e1,4d,b1,ba,72,7f,a9,68,e6,f1,34,6b,31,4e,9d,f1,9f,48,1e,5d,d1,8e,ff,e2,02,\

f8,02,51,8f,05,ff,2f,b7,88,cc,0b,9f,9e,5f,0e,c2,99,e3,37,d4,a5,e6,f7,7a,38,\

da,55,f9,3d,8e,32,b2,5a,9e,0a,49,74,eb,8f,b7,75,4a,91,9b,4d,79,21,d1,36,57,\

f6,46,3d,54,0f,0b,fe,26,9a,a8,af,bd,15,b2,60,7a,b3,a0,80,9c,01,da,a4,fa,c9,\

13,84,f8,37,d9,46,b4,3a,6a,00,80,2d,ca,78,95,b7,12,e5,2d,05,f0,0b,9c,f2,c5,\

fb,bc,fe,9d,bf,cb,02,3c,1a,4c,03,e8,4d,51,62,cb,e8,f6,52,99,df,2e,8f,72,e0,\

c2,4d,0a,e4,96,6f,07,05,2e,fa,ab,8f,72,c9,b2,59,ae,82,7e,56,dd,c8,71,67,27,\

b3,9a,73,a8,7d,95,ba,73,7e,ac,66,d7,5a,42,63,e0,79,72,71,98,21,b7,f3,78,b1,\

5d,3f,1b,74,50,f4,8f,9c,89,7a,ae,6f,c5,e6,47,4a,7e,1e,b9,e6,19,3e,c0,da,61,\

3b,8e,61,34,c6,1e,5e,7c,74,c5,9d,61,1b,09,5c,bd,7f,b7,0a,d1,2e,30,4e,36,a8,\

04,4b,16,c3,c2,22,9b,4e,0d,b9,a8,f5,f3,bb,c8,64,7b,e1,63,af,7d,95,6f,38,f2,\

b7,01,07,34,1c,87,8e,92,6f,8f,b7,99,11,c2,10,f3,18,b2,7b,46,a0,d3,27,59,66,\

c6,bf,79,92,de,e1,1b,d5,dd,d1,c2,b4,fe,6f,23,24,39,66,87,56,c2,a7,72,d4,d2,\

16,82,cd,ab,82,99,ad,d6,db,3e,f1,b0,9f,41,3a,24,96,9e,a0,ba,bf,a4,48,e6,d1,\

8a,57,39,28,47,12,6b,a4,df,71,21,4d,c2,6d,79,99,20,c9,42,ed,5c,ad,0d,61,be,\

91,87,c3,67,5d,06,df,8b,cf,61,fe,da,1c,05,ad,3f,da,45,c0,cd,1d,f2,96,f6,e1,\

2c,9d,ff,a8,77,19,b0,63,11,22,50,96,83,ec,d1,b8,77,4c,47,d8,c9,77,9e,86,e1,\

bc,0c,8d,f1,3f,55,c6,4d,57,c9,70,78,a0,d6,d6,dc,e8,de,61,97,ea,7f,c3,d9,22,\

18,76,8e,e0,89,65,3e,9c,3a,e8,31,89,5e,f6,d6,6c,79,96,65,af,1f,97,c4,b1,ff,\

81,a7,61,21,cb,fc,0b,6c,4f,86,71,6b,fa,c8,1e,50,c8,24,f7,3a,f0,44,13,b3,5b,\

b9,cd,dd,7d,5b,e2,17,8e,9a,10,10,59,50,e7,d9,4f,ba,07,a5,a6,c7,ec,10,59,14,\

13,b2,70,1a,5f,f3,81,a6,ba,21,77,8a,ff,bf,92,93,18,21,af,bb,63,35,ca,9f,5b,\

a4,c1,33,74,1a,5a,b4,46,e1,88,de,ee,b5,ea,60,b2,d4,95,8d,e3,54,13,54,08,b9,\

ab,72,38,c7,95,e3,e6,c8,95,44,a5,26,e3,5d,90,05,ad,0a,a3,bb,00,f7,6f,e7,0d,\

5f,ca,56,7c,1a,c5,28,03,d6,de,2e,36,a4,77,97,a1,b7,87,cc,14,69,90,98,3e,7f,\

d1,8c,7d,ae,bc,a2,f5,5e,aa,20,df,ad,ce,bf,24,b7,67,0d,2b,15,3a,10,ef,a3,40,\

2c,54,87,9c,46,bb,e7,6f,cf,2a,d4,19,2f,2a,b3,19,95,08,27,d7,57,17,47,d7,76,\

9c,4d,3d,18,7a,a8,90,38,0f,4c,be,9c,59,4d,60,07,5d,ac,40,b0,c9,70,18,f4,d8,\

f9,9d,48,76,92,bc,71,a4,45,24,f7,1f,f3,04,d7,3c,a3,16,78,17,1b,dc,e0,ec,ad,\

29,28,c5,54,e4,2d,56,00,f8,09,89,25,2d,f0,c2,ed,ba,d2,c0,45,f9,89,85,7d,02,\

97,18,c9,4e,6a,c2,a1,81,de,7d,67,86,04,aa,4b,e1,22,02,6c,41,fb,cf,3f,55,50,\

5c,35,e1,a6,aa,98,11,4a,64,b6,0d,93,15,42,cd,67,99,f7,2f,00,d1,7e,47,f0,9b,\

92,f6,63,02,62,be,a5,b1,37,d4,c6,e4,ae,56,77,36,45,28,81,dd,41,98,3c,ca,62,\

bd,76,61,0c,b9,d8,7c,3d,e1,73,b2,c1,1d,9c,d9,a9,92,fa,c9,f9,7f,dd,63,a1,65,\

d1,d2,af,6b,73,11,c2,00,84,ae,c2,c2,3c,cd,ce,9f,e1,6f,76,3a,97,f5,2b,90,7a,\

df,f3,db,ea,da,61,b6,26,fa,c5,83,1d,fb,44,a0,0a,80,6f,5b,62,1c,eb,38,15,67,\

23,88,7f,59,ff,1e,77,7d,ae,05,31,47,a2,6e,63,a8,dc,ec,a7,e0,69,e4,21,93,2d,\

3e,61,20,df,61,8b,2e,55,5f,b5,87,02,6c,90,2a,bd,95,4b,9b,c3,ae,b4,7e,00,8d,\

a1,64,8a,75,8e,e5,6e,d5,87,ef,b0,33,48,5d,95,8d,63,a4,cc,03,fc,23,aa,94,0c,\

ef,8f,46,0b,f1,d1,ee,0e,37,52,ae,3d,99,9d,bd,87,9c,32,66,94,96,1d,54,fc,13,\

ce,0c,b6,78,24,bb,d3,e6,cb,32,6c,61,c8,2f,d9,32,52,de,23,89,e4,9f,bc,67,90,\

0a,6e,bb,96,30,92,cb,35,24,82,d6,c1,bb,50,f8,f6,d9,8f,b9,4d,8c,4a,54,59,0b,\

21,0f,a8,e1,9e,dc,b1,b2,a3,a8,00,ef,ac,8d,95,aa,54,48,87,a9,1a,ed,ec,b9,66,\

d9,fd,44,c7,e9,76,26,7f,e9,3c,bd,41,50,42,3f,39,2a,ad,51,4d,55,37,d5,a3,f0,\

d1,03,63,11,8c,bb,be,b6,b9,19,2f,ff,4f,4a,00,9a,8e,9f,b3,10,7e,e2,e0,d5,dc,\

0a,e3,9d,52,79,5d,19,62,fd,f7,1b,24,9e,a5,9f,37,c9,33,08,fd,ae,20,ad,08,e6,\

b0,94,cf,59,3d,7d,a6,5f,ce,23,ed,25,ea,be,87,52,af,cc,8d,eb,1e,11,44,74,b9,\

dd,4d,59,50,8d,1c,8c,18,54,ab,6e,fd,3c,70,f3,39,67,8c,01,26,ec,9b,45,1a,50,\

fd,b6,3b,cf,1d,c5,04,d4,33,56,18,81,a8,be,c7,fe,d9,7b,eb,c9,17,22,0f,4d,f2,\

98,d7,b7,b7,85,9b,05,37,06,56,5f,ca,a2,bf,ab,94,80,b5,5c,07,d7,e0,8a,a9,a5,\

96,48,18,a4,fb,32,4b,7a,6d,45,1a,30,1f,f3,01,e5,03,77,21,c4,ee,67,f4,87,33,\

f6,88,b1,4d,1f,e5,4e,93,37,23,46,de,ff,0f,fa,98,8b,79,cd,2c,ec,45,e3,bb,0c,\

bf,28,11,d8,2f,95,d7,a5,ad,ae,0a,cc,37,50,ab,98,01,a9,b9,63,0c,88,5c,fb,fa,\

d7,63,4a,21,65,f0,37,de,e9,72,c7,2c,44,d4,88,75,07,f4,2f,a7,35,57,80,8b,f6,\

4a,1b,6e,52,7c,2d,84,71,40,bb,83,b0,10,ed,4d,7d,6c,d0,01,85,1f,92,68,86,c3,\

f5,90,5e,87,fe,b6,68,30,ed,69,09,5e,72,ed,86,11,1e,de,19,6b,18,15,43,b7,11,\

cf,63,ab,7a,0c,88,ea,f4,36,84,cd,08,03,41,63,18,9c,59,b7,95,ff,e0,51,73,a2,\

84,b2,ff,da,59,d9,d4,1f,79,ee,72,f2,3e,24,85,d9,6a,40,90,dc,2f,be,ec,82,4f,\

68,0d,fd,82,28,08,a2,18,1b,52,9c,df,e6,cb,e0,47,4d,fb,63,c4,01,9b,8b,74,ba,\

57,e4,02,86,d2,15,ca,61,eb,12,3e,05,3e,93,88,03,ee,c4,70,13,a2,3e,81,a9,ce,\

36,67,c9,e8,34,f4,9c,1b,aa,87,44,42,1d,b8,54,6a,d6,3c,fa,20,fc,2d,39,67,5b,\

bb,d4,08,63,1f,6e,29,74,d1,ef,21,58,fb,2a,8b,11,2d,bc,99,d6,52,37,ab,58,e3,\

80,21,49,5a,75,6d,1f,ea,d3,6c,16,6d,57,f6,74,9e,24,b3,10,88,65,31,15,3e,33,\

34,04,cd,b9,4e,d1,f8,6f,96,af,2e,02,82,3d,c4,b8,35,e7,c1,0f,84,37,56,04,ce,\

27,63,83,96,36,3d,23,71,bb,af,10,23,78,3f,48,05,72,b2,0b,a9,00,d2,8c,c1,23,\

6e,ed,3d,15,a3,6a,b4,25,5a,d5,05,c1,12,42,3e,d5,df,03,bd,53,b3,d7,94,13,dd,\

5e,32,de,cf,d0,40,c5,ea,24,ef,ca,b8,e2,3a,9f,54,fc,64,fa,fb,1b,04,62,2a,9d,\

8e,ce,07,de,82,0d,3a,b7,e3,65,fe,45,eb,7b,78,ec,fd,72,47,9b,db,57,5c,51,19,\

bd,0c,e0,d1,a4,63,f0,99,a0,bc,48,b2,36,8e,49,82,8a,89,bb,45,37,e2,cd,ff,7f,\

eb,56,b5,a4,e6,61,dc,95,1b,b6,e9,12,cd,28,e1,0c,79,99,77,d0,d9,b8,9a,24,e8,\

a6,ba,46,3f,ab,cf,dd,37,cb,9c,30,4e,9a,35,96,cc,50,bf,2d,a5,20,77,cf,a2,c6,\

f5,42,bc,60,b2,af,c8,7e,c9,56,5a,7c,fa,7f,e3,10,f4,b4,1c,1f,d4,2d,a8,d5,e9,\

8c,f4,f4,ba,ca,63,6c,4a,72,a8,2c,cd,9a,0d,72,39,70,dd,4f,fd,57,ce,ca,e1,e7,\

a9,d7,1e,46,8b,72,cf,ef,95,82,4b,b2,e6,03,b3,fc,c6,64,c7,59,24,2e,fe,37,43,\

e7,d5,ed,b0,36,67,fc,77,47,3e,94,96,71,69,5a,b2,17,ce,68,09,cc,c2,95,a8,ba,\

d7,f7,de,44,f5,a7,f0,ea,ad,c4,0e,6d,c9,a7,bb,86,34,28,c5,38,ef,c9,b0,4a,7a,\

25,e3,1d,04,c2,9d,7f,70,05,7d,22,fb,47,47,4c,20,2c,e5,d1,b8,30,ac,3e,66,83,\

e1,58,32,17,7c,c5,74,f7,2b,08,f4,da,9a,b3,4f,f8,f2,d7,9d,1c,9f,c0,50,fb,57,\

df,5f,c4,58,08,a4,f8,f1,dd,83,7c,43,8a,cd,ec,d9,49,b4,e4,33,16,ab,1f,59,5e,\

e7,70,9b,38,b2,44,c1,22,22,aa,ac,46,4a,b8,2f,fb,b1,2a,1f,8f,03,4d,ae,44,07,\

1b,f4,98,d1,a8,cf,ca,39,bd,ed,99,8c,c2,27,4f,80,e1,11,fe,6e,68,cf,0a,bb,6f,\

2a,e7,97,bb,e2,24,eb,e3,46,a9,8c,b1,03,3d,b5,cb,3a,f2,4a,b4,93,d5,e5,e3,4b,\

1a,09,da,7d,80,23,e3,9a,c2,d4,ae,e1,33,f2,47,82,51,d0,44,04,9c,bf,43,e4,a9,\

d4,94,7f,72,ec,32,31,f0,ee,f8,bf,ec,50,11,f2,11,dd,b1,85,47,b5,02,41,3c,95,\

61,67,43,58,cb,4e,62,be,92,4d,a6,6d,55,db,ba,35,2e,f5,b8,fb,98,2d,c0,3f,8a,\

06,70,c6,75,06,68,30,80,4c,a3,a0,11,35,52,8e,90,18,c7,1b,6e,34,91,a1,67,e6,\

e9,8f,04,1f,4c,74,63,16,6a,59,3a,3a,3f,54,1a,6b,80,5a,f1,69,38,55,d3,8d,b3,\

76,fa,b7,9b,cd,0b,87,61,17,9a,d0,de,d7,f1,49,3b,a8,0d,86,0e,d1,cf,ea,27,c5,\

1a,00,50,48,de,0e,58,da,62,16,c6,40,65,a9,79,26,f8,64,26,be,90,bb,08,aa,5a,\

f5,d2,1c,ce,78,e9,3c,87,47,d0,ca,52,c9,e3,04,85,cc,49,ca,92,c9,24,00,db,6a,\

0a,34,c8,49,b9,80,17,fb,06,b2,74,4d,17,ab,4a,cd,d2,05,d8,8d,95,f8,87,f7,23,\

28,7f,7b,f4,f0,b6,68,b3,65,87,a7,24,c5,85,89,26,0a,18,eb,f0,1a,db,0a,9b,3f,\

42,99,e0,d6,80,11,24,4b,a8,49,b1,45,12,46,47,1d,00,54,d3,95,81,55,7e,c7,96,\

5a,e9,5b,94,70,b7,fd,c9,bc,4d,0e,62,cb,d5,9a,8c,23,89,8b,da,1e,2e,1c,e7,f8,\

a3,de,90,3c,26,0b,23,74,e9,c1,41,9d,24,2b,f6,e2,6a,59,a5,67,5c,40,fe,75,32,\

03,2a,d7,97,70,48,84,ba,ce,1d,7d,a2,d6,07,f9,c1,ff,33,c0,cd,ff,10,d5,cb,8e,\

04,57,6c,6d,5d,a9,9d,a7,8a,d1,5a,16,8b,1e,c3,2a,a6,0e,71,e6,5c,6e,0a,2b,9b,\

c3,13,da,39,35,e9,06,73,91,fa,a5,62,a0,71,8d,fd,13,90,0e,28,cc,fe,3a,7a,92,\

b5,3c,43,08,1b,eb,ce,e0,6f,9f,e3,4c,67,44,90,b5,18,ad,29,b0,15,2a,8e,2e,db,\

5c,ac,f2,6d,48,47,49,3b,ab,f6,f5,48,8d,6f,6a,8c,19,04,3d,97,ac,6e,d9,78,2c,\

ca,73,dd,9b,c4,e1,41,7b,ec,ac,e7,b1,15,17,32,68,65,06,09,3d,18,96,a1,e2,29,\

a5,ef,c1,67,94,63,e3,cb,4b,d3,11,09,7e,b5,39,65,2f,92,12,c8,75,b7,03,13,00

"NoDriveAutoRun"=dword:03ffffff

"NoDrives"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

OK, now for the DUAL boot question:

I don't even know what that means, so I guess not. I DID have another OS (it was still XP though) on D drive because it was from an old computer, but I have since formatted it and now only use it for storage. I hope that answers your question.

Link to post
Share on other sites

  • Root Admin

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"DriveConfiguration"=-
"LegacyDrive"=-

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 03

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log

Link to post
Share on other sites

I backed up my registry with ERUNT.

When Combofix opened, it said there was a newer version and asked if I wanted to update it, I clicked yes...I hope that was the right thing to do. Here is the Combofix log:

ComboFix 10-04-14.04 - Val 04/16/2010 0:12.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.652 [GMT -4:00]

Running from: c:\documents and settings\Val\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Val\Desktop\CFscript.txt

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

.

((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))

.

2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT

2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD

2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-04-15 08:35 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java

2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java

2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner

2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll

2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll

2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll

2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll

2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll

2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe

2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe

2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild

2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies

2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe

2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe

2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe

2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe

2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe

2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe

2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe

2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll

2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll

2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll

2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll

2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe

2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll

2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys

2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]

"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]

"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]

"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]

"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LegacyDrive"= b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990

854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e9

2

a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d99530

9

a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623d

f

b40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625

0

75ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d2

5

bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df

4

389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16c

f

9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c

8

7d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711

c

609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449d

c

1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206

f

45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48

0

05d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0

f

441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e4

7

a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc34

7

6b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0

0

75b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d37

6

bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5b

e

d04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d

0

526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161d

b

d135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56c

b

53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f

4

c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde9

2

b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9

6

79ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a99

5

8d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc0566

5

f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c1

6

eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b4

7

814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6

d

e0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed26

0

bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc

5

80e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf1451

5

726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79

c

e367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0

b

b32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b0732

7

0e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff822

8

d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7c

a

fb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f9

0

5f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e2

1

c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca

9

2bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396

1

60b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a811

7

4756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0

b

1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619b

f

03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da17

7

069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc

6

f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76

1

91bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc310019

2

e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6

b

1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c

7

ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf

7

c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4

b

552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba

0

14b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf754

1

b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e0711

0

331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b099741

1

dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c

8

8df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e22

5

5dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4

d

585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe63879

0

0c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f13

6

f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6f

d

42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f1

1

bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf

6

64583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8

d

df5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b464

4

1862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910

f

b6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f

0

42596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62

f

b884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494

3

08ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858

a

006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc

6

cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039a

e

fd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64

2

38b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad11

2

f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c

0

2e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1

e

7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe768

8

d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e

8

5d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d382162

5

8bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed6840

9

2ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715

e

fe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304

f

ab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853

d

0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37

e

36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0

b

e3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6

b

8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b5

1

df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f

2

14bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d

8

a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e

0

8be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a

9

259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de160

9

5cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30

c

781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2

3

13dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8f

c

8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd62

8

615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c

9

f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb

7

d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853

6

42b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c

3

d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b8

2

ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f281

3

1f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d222

8

1546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7

0

29c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de

6

e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc

9

78180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab

8

4bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc

1

c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559dd

c

893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64

f

75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06c

f

2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411

d

321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454

e

fc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b95

6

098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c5

5

012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2

e

e70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2

2

85d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b

9

9c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f553

2

1201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb72165

7

d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c29794

1

6f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93

f

7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94

d

a6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6

a

47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee45169

3

000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d

6

2d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518

f

05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b

4

d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a0

0

802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0

c

24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e

0

7972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e

5

e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d9

5

6f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4

f

e6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a573

9

2847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45

c

0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d5

7

c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1

f

f81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d

9

4fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a

5

ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb0

0

f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20df

a

dcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4

d

3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca3

1

678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a18

1

de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47

f

09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9

c

d9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbea

d

a61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e

0

69e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587ef

b

033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13c

e

0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6

d

98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e9762

6

7fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2

e

0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25e

a

be8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63b

c

f1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55

c

07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e9337

2

346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbf

a

d7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d

7

d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c8

8

eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2f

b

eec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e0

5

3e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd4

0

8631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b

3

10886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371

b

baf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d7941

3

dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b

7

8ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e

6

61dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da5

2

077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82

c

cd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7

d

5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863

4

28c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574

f

72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1

f

595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2

2

74f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7

d

8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb185

4

7b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca

3

a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db3

7

6fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a9792

6

f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b980

1

7fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01ad

b

0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62

c

bd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad

7

97704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e

7

1e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06

f

9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed978

2

cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb53

9

652f9212c875b7031300

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents\\Webshit\\setupxv.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]

R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]

R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]

R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]

R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrv REG_MULTI_SZ Tapisrv

.

Contents of the 'Scheduled Tasks' folder

2010-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]

2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.pogo.com/home/home.do

mStart Page = hxxp://ca.yahoo.com

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: pogo.com\www

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-16 00:24

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)

c:\windows\system32\UmxWnp.Dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1088)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3640)

c:\windows\system32\WININET.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-04-16 00:32:29

ComboFix-quarantined-files.txt 2010-04-16 04:32

ComboFix2.txt 2010-04-10 00:10

Pre-Run: 51,956,932,608 bytes free

Post-Run: 51,925,209,088 bytes free

- - End Of File - - 40D29E291AAD241EF14FA259930D7A71

I tried to update MBAM but still can't, got the same message:

MBAM_ERROR_UPDATING (122,0, MultiByteToWideChar)

The data area passed to a system call is too small

I ran the quick scan anyway, here is the log:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/16/2010 12:55:16 AM

mbam-log-2010-04-16 (00-55-16).txt

Scan type: Quick scan

Objects scanned: 101756

Time elapsed: 18 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Root Admin

I'm sorry, I forgot the directive to tell Combofix what to do. Please run the following again and then proceed to Step 3

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"DriveConfiguration"=-
"LegacyDrive"=-

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 03

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

Link to post
Share on other sites

Ok, I backed up my registry again using ERUNT, then ran combofix again using the new CFScript.txt, here is the log:

ComboFix 10-04-15.05 - Val 04/16/2010 12:44:41.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.538 [GMT -4:00]

Running from: c:\documents and settings\Val\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Val\Desktop\CFscript.txt

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

.

((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 )))))))))))))))))))))))))))))))

.

2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT

2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD

2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-04-16 07:00 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java

2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java

2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner

2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll

2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll

2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll

2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll

2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll

2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe

2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe

2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild

2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies

2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe

2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe

2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe

2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe

2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe

2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe

2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe

2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll

2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll

2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll

2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll

2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe

2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll

2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys

2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]

"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]

"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]

"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]

"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents\\Webshit\\setupxv.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]

R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]

R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]

R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]

R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrv REG_MULTI_SZ Tapisrv

.

Contents of the 'Scheduled Tasks' folder

2010-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]

2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.pogo.com/home/home.do

mStart Page = hxxp://ca.yahoo.com

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: pogo.com\www

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-16 12:58

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)

c:\windows\system32\UmxWnp.Dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1332)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3552)

c:\windows\system32\WININET.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-04-16 13:07:40

ComboFix-quarantined-files.txt 2010-04-16 17:07

ComboFix2.txt 2010-04-16 04:32

ComboFix3.txt 2010-04-10 00:10

Pre-Run: 51,863,126,016 bytes free

Post-Run: 51,825,545,216 bytes free

- - End Of File - - B0CFF26F6F2AEFCFA7E425F22E9EE0C0

Then I ran your CHKDSK routine, when it was done and the system was booting up again, a screen appeared that said "The volume is clean"

Link to post
Share on other sites

  • Root Admin

Please download a new version of Combofix and overwrite the current one on your desktop and run the following.

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

Driver::
lwctth
File::
c:\windows\system32\drivers\sjlimgl.sys

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

Link to post
Share on other sites

I downloaded the new version of ComboFix but it wouldn't let me overwrite the old one, said it was a read only file, so I renamed the old one, wasn't sure if I could just delete it or not.

Here is the ComboFix log:

ComboFix 10-04-17.07 - Val 04/19/2010 1:49.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.600 [GMT -4:00]

Running from: c:\documents and settings\Val\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Val\Desktop\CFscript.txt

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

FILE ::

"c:\windows\system32\drivers\sjlimgl.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_lwctth

((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))

.

2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT

2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD

2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-04-19 06:05 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java

2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java

2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner

2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll

2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll

2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll

2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll

2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll

2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe

2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe

2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild

2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies

2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe

2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe

2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe

2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe

2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe

2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe

2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe

2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll

2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll

2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll

2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll

2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe

2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll

2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys

2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]

"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]

"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]

"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]

"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents\\Webshit\\setupxv.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrv REG_MULTI_SZ Tapisrv

.

Contents of the 'Scheduled Tasks' folder

2010-04-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]

2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.pogo.com/home/home.do

mStart Page = hxxp://ca.yahoo.com

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: pogo.com\www

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-19 02:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(460)

c:\windows\system32\UmxWnp.Dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(516)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3848)

c:\windows\system32\WININET.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\AAWService.exe

c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe

c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

c:\program files\Viewpoint\Common\ViewpointService.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe

c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

c:\program files\CA\CA Internet Security Suite\ccprovsp.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2010-04-19 02:24:04 - machine was rebooted

ComboFix-quarantined-files.txt 2010-04-19 06:23

ComboFix2.txt 2010-04-16 17:07

ComboFix3.txt 2010-04-16 04:32

ComboFix4.txt 2010-04-10 00:10

Pre-Run: 51,833,638,912 bytes free

Post-Run: 52,484,857,856 bytes free

- - End Of File - - 5228EB92DE15F2B7B1F28308EC49ACC2

Not sure if this is anything to worry about or not, WinPatrol popped up just now saying there was a change in my HOSTS file....this is what was in the notepad:

127.0.0.1 localhost

Link to post
Share on other sites

  • Root Admin

The entry for 127.0.0.1 localhost is correct and you should allow it.

Please run the following. It will make changes to the registry, please allow the change if WinPatrol says anything.

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000000

FileLook::
C:\WINDOWS\system32\drivers\etc\hosts

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

Link to post
Share on other sites

A weird thing happened when ComboFix finished, I re-enabled my AV as usual and opened up my browser to post my log. It gave me the message about Firefox not being my default browser, which is normal, but after I clicked "yes" to make it my default browser, my computer froze completely, I had to power it down as nothing would respond to my mouse. When I booted it up again, I got the message again about my default browser and my home page didn't load, there was just a tab that said "Session Manager Loading" but my PC wasn't doing anything (no drive light or CPU activity showing on the Speed Up My PC icon in the system tray). Not sure if this has anything to do with what we're working on or not. Anyway, here is the ComboFix log:

ComboFix 10-04-18.04 - Val 04/19/2010 21:36:15.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.669 [GMT -4:00]

Running from: c:\documents and settings\Val\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Val\Desktop\CFscript.txt

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

.

((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))

.

2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT

2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD

2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-04-19 07:09 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java

2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java

2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner

2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll

2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll

2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll

2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll

2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll

2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe

2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe

2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe

2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe

2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe

2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe

2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe

2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe

2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe

2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll

2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll

2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll

2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll

2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe

2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll

2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys

2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

--- c:\windows\system32\drivers\etc\hosts ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 27

Created time: 2004-08-10 17:51

Modified time: 2010-04-19 06:07

MD5: 6A4029CFF35FD4BA34C001C1ED5D9945

SHA1: DB23360218B3BC39606394836768B13B43BB6FC7

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]

"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]

"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]

"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]

"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Documents\\Webshit\\setupxv.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]

R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]

R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]

R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]

R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

tapisrv REG_MULTI_SZ Tapisrv

.

Contents of the 'Scheduled Tasks' folder

2010-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]

2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.pogo.com/home/home.do

mStart Page = hxxp://ca.yahoo.com

uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: pogo.com\www

DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll

DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll

FF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-19 21:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(304)

c:\windows\system32\UmxWnp.Dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(596)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2904)

c:\windows\system32\WININET.dll

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-04-19 21:59:36

ComboFix-quarantined-files.txt 2010-04-20 01:59

ComboFix2.txt 2010-04-19 06:24

ComboFix3.txt 2010-04-16 17:07

ComboFix4.txt 2010-04-16 04:32

ComboFix5.txt 2010-04-20 01:32

Pre-Run: 51,672,240,128 bytes free

Post-Run: 51,636,817,920 bytes free

- - End Of File - - B44F0625BFEC9D0160EF5D9310A2094A

Link to post
Share on other sites

  • Root Admin

Please temporarily disable WinPatrol and reboot the computer.

Then run the following.

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

Restart the computer and see if you can now update MBAM.

Link to post
Share on other sites

I followed all your instructions until it came to setting up file exclusions for my firewall, I tried twice but when I open my firewall and try to go anywhere but the overview page, it just hangs until it stops responding altogether and then I have to close it with the task manager. I was, however, able to add exclusions for AV & Anti-spyware on demand and real-time scanners. I rebooted again and tried to update, but got the same error message. I then disabled my firewall, which I can do from a right click on the icon in the system tray, and then I could update MBAM. I now have database version 4014 instead of 3930, should I run it? Are we done?

Link to post
Share on other sites

I don't know how to do that, it is part of a suite, and I have been thinking that it is too heavy for my system and that maybe I should replace the whole thing. I have kept it so long because I get the full version for free, but it would appear that there are many good free replacements out there now that would be lighter for my system. Do you have any recommendations?

Link to post
Share on other sites

I think, for now, I will uninstall and re-install my CA Internet Security Suite, while I research and decide what combination of free security software will work the best for my internet habits and allow me to feel secure, because if I am scared to go on the internet, then my computer is basically useless. Thank you so much for all of your assistance, I really do appreciate it. Is there anything else I need to do or know before you close the topic?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.