noobJ Posted April 3, 2010 ID:226343 Share Posted April 3, 2010 Hello, I have followed all the steps detailed in "I'm Infected - What do I do now?I ran MBAM and my AV full scan....both clean...this is the MBAM log:Malwarebytes' Anti-Malware 1.45www.malwarebytes.orgDatabase version: 3930Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187024/1/2010 6:17:22 PMmbam-log-2010-04-01 (18-17-22).txtScan type: Quick scanObjects scanned: 102132Time elapsed: 22 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0I then tried to update MBAM but still got the message: MBAM_ERROR_UPDATING (122,0, MultiByteToWideChar)The data area passed to a system call is too smallI disabled CD Emulation drivers with DeFogger......no error messageI ran DDS and GMER and am attaching logs as instructed. I hope I did it all right DDS (Ver_10-03-17.01) - NTFSx86 Run by Val at 16:03:18.78 on Fri 04/02/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -4:00]AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exesvchost.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k tapisrvC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Documents\Webshit\WinPatrol\winpatrol.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Documents and Settings\Val\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.pogo.com/home/home.douDefault_Page_URL = hxxp://www.dell.ca/mywayuSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html?p=DCmDefault_Page_URL = hxxp://ca.yahoo.commDefault_Search_URL = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.commSearch Page = hxxp://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ca.search.yahoo.commStart Page = hxxp://ca.yahoo.comuSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.commSearchAssistant = hxxp://www.google.com/ieBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -smRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -clmRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exemRun: [<NO NAME>] mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exemRun: [WinPatrol] c:\documents\webshit\winpatrol\winpatrol.exemRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcentermRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"uPolicies-explorer: LegacyDrive = b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e92a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d995309a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623dfb40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625075ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d25bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df4389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16cf9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c87d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711c609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449dc1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206f45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48005d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0f441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e47a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc3476b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0075b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d376bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5bed04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d0526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161dbd135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56cb53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f4c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde92b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9679ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a9958d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc05665f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c16eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b47814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6de0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed260bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc580e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf14515726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79ce367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0bb32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b073270e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff8228d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7cafb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f905f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e21c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca92bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396160b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a81174756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0b1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619bf03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da177069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc6f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76191bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc3100192e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6b1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c7ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf7c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4b552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba014b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf7541b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e07110331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b0997411dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c88df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e2255dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4d585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe6387900c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f136f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6fd42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f11bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf664583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8ddf5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b46441862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910fb6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f042596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62fb884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494308ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858a006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc6cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039aefd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64238b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad112f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c02e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1e7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe7688d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e85d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d38216258bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed684092ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715efe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304fab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853d0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37e36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0be3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6b8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b51df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f214bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d8a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e08be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a9259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de16095cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30c781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2313dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8fc8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd628615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c9f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb7d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853642b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c3d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b82ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f28131f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d22281546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7029c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de6e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc978180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab84bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc1c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559ddc893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64f75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06cf2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411d321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454efc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b956098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c55012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2ee70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2285d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b99c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f55321201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb721657d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c2979416f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93f7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94da6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6a47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee451693000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d62d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518f05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b4d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a00802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0c24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e07972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e5e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d956f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4fe6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a57392847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45c0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d57c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1ff81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d94fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a5ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb00f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20dfadcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4d3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca31678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a181de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47f09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9cd9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbeada61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e069e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587efb033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13ce0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6d98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e976267fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2e0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25eabe8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63bcf1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55c07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e93372346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbfad7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d7d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c88eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2fbeec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e053e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd408631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b310886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371bbaf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d79413dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b78ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e661dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da52077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82ccd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7d5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863428c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574f72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1f595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2274f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7d8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb18547b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca3a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db376fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a97926f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b98017fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01adb0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62cbd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad797704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e71e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06f9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed9782cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb539652f9212c875b7031300IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllLSP: c:\windows\system32\VetRedir.dllTrusted Zone: pogo.com\wwwDPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CABDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dllDPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dllDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxsrvc.dllNotify: PFW - UmxWnp.DllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\val\applic~1\mozilla\firefox\profiles\v7nm513q.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-11-11 26352]R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-11-11 21104]R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696]R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-11-11 21488]R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-11-11 32240]R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2007-11-11 144960]R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2007-11-11 238832]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-14 24652]R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520]S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?]S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-11-27 85504]=============== Created Last 30 ================2010-04-02 19:31:25 0 ----a-w- c:\documents and settings\val\defogger_reenable2010-03-31 17:45:19 0 d-----w- c:\docume~1\val\applic~1\Malwarebytes2010-03-31 17:44:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-31 17:44:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-03-31 17:44:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-31 17:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-03-31 03:51:17 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-03-12 21:37:27 0 d-----w- c:\windows\system32\NtmsData2010-03-11 00:08:19 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe==================== Find3M ====================2010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k72010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k62010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k52010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k42010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k32010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k22010-04-02 19:34:45 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k12010-04-02 19:34:45 539510 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k02010-03-31 03:50:35 410984 ----a-w- c:\windows\system32\deploytk.dll2010-03-06 07:28:45 15688 ----a-w- c:\windows\system32\lsdelete.exe2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe2010-02-15 02:01:27 70984 ----a-w- c:\documents and settings\val\g2mdlhlpx.exe2010-02-14 05:00:00 30976 ----a-w- c:\windows\rascntrl.dll2010-02-14 05:00:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll2010-02-14 05:00:00 16384 ----a-w- c:\windows\system32\msdrve.dll2010-02-14 05:00:00 10816 ----a-w- c:\windows\vmoptver.dll2004-08-04 10:00:00 94784 --sh--w- c:\windows\twain.dll2009-11-14 22:11:59 56 --sh--r- c:\windows\system32\9B0176E0FA.sys2009-11-14 22:11:59 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe2008-08-05 16:37:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat============= FINISH: 16:08:42.43 ===============Attach.zip Link to post Share on other sites More sharing options...
noobJ Posted April 7, 2010 Author ID:228457 Share Posted April 7, 2010 Hi again, I followed directions and posted my logs over 4 days ago, after 48 hours I contacted a moderator and was asked to be patient as the traffic is high since the release of version 1.45, however, I have been reading some of the other posts and some people that posted after me have already been assisted and their computers cleaned, so I am getting a bit disheartened. I have read a lot of posts and noticed that the people being helped are asked not to download anything or try to clean things up by themselves after logs are sent in, but I feel it is unreasonable to not update things (downloads) after this amount of time and of course my internet security updates several times a day. Before I read this advice, I did run my ISS anti-spyware and it removed a couple of malware cookies, but now I feel my hands are tied as far as using my computer.I have noticed that my logs have been downloaded once, but there is no way of knowing by whom. I would really appreciate some help if someone has the time.....Thank you. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 9, 2010 Root Admin ID:229973 Share Posted April 9, 2010 Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.---------------------------------------------------------------------------------------------Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.--------------------------------------------------------------------------------------------- Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
noobJ Posted April 10, 2010 Author ID:230036 Share Posted April 10, 2010 Hi, first of all, thank you, thank you, thank you for helping me.Here is my ComboFix log:ComboFix 10-04-08.06 - Val 04/09/2010 19:49:28.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.520 [GMT -4:00]Running from: c:\documents and settings\Val\Desktop\ComboFix.exeAV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}.((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 ))))))))))))))))))))))))))))))).2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll2010-03-12 21:37 . 2010-03-12 22:10 -------- d-----w- c:\windows\system32\NtmsData2010-03-11 00:08 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k72010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k62010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k52010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k42010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k32010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k22010-04-09 07:27 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k12010-04-09 07:27 . 2007-11-11 23:06 539510 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k02010-03-31 03:50 . 2008-12-16 18:26 410984 ----a-w- c:\windows\system32\deploytk.dll2010-03-31 03:50 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java2010-03-31 03:29 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java2010-03-27 20:37 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-03-11 07:32 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe2010-02-15 02:04 . 2010-02-15 02:04 -------- d-----w- c:\program files\Citrix2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll2008-04-14 00:12 . 2004-08-10 17:51 343040 --sha-w- c:\windows\system32\msvcrt.dll2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-31 148888][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"LegacyDrive"= b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e92a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d995309a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623dfb40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625075ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d25bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df4389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16cf9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c87d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711c609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449dc1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206f45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48005d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0f441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e47a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc3476b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0075b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d376bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5bed04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d0526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161dbd135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56cb53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f4c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde92b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9679ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a9958d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc05665f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c16eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b47814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6de0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed260bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc580e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf14515726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79ce367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0bb32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b073270e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff8228d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7cafb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f905f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e21c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca92bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396160b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a81174756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0b1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619bf03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da177069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc6f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76191bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc3100192e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6b1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c7ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf7c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4b552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba014b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf7541b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e07110331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b0997411dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c88df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e2255dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4d585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe6387900c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f136f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6fd42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f11bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf664583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8ddf5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b46441862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910fb6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f042596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62fb884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494308ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858a006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc6cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039aefd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64238b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad112f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c02e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1e7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe7688d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e85d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d38216258bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed684092ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715efe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304fab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853d0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37e36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0be3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6b8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b51df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f214bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d8a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e08be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a9259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de16095cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30c781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2313dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8fc8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd628615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c9f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb7d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853642b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c3d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b82ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f28131f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d22281546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7029c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de6e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc978180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab84bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc1c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559ddc893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64f75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06cf2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411d321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454efc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b956098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c55012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2ee70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2285d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b99c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f55321201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb721657d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c2979416f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93f7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94da6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6a47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee451693000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d62d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518f05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b4d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a00802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0c24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e07972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e5e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d956f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4fe6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a57392847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45c0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d57c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1ff81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d94fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a5ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb00f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20dfadcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4d3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca31678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a181de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47f09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9cd9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbeada61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e069e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587efb033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13ce0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6d98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e976267fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2e0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25eabe8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63bcf1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55c07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e93372346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbfad7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d7d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c88eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2fbeec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e053e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd408631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b310886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371bbaf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d79413dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b78ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e661dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da52077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82ccd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7d5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863428c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574f72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1f595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2274f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7d8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb18547b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca3a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db376fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a97926f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b98017fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01adb0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62cbd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad797704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e71e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06f9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed9782cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb539652f9212c875b7031300[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents\\Webshit\\setupxv.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\AIM6\\aim6.exe"=R0 lwctth;lwctth;c:\windows\System32\drivers\sjlimgl.sys [x]R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2008-06-24 93712]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160]S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-06 1029456]S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-04 1010192]S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-17 189704][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]tapisrv REG_MULTI_SZ Tapisrv.Contents of the 'Scheduled Tasks' folder2010-04-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]..------- Supplementary Scan -------.uStart Page = hxxp://www.pogo.com/home/home.domStart Page = hxxp://ca.yahoo.comuSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000LSP: c:\windows\system32\VetRedir.dllTrusted Zone: pogo.com\wwwDPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dllDPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dllFF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.- - - - ORPHANS REMOVED - - - -MSConfigStartUp-CamCheck - c:\program files\NuCam\CamCheck\CamCheck.exeMSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exeMSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exeAddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-04-09 20:02Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(2020)c:\windows\system32\UmxWnp.Dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll- - - - - - - > 'lsass.exe'(436)c:\windows\system32\VetRedir.dllc:\windows\system32\ISafeIf.dll- - - - - - - > 'explorer.exe'(3996)c:\windows\system32\WININET.dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2010-04-09 20:10:34ComboFix-quarantined-files.txt 2010-04-10 00:10Pre-Run: 52,231,049,216 bytes freePost-Run: 52,209,897,472 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - 74DB93D7466710C0BE65EC68476E3E1DComboFix did not reboot my computer, so I did because there were no icons in my system tray when it finished. After the reboot, I received an alert from WinPatrol, I am attaching a screen print, please advise if this change is ok......Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 13, 2010 Root Admin ID:232013 Share Posted April 13, 2010 No I don't see why your browser should be loading or changing so go ahead and keep it blocked for now.Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Environment (JRE) 19 and save it to your desktop.Scroll down to where it says JDK 6 Update 19 (JDK or JRE)Click the Download JRE button to the rightSelect the Windows platform from the dropdown menu.Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u19 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files Window[*]Click OK to leave the Java Control Panel.What we need to do now is run this online scan to search for any remnants. It can take several hours, so please be patient and allow it to run it's full course.Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner **Note**To optimize scanning time and produce a more sensible report for review: Close any open programsTurn off the real time scanner of any existing antivirus program while performing the online scan.Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. Link to post Share on other sites More sharing options...
noobJ Posted April 14, 2010 Author ID:232318 Share Posted April 14, 2010 Hi, Java updated, and here is my online scan report:Scan area - My Computer: C:\ D:\ E:\Scan statistics: Objects scanned: 89033 Threats found: 2 Infected objects found: 3 Suspicious objects found: 0 Scan duration: 03:12:13File name / Threat / Threats countD:\AV files\Coolpic.exe Infected: Hoax.Win32.BadJoke.JepRuss 1D:\Games\POGO\Tri_Peaks_Solitaire_2-setup.exe Infected: Trojan.Win32.Inject.hrj 1D:\images\Coolpic.exe Infected: Hoax.Win32.BadJoke.JepRuss 1Selected area has been scanned.I guess I'm not surprised that coolpic is considered an infection, what surprises me is that there's 2 of them lol, but I'm REALLY surprised by the pogo game! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 14, 2010 Root Admin ID:232469 Share Posted April 14, 2010 Okay those don't appear to really be anything to worry about.Please run the following scanners.Please download Lop S&DDouble-click on Lop S&D.exeChoose the language, then choose Option 1 (Search)Wait till the end of the scanPost the log which is created: (%SystemDrive%\lopR.txt), typcially C:\lopR.txtDownload DDS and save it to your desktophttp://download.bleepingcomputer.com/sUBs/dds.scrDisable any script blocker if your Anti-Virus/Anti-Malware has it.Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr to run the tool.When done, the DDS.txt will open.Click Yes at the next prompt for Optional Scan.When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include the following logs in your next reply: DDS.txt and Attach.txt Link to post Share on other sites More sharing options...
noobJ Posted April 14, 2010 Author ID:232824 Share Posted April 14, 2010 Ok, here is the LopR: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.40GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05 USER : Val ( Administrator ) BOOT : Normal boot Antivirus : CA Anti-Virus 8.4.0.28 (Activated) Firewall : CA Personal Firewall 9.1.0.38 (Activated) C:\ (Local Disk) - NTFS - Total:71 Go (Free:48 Go) D:\ (Local Disk) - NTFS - Total:37 Go (Free:35 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( Wed 04/14/2010|14:45 ) --------------------\\ Listing folders in APPLIC~1 [02/07/2009|03:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {83C91755-2546-441D-AC40-9A6B4B860800} [08/01/2008|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {F7498CBA-F30B-4739-8CF3-167AF0872B2E} [09/14/2009|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore [09/14/2009|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [09/14/2009|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [07/12/2007|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple [10/21/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [04/16/2008|02:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BWIBSQHDYG [02/19/2008|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CA [02/26/2008|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell [12/20/2009|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [08/16/2005|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek [10/01/2006|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP [01/08/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software [01/08/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software Solutions [08/16/2005|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [12/18/2007|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JDJBSQHDYG [07/27/2008|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft [11/08/2007|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LGJBSQHDYG [03/31/2010|01:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [11/24/2008|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [03/11/2010|03:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help [02/05/2010|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCPitstop [09/16/2005|06:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap [08/16/2005|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [12/14/2009|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RAJBSQHDYG [08/10/2004|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI [04/13/2010|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [03/13/2010|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sun [01/28/2008|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft [11/10/2005|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec [08/20/2009|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [09/14/2009|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [08/07/2006|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [03/29/2008|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller [06/16/2009|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! [08/22/2005|07:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL [08/10/2004|02:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [08/16/2005|08:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Jasc Software Inc [11/30/2009|08:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia [08/16/2005|08:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [08/16/2005|08:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun [08/16/2005|08:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec [08/16/2005|08:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver [03/04/2008|04:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [08/10/2004|01:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [09/14/2009|12:18] C:\DOCUME~1\Val\APPLIC~1\<DIR> acccore [02/06/2008|01:46] C:\DOCUME~1\Val\APPLIC~1\<DIR> Adobe [07/18/2009|08:53] C:\DOCUME~1\Val\APPLIC~1\<DIR> AdobeUM [08/22/2005|07:32] C:\DOCUME~1\Val\APPLIC~1\<DIR> AOL [11/14/2009|09:22] C:\DOCUME~1\Val\APPLIC~1\<DIR> Apple Computer [09/17/2005|09:14] C:\DOCUME~1\Val\APPLIC~1\<DIR> ArcSoft [10/12/2009|02:52] C:\DOCUME~1\Val\APPLIC~1\<DIR> Blitware [11/14/2009|06:11] C:\DOCUME~1\Val\APPLIC~1\<DIR> COREL [01/31/2010|03:26] C:\DOCUME~1\Val\APPLIC~1\<DIR> Foxit [11/11/2007|03:01] C:\DOCUME~1\Val\APPLIC~1\<DIR> Google [04/13/2007|09:29] C:\DOCUME~1\Val\APPLIC~1\<DIR> Gtek [02/25/2006|09:00] C:\DOCUME~1\Val\APPLIC~1\<DIR> Help [10/08/2006|02:35] C:\DOCUME~1\Val\APPLIC~1\<DIR> HP [08/10/2004|02:08] C:\DOCUME~1\Val\APPLIC~1\<DIR> Identities [03/22/2008|01:50] C:\DOCUME~1\Val\APPLIC~1\<DIR> Image Zone Express [08/16/2005|08:53] C:\DOCUME~1\Val\APPLIC~1\<DIR> Jasc Software Inc [02/18/2008|02:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Lavasoft [08/22/2005|07:10] C:\DOCUME~1\Val\APPLIC~1\<DIR> Leadertech [12/25/2009|12:07] C:\DOCUME~1\Val\APPLIC~1\<DIR> LimeWire [08/22/2005|07:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Macromedia [03/31/2010|01:45] C:\DOCUME~1\Val\APPLIC~1\<DIR> Malwarebytes [11/18/2007|03:09] C:\DOCUME~1\Val\APPLIC~1\<DIR> Microsoft [09/12/2005|06:08] C:\DOCUME~1\Val\APPLIC~1\<DIR> Microsoft Web Folders [09/02/2008|06:06] C:\DOCUME~1\Val\APPLIC~1\<DIR> Mozilla [11/27/2009|03:18] C:\DOCUME~1\Val\APPLIC~1\<DIR> PCPitstop [05/20/2009|06:15] C:\DOCUME~1\Val\APPLIC~1\<DIR> Pogo Games [08/29/2005|07:22] C:\DOCUME~1\Val\APPLIC~1\<DIR> Share-to-Web Upload Folder [08/22/2005|07:13] C:\DOCUME~1\Val\APPLIC~1\<DIR> Sonic [08/16/2005|08:48] C:\DOCUME~1\Val\APPLIC~1\<DIR> Sun [08/16/2005|08:59] C:\DOCUME~1\Val\APPLIC~1\<DIR> Symantec [07/31/2008|03:06] C:\DOCUME~1\Val\APPLIC~1\<DIR> System Tweaker [01/05/2009|10:03] C:\DOCUME~1\Val\APPLIC~1\<DIR> SystemRequirementsLab [08/01/2008|01:29] C:\DOCUME~1\Val\APPLIC~1\<DIR> Uniblue [10/23/2009|08:58] C:\DOCUME~1\Val\APPLIC~1\<DIR> Viewpoint [11/02/2009|03:40] C:\DOCUME~1\Val\APPLIC~1\<DIR> WinPatrol [06/16/2009|11:47] C:\DOCUME~1\Val\APPLIC~1\<DIR> Yahoo! [08/16/2005|08:51] C:\DOCUME~1\Val\APPLIC~1\<DIR> You've Got Pictures Screensaver --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [03/27/2010 12:26 PM][--a------] C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job [04/12/2010 02:28 AM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [04/14/2010 01:02 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [09/17/2005|08:56] C:\Program Files\<DIR> ACD Systems [07/18/2009|08:30] C:\Program Files\<DIR> Adobe [12/27/2008|10:08] C:\Program Files\<DIR> Ahead [09/14/2009|12:17] C:\Program Files\<DIR> AIM6 [08/16/2005|08:37] C:\Program Files\<DIR> Analog Devices [07/12/2007|11:28] C:\Program Files\<DIR> Apple Software Update [09/17/2005|09:06] C:\Program Files\<DIR> ArcSoft [12/12/2009|06:05] C:\Program Files\<DIR> AutoPogo1 [11/16/2009|06:26] C:\Program Files\<DIR> Avery Wizard 3.1 [11/02/2009|02:07] C:\Program Files\<DIR> BillP Studios [11/29/2009|02:51] C:\Program Files\<DIR> Broadcom [08/16/2005|08:49] C:\Program Files\<DIR> Broadcom Management Programs [11/11/2007|03:48] C:\Program Files\<DIR> CA [04/13/2010|01:28] C:\Program Files\<DIR> CCleaner [02/14/2010|10:04] C:\Program Files\<DIR> Citrix [04/09/2010|07:56] C:\Program Files\<DIR> Common Files [08/16/2005|08:49] C:\Program Files\<DIR> Dell [08/16/2005|08:54] C:\Program Files\<DIR> Dell Inc [01/28/2008|12:44] C:\Program Files\<DIR> Dell Support Center [04/13/2007|03:32] C:\Program Files\<DIR> DellSupport [09/17/2005|09:08] C:\Program Files\<DIR> directx [01/31/2010|03:25] C:\Program Files\<DIR> Foxit Software [12/20/2009|12:34] C:\Program Files\<DIR> Google [05/10/2009|04:25] C:\Program Files\<DIR> Greeting Card Creator 32 [11/02/2006|06:10] C:\Program Files\<DIR> Hewlett-Packard [11/02/2006|06:11] C:\Program Files\<DIR> HP [11/29/2007|10:06] C:\Program Files\<DIR> InstallShield Installation Information [03/31/2010|01:25] C:\Program Files\<DIR> Internet Explorer [03/29/2008|08:24] C:\Program Files\<DIR> Jasc Software Inc [04/13/2010|02:57] C:\Program Files\<DIR> Java [02/07/2009|03:13] C:\Program Files\<DIR> Lavasoft [08/16/2005|08:51] C:\Program Files\<DIR> Learn2.com [03/31/2010|01:45] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [08/12/2008|11:20] C:\Program Files\<DIR> Messenger [03/29/2008|08:54] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2 [09/12/2005|06:07] C:\Program Files\<DIR> microsoft frontpage [11/11/2007|07:37] C:\Program Files\<DIR> Microsoft Office [08/16/2005|08:53] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition [08/16/2005|08:53] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE [11/11/2007|07:36] C:\Program Files\<DIR> Microsoft Visual Studio [10/20/2009|02:25] C:\Program Files\<DIR> Microsoft Works [11/11/2007|07:35] C:\Program Files\<DIR> Microsoft.NET [03/11/2010|03:29] C:\Program Files\<DIR> Movie Maker [04/03/2010|11:45] C:\Program Files\<DIR> Mozilla Firefox [02/18/2010|01:59] C:\Program Files\<DIR> MSBuild [10/07/2008|06:23] C:\Program Files\<DIR> MSN [08/10/2004|02:01] C:\Program Files\<DIR> MSN Gaming Zone [11/20/2006|08:47] C:\Program Files\<DIR> MSXML 4.0 [08/16/2005|08:55] C:\Program Files\<DIR> MUSICMATCH [08/05/2008|02:13] C:\Program Files\<DIR> NetMeeting [09/17/2005|09:07] C:\Program Files\<DIR> NuCam Corp [11/04/2009|01:28] C:\Program Files\<DIR> Oberon Media [10/10/2005|08:39] C:\Program Files\<DIR> OfficeUpdate11 [08/10/2004|02:01] C:\Program Files\<DIR> Online Services [08/13/2009|03:47] C:\Program Files\<DIR> Outlook Express [11/27/2009|03:18] C:\Program Files\<DIR> PCPitstop [07/12/2007|11:29] C:\Program Files\<DIR> QuickTime [02/18/2010|01:59] C:\Program Files\<DIR> Reference Assemblies [01/08/2008|07:52] C:\Program Files\<DIR> ShortKeys2 [08/16/2005|08:56] C:\Program Files\<DIR> Sonic [11/14/2009|03:39] C:\Program Files\<DIR> Spybot - Search & Destroy [11/10/2005|08:20] C:\Program Files\<DIR> Symantec [01/05/2009|10:03] C:\Program Files\<DIR> SystemRequirementsLab [11/17/2006|10:07] C:\Program Files\<DIR> tcConference [11/18/2007|08:51] C:\Program Files\<DIR> TheWeatherNetwork [08/01/2008|01:29] C:\Program Files\<DIR> Uniblue [12/18/2006|05:05] C:\Program Files\<DIR> Uninstall Information [09/14/2009|12:17] C:\Program Files\<DIR> Viewpoint [08/16/2005|09:04] C:\Program Files\<DIR> WebCyberCoach [03/29/2008|02:56] C:\Program Files\<DIR> Windows Live [04/04/2009|02:40] C:\Program Files\<DIR> Windows Live Safety Center [12/22/2007|01:59] C:\Program Files\<DIR> Windows Media Connect 2 [08/05/2008|02:13] C:\Program Files\<DIR> Windows Media Player [08/05/2008|02:13] C:\Program Files\<DIR> Windows NT [01/30/2010|08:56] C:\Program Files\<DIR> WindowsRepairKit [10/09/2005|03:44] C:\Program Files\<DIR> WON [08/23/2005|05:16] C:\Program Files\<DIR> WordPerfect Office 12 [05/21/2006|05:10] C:\Program Files\<DIR> World of Warcraft [08/10/2004|02:04] C:\Program Files\<DIR> xerox [06/16/2009|12:12] C:\Program Files\<DIR> Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [09/20/2005|04:25] C:\Program Files\Common Files\<DIR> Adobe [12/27/2008|10:08] C:\Program Files\Common Files\<DIR> Ahead [06/05/2009|12:27] C:\Program Files\Common Files\<DIR> AOL [11/29/2007|09:47] C:\Program Files\Common Files\<DIR> Avery [03/05/2007|09:39] C:\Program Files\Common Files\<DIR> Blizzard Entertainment [08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Borland Shared [08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Corel [11/11/2007|07:36] C:\Program Files\Common Files\<DIR> DESIGNER [04/27/2009|11:52] C:\Program Files\Common Files\<DIR> EasyInfo [11/08/2007|02:27] C:\Program Files\Common Files\<DIR> eSellerate [08/29/2005|07:21] C:\Program Files\Common Files\<DIR> Hewlett-Packard [11/02/2006|06:11] C:\Program Files\Common Files\<DIR> HP [01/08/2008|07:50] C:\Program Files\Common Files\<DIR> Insight Software Solutions [09/17/2005|09:05] C:\Program Files\Common Files\<DIR> InstallShield [04/13/2010|03:00] C:\Program Files\Common Files\<DIR> Java [10/20/2009|02:32] C:\Program Files\Common Files\<DIR> Microsoft Shared [08/10/2004|02:02] C:\Program Files\Common Files\<DIR> MSSoap [12/27/2008|10:09] C:\Program Files\Common Files\<DIR> Nero [08/16/2005|08:51] C:\Program Files\Common Files\<DIR> Nullsoft [11/11/2007|07:35] C:\Program Files\Common Files\<DIR> ODBC [08/30/2008|02:46] C:\Program Files\Common Files\<DIR> Real [11/11/2007|03:36] C:\Program Files\Common Files\<DIR> Scanner [08/10/2004|02:02] C:\Program Files\Common Files\<DIR> Services [10/09/2005|03:44] C:\Program Files\Common Files\<DIR> Sierra On-Line [08/16/2005|08:57] C:\Program Files\Common Files\<DIR> Sonic Shared [08/10/2004|01:57] C:\Program Files\Common Files\<DIR> SpeechEngines [01/28/2008|12:44] C:\Program Files\Common Files\<DIR> supportsoft [11/10/2005|08:20] C:\Program Files\Common Files\<DIR> Symantec Shared [08/05/2008|02:13] C:\Program Files\Common Files\<DIR> System [03/29/2008|01:33] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller --------------------\\ Process ( 51 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-14 15:15:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Val\Desktop\Docs\My Music\Neil Diamond - Cracklin' Rosie.mp3 [F:18][D:3]-> C:\DOCUME~1\Val\LOCALS~1\Temp [F:1][D:0]-> C:\DOCUME~1\Val\Cookies [F:6][D:6]-> C:\DOCUME~1\Val\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Wed 04/14/2010|15:27 - Option : [1] --------------------\\ Scan completed at 15:27:17Next....I still had DDS from before since I hadn't been told to delete it, but thought it might be important to download fresh, so I renamed the old one and the reports and downloaded again.....however, I was not given a prompt for Optional Scan. I disconnected from the internet and disabled my internet security suite totally since it can be a PITP (pain in the posterior) sometimes.....here is the DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by Val at 15:40:38.76 on Wed 04/14/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.402 [GMT -4:00]AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exesvchost.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k tapisrvC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Documents\Webshit\WinPatrol\winpatrol.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Documents and Settings\Val\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wscntfy.exeC:\Documents and Settings\Val\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.pogo.com/home/home.domStart Page = hxxp://ca.yahoo.comuSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.comBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileuRun: [uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\SpeedUpMyPC.exe -suRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -clmRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exemRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exemRun: [WinPatrol] c:\documents\webshit\winpatrol\winpatrol.exemRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcentermRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"uPolicies-explorer: LegacyDrive = b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e92a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d995309a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623dfb40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625075ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d25bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df4389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16cf9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c87d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711c609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449dc1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206f45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48005d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0f441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e47a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc3476b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0075b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d376bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5bed04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d0526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161dbd135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56cb53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f4c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde92b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9679ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a9958d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc05665f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c16eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b47814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6de0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed260bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc580e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf14515726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79ce367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0bb32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b073270e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff8228d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7cafb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f905f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e21c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca92bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396160b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a81174756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0b1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619bf03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da177069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc6f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76191bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc3100192e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6b1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c7ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf7c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4b552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba014b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf7541b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e07110331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b0997411dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c88df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e2255dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4d585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe6387900c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f136f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6fd42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f11bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf664583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8ddf5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b46441862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910fb6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f042596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62fb884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494308ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858a006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc6cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039aefd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64238b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad112f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c02e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1e7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe7688d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e85d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d38216258bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed684092ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715efe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304fab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853d0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37e36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0be3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6b8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b51df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f214bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d8a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e08be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a9259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de16095cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30c781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2313dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8fc8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd628615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c9f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb7d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853642b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c3d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b82ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f28131f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d22281546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7029c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de6e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc978180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab84bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc1c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559ddc893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64f75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06cf2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411d321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454efc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b956098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c55012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2ee70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2285d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b99c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f55321201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb721657d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c2979416f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93f7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94da6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6a47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee451693000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d62d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518f05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b4d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a00802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0c24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e07972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e5e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d956f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4fe6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a57392847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45c0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d57c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1ff81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d94fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a5ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb00f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20dfadcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4d3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca31678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a181de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47f09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9cd9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbeada61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e069e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587efb033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13ce0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6d98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e976267fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2e0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25eabe8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63bcf1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55c07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e93372346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbfad7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d7d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c88eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2fbeec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e053e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd408631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b310886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371bbaf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d79413dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b78ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e661dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da52077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82ccd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7d5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863428c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574f72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1f595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2274f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7d8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb18547b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca3a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db376fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a97926f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b98017fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01adb0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62cbd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad797704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e71e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06f9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed9782cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb539652f9212c875b7031300IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllLSP: c:\windows\system32\VetRedir.dllTrusted Zone: pogo.com\wwwDPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CABDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dllDPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dllDPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: igfxcui - igfxsrvc.dllNotify: PFW - UmxWnp.DllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\val\applic~1\mozilla\firefox\profiles\v7nm513q.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-11-11 26352]R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-11-11 21104]R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696]R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-11-11 21488]R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-11-11 32240]R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2007-11-11 144960]R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2007-11-11 238832]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-14 24652]R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520]S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?]S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-11-27 85504]=============== Created Last 30 ================2010-04-14 18:43:22 0 d-----w- C:\Lop SD2010-04-13 18:58:27 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-04-09 23:47:15 0 d-sha-r- C:\cmdcons2010-04-09 23:41:26 98816 ----a-w- c:\windows\sed.exe2010-04-09 23:41:26 77312 ----a-w- c:\windows\MBR.exe2010-04-09 23:41:26 261632 ----a-w- c:\windows\PEV.exe2010-04-09 23:41:26 161792 ----a-w- c:\windows\SWREG.exe2010-04-02 19:31:25 0 ----a-w- c:\documents and settings\val\defogger_reenable2010-03-31 17:45:19 0 d-----w- c:\docume~1\val\applic~1\Malwarebytes2010-03-31 17:44:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-31 17:44:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-03-31 17:44:37 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-31 17:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware==================== Find3M ====================2010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k72010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k62010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k52010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k42010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k32010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k22010-04-14 07:29:29 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k12010-04-14 07:29:29 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k02010-04-13 18:57:52 411368 ----a-w- c:\windows\system32\deploytk.dll2010-03-06 07:28:45 15688 ----a-w- c:\windows\system32\lsdelete.exe2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe2010-02-15 02:01:27 70984 ----a-w- c:\documents and settings\val\g2mdlhlpx.exe2010-02-14 05:00:00 30976 ----a-w- c:\windows\rascntrl.dll2010-02-14 05:00:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll2010-02-14 05:00:00 16384 ----a-w- c:\windows\system32\msdrve.dll2010-02-14 05:00:00 10816 ----a-w- c:\windows\vmoptver.dll2004-08-04 10:00:00 94784 --sh--w- c:\windows\twain.dll2009-11-14 22:11:59 56 --sh--r- c:\windows\system32\9B0176E0FA.sys2009-11-14 22:11:59 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe2008-08-05 16:37:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat============= FINISH: 15:43:02.18 ===============and here is the Attach.txt (instructions in the report said to zip it up and attach, if you want me to copy and paste, let me know)Attach.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 14, 2010 Root Admin ID:232903 Share Posted April 14, 2010 Please start REGEDIT and browse to the following keyHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerThen on the file menu chose File, Export and select "Win9x/NT4 Registration Files (*.reg)" and export it out to your desktop.Then close REGEDIT and right click over the file you just exported and choose EDIT and okay any warning. Then copy all and paste it back on your next reply.Do you DUAL boot this system with another OS? Link to post Share on other sites More sharing options...
noobJ Posted April 15, 2010 Author ID:232961 Share Posted April 15, 2010 OK, that was scary, and I had to google REGEDIT to find out how to do it (blushing), but I managed and here it is:REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoDriveTypeAutoRun"=dword:00000143"DriveConfiguration"=hex:0c,a3,56,46,10,d6,45,25,ad,8e,b1,66,9b,f3,34,0d,59,d9,\ 5d,39,20,e8,4a,62,15,fb,79,df,c2,c7,db,ab,c7,bd,2a,68,cd,31,7d,a4,bc,bb,1a,\ 5c,2e,de,8b,be,23,e7,f4,33,f6,18,a3,9d,8f,06,e9,dd,db,40,28,99,79,31,2e,3c,\ b7,48,c1,3e,bc,55,7b,a5,c1,06,37,d8,cc,18,b4,8e,63,6c,a8,1d,b7,af,62,a6,33,\ 2d,4b,00,27,8a,c8,09,c9,b4,62,3a,79,15,24,7f,4a,0d,45,45,bd,9f,07,d4,cf,6b,\ df,df,37,dc,d6,59,e9,a2,2f,8b,de,63,4a,64,17,ad,c8,10,e0,30,f0,cb,52,2a,52,\ f8,1b,22,aa,6d,81,d9,07,12,a5,d7,7e,2c,aa,05,21,36,f0,45,6a,7f,e6,2f,8b,c3,\ 6a,f8,73,81,0a,c5,44,a4,19,6d,08,63,02,81,9f,66,dd,8a,fc,2a,40,91,91,a6,58,\ e5,08,2f,38,18,34,99,70,4b,47,9f,e2,ab,45,84,d1,3c,b9,fb,3b,d5,a6,44,69,6c,\ c0,99,c4,94,dc,c8,ea,44,a6,21,01,da,e7,92,92,4b,60,15,11,fb,0d,14,3a,48,0f,\ 9c,3a,bf,87,d5,eb,dd,d6,31,40,dd,17,e9,e4,cf,ec,aa,1e,ea,7e,8b,f8,23,bf,43,\ a0,fe,f2,99,0e,a5,6e,1b,e7,37,9f,13,a2,62,4d,b7,e9,34,21,a0,42,2e,65,7e,ee,\ 9b,0b,09,11,1f,f1,3a,14,93,63,bc,48,10,e1,c1,9d,cc,4a,23,4a,b0,20,5b,ba,5a,\ 70,ba,e9,29,30,35,88,59,bb,89,f3,27,68,7d,63,35,61,67,65,2f,b3,f1,8b,af,a1,\ 1d,61,5e,3e,87,a2,5c,3b,ea,ac,e3,fd,e6,32,27,f2,01,31,80,26,eb,25,ca,11,06,\ 7c,0c,b3,25,4b,59,e3,94,40,f4,e5,59,d7,b7,3a,ba,a4,d1,b6,bc,00,e2,1f,ea,7a,\ ab,64,80,c4,e7,9d,4a,48,e9,27,3b,06,46,92,b9,91,cf,ba,3c,5a,c2,33,17,31,40,\ eb,95,09,02,0a,48,fc,48,1d,9e,8e,13,74,b5,36,94,c8,71,1b,e4,21,cb,1b,f5,f7,\ 6c,11,c9,98,7a,58,e2,c9,b2,8b,f9,b0,b7,8f,f3,f2,a9,d4,9f,10,18,fa,d7,66,37,\ 7d,ec,8e,d0,c0,3a,9d,f5,9c,07,55,ad,0a,35,9d,9a,38,0d,2f,d9,dd,3c,91,2a,c9,\ 1b,46,51,c0,34,45,bb,88,01,aa,65,41,f6,ac,fa,f5,c2,cf,3b,70,d3,5a,a4,52,18,\ 0c,4d,62,0a,0b,0e,25,ed,1d,e6,af,53,1a,9e,ba,e3,a1,a9,f5,58,b0,0b,4f,9e,cc,\ 9d,0a,53,37,02,31,26,33,f8,d3,ef,02,49,e6,e6,d1,fd,a1,71,3e,ce,26,3a,19,dc,\ 64,85,67,a2,3c,c0,ad,29,e2,5c,6b,7b,87,dc,e6,5b,35,2c,2a,33,fa,33,50,4e,48,\ ab,fd,47,9c,31,2b,c2,5e,98,2c,59,08,83,eb,d9,8b,33,76,af,ee,9d,b9,be,9d,39,\ c0,8c,b1,91,35,f1,78,a4,08,96,6f,48,c6,a2,ba,5e,d7,ad,19,fd,0e,10,17,cc,7f,\ 60,84,b0,91,35,26,a8,53,30,ac,f4,14,3c,e3,7d,2d,13,2d,71,22,04,2e,2e,ea,f4,\ c8,61,8a,a4,4a,6f,e9,31,e4,14,df,e1,5e,49,8f,1c,0a,6c,f7,b9,f8,9b,c5,7b,c5,\ 68,60,6c,dc,85,94,78,09,50,7d,1e,2d,da,3a,18,f2,b6,61,af,45,ae,e6,1a,5a,b5,\ 3f,06,f1,1d,c5,76,d7,0a,5e,cd,af,27,59,29,f2,97,99,f3,35,2e,f6,b4,ab,e2,e0,\ 2b,ea,7c,45,9c,f2,93,b5,6a,6b,bb,c5,e8,2e,fa,b1,6d,07,7b,45,a6,b9,87,fd,31,\ 43,af,b0,6b,67,62,50,d9,79,57,32,2f,be,ea,8e,18,4b,af,3b,61,c5,88,20,a1,73,\ 6b,eb,1f,97,66,06,f0,ff,e0,c7,60,d7,21,e8,93,c1,14,36,6c,27,4c,8d,ae,d0,46,\ 03,62,b2,ee,64,78,08,64,df,b1,a4,ff,fe,bb,85,92,db,9e,ac,ef,91,58,2c,aa,f2,\ c4,81,20,de,78,c1,22,b7,7d,8f,59,66,ae,7c,53,79,bd,c1,73,8e,56,a7,ec,e4,55,\ ee,8f,d5,36,6e,e1,a0,cc,ff,71,6c,36,97,69,8a,0f,b2,62,fb,e6,f7,7d,32,ee,18,\ af,1a,f6,fa,5c,5b,9b,16,28,d9,bc,1e,09,7e,2e,e4,a1,3a,b1,78,cc,48,23,91,75,\ b2,f4,2f,ad,17,d0,da,7e,fe,ac,c6,fc,fc,81,16,de,1e,06,0c,b0,cc,cd,7f,3d,b9,\ 91,d0,ae,73,78,20,f6,38,95,c0,6d,0c,b1,e9,ba,08,4b,ae,f7,f5,dd,2e,10,1a,61,\ 0e,6c,51,14,27,d0,60,7a,7b,80,87,a2,6e,a7,56,ab,32,f8,c1,87,84,96,76,ff,96,\ 31,6e,f7,4c,72,c3,f4,c5,aa,9a,c1,db,8d,66,3f,fb,9a,35,30,4e,75,6c,75,fc,33,\ 1a,f5,21,11,d8,f0,d0,66,f3,90,58,d6,ce,c2,c6,c9,81,43,ab,1b,c6,fe,1f,15,16,\ 95,05,9d,0f,3e,91,a9,19,d0,08,f9,49,1d,c7,06,85,83,87,36,ea,be,df,51,6a,00,\ 0a,38,ba,44,eb,d5,6b,df,4e,bd,4e,56,58,71,7e,3e,79,c3,a5,b1,a6,eb,5e,2f,6e,\ 0c,d2,8e,60,48,2c,9d,20,83,4c,08,b9,69,c0,7c,35,b2,f0,0b,6b,a4,98,d1,19,da,\ 7c,d8,33,45,56,39,7a,70,14,84,4f,08,40,62,ca,9b,c0,79,07,a0,bf,90,c0,b8,eb,\ f4,21,33,e1,1a,d7,d6,e5,85,6b,db,95,d7,ea,ce,3a,62,93,34,27,77,01,26,dc,fa,\ d5,d3,98,bb,f0,a8,e8,a7,da,20,25,3f,60,dc,3e,4a,82,f6,b7,c7,8c,93,f2,26,82,\ b7,ae,b8,c1,5d,cd,63,e4,c8,5a,9a,e5,14,ca,8c,84,10,82,9c,ed,50,9a,12,95,7d,\ e1,10,65,f0,21,c7,1a,7f,a4,ea,ec,97,f6,95,63,6d,8b,ed,46,b5,2c,e7,03,bc,9a,\ 53,df,07,59,73,a5,87,a8,5f,98,be,0e,4e,ad,23,35,11,f7,c8,fb,e0,63,3a,c7,59,\ a5,a8,19,c6,72,48,66,9f,f0,f7,22,4f,6b,1f,1e,3b,49,de,14,01,40,65,80,fd,c6,\ 9e,b2,12,c9,11,22,a7,a1,08,03,ef,43,f1,1b,6e,95,b7,05,d1,b9,cc,27,88,7d,0a,\ 0f,2b,c2,e8,a7,09,71,3f,b5,e4,14,ff,bb,44,de,20,1b,11,eb,dc,7f,61,c8,1c,78,\ 8f,36,30,65,8d,2b,c2,97,7b,1a,0d,b3,78,74,4a,57,b8,6f,6b,00,d6,06,0c,2b,6c,\ 41,a7,ba,e2,b6,07,9a,83,50,ff,a3,d6,4f,5b,bf,2b,90,95,17,4f,74,0f,cf,ca,56,\ aa,77,a7,80,28,4c,7e,3c,79,0a,6a,43,3f,60,b1,d6,8e,a1,a7,0a,f0,bc,cf,64,ad,\ 6e,44,a5,49,b6,57,e7,4d,8a,7a,e9,4a,c8,5c,a8,1c,6f,56,2f,6c,0f,06,af,78,7e,\ 39,d2,17,cd,0f,4d,f7,7a,59,b4,2a,e7,46,93,e1,0b,3f,ba,77,95,68,0f,d8,b1,3d,\ 47,4c,44,fc,e1,37,97,fe,23,d6,cb,76,c6,0f,f8,a4,58,49,ba,4b,df,81,ed,64,bf,\ 9a,b4,14,de,f5,c0,dc,05,42,cf,0f,89,96,72,8a,2c,bd,14,9f,3e,d1,38,52,07,0b,\ 02,c8,6a,da,f9,fc,c2,32,0b,b4,10,27,d1,b3,58,ba,15,31,48,f3,92,95,88,1b,30,\ fa,30,bd,bc,3e,ed,30,a3,09,47,2e,c5,8d,3b,10,2a,83,30,ee,95,6d,2c,08,5c,1f,\ 48,64,76,7d,62,b9,d6,86,11,8c,f7,92,de,99,b9,d7,b1,74,6b,32,89,70,29,24,70,\ c0,68,1b,ae,dc,cf,f4,3e,26,48,bd,7e,ce,58,bf,2a,f3,ab,bc,8b,0b,f4,75,95,ec,\ 84,f3,6f,4e,ab,d7,f7,5d,ce,c7,64,a2,9d,bc,9c,f9,d6,91,da,46,22,5d,ae,64,39,\ 00,44,5e,4d,fc,ea,e2,a6,86,cd,f2,89,dd,03,dd,5f,db,cf,6e,13,ca,20,63,bc,78,\ 5a,20,7c,8e,59,a5,a8,1d,b3,be,29,7a,3e,79,22,4c,d3,dd,d2,e3,51,d9,bc,cc,e4,\ 95,7b,06,a2,87,62,20,26,c7,76,a5,92,ca,d6,86,2b,91,12,65,16,7a,9b,3f,6c,09,\ 78,4e,90,e7,3a,2e,c1,2b,31,3e,eb,d9,e0,49,c3,a8,af,66,12,09,e0,1c,51,64,c4,\ ca,77,a5,2f,46,0f,f7,29,c5,8d,cf,e6,fb,e2,2d,f8,82,4e,1e,c4,80,76,86,33,85,\ b6,1c,95,a9,b2,b8,b6,3b,20,46,c7,1d,7f,5c,26,59,fe,82,11,c7,6b,58,71,39,9c,\ 73,5f,f6,0d,67,e8,6a,ca,25,0d,1b,90,88,0e,df,2f,2a,e9,4c,32,7c,1d,71,c2,16,\ b3,c3,c8,4b,7f,5a,52,01,a4,5e,38,bf,56,bc,ff,08,e4,1d,fd,e8,f5,18,be,cc,11,\ a6,a7,96,64,95,d7,d9,f1,bf,c4,58,e2,e0,c5,6d,a0,f3,e4,49,a6,58,91,ea,06,a7,\ 96,43,00,f2,4e,97,d3,4a,12,26,d3,84,f5,0b,bc,3c,b1,65,46,1b,e0,b5,fa,56,70,\ 87,43,77,51,55,c8,60,70,a8,f9,8d,e9,80,e8,99,78,f6,5b,04,31,20,1f,33,72,35,\ 9f,b8,15,f1,b4,d4,95,ea,3b,bf,3a,64,06,f6,16,92,75,fb,4e,51,42,b3,08,c1,60,\ 55,6c,f5,df,c1,ab,ef,10,14,40,cb,eb,79,75,3a,ad,41,2a,32,c5,37,d2,e4,f1,2d,\ be,ef,a5,db,9e,d3,ac,ea,45,a8,11,4b,ac,0f,40,cd,3a,6a,69,ef,42,48,25,f2,cd,\ 23,5c,33,9b,4e,66,b8,64,95,29,70,09,63,97,22,41,15,b2,7e,64,3f,bd,0c,f3,2e,\ 59,34,be,42,fc,eb,fa,ae,a0,91,93,79,b8,1a,c3,c8,68,6d,e4,60,f5,09,83,67,7b,\ ee,b5,6a,de,bb,ae,a4,02,14,8f,7e,3f,46,80,52,0f,2e,ff,74,0a,56,77,73,15,62,\ 15,9c,d6,ab,d7,c0,6a,29,e6,37,95,5b,96,25,25,cc,d0,0a,fc,f7,80,ac,43,da,f9,\ 1e,95,2c,62,fc,ec,96,18,43,1f,20,4e,66,aa,e9,f6,9e,ae,1c,e5,81,38,1f,32,d6,\ c6,0e,df,a8,08,67,bb,99,e3,07,86,79,bb,55,57,17,f2,bd,3b,57,ac,60,1f,85,d6,\ 09,f0,e9,66,63,00,9c,e4,6a,ac,99,29,95,20,3b,17,66,81,0a,17,69,b8,e6,39,1c,\ 93,ba,d3,4f,35,6a,44,b7,0a,fe,86,36,00,03,03,5c,f5,2e,aa,2e,6b,43,41,27,83,\ 35,fd,7d,29,8f,50,a5,8c,12,02,19,d1,a0,83,59,08,58,80,30,5f,03,b4,38,95,af,\ 01,a0,b2,99,bf,2d,f6,51,53,7f,0f,18,04,96,95,8e,8d,0b,94,9c,89,e9,c5,e9,47,\ fe,dc,e6,c8,56,80,34,75,c6,07,5c,06,38,81,c0,a4,43,f8,d1,4a,ff,f6,83,71,17,\ 48,fe,ec,1f,02,97,11,28,c3,fe,19,92,3a,b9,c9,22,e9,d1,52,54,29,cb,77,f3,6f,\ d9,ed,e6,cd,52,07,4d,bc,60,92,cd,18,f8,fe,27,6c,d5,10,bf,10,70,0c,f3,3c,d0,\ 79,45,bd,2f,fd,11,8b,6c,8e,c9,64,24,e3,97,d6,78,28,44,99,10,f6,58,23,5f,82,\ 83,77,29,15,3b,3e,43,bc,a7,18,9a,40,bc,34,77,58,a5,1e,02,1e,69,d9,04,c0,c8,\ 2e,f1,78,65,43,25,be,2b,6f,6e,bb,e9,4d,cb,02,3f,10,73,95,7b,be,16,19,9f,4b,\ bf,6f,eb,c4,7f,e9,8e,e6,32,c3,65,6f,b0,45,2a,7f,a2,46,e9,44,94,ef,b3,d6,4a,\ c1,95,60,58,d9,cb,81,ed,73,32,f2,f0,ae,fc,68,4e,8e,a7,bc,92,47,30,49,b6,b9,\ 84,95,38,37,37,34,71,8c,78,ea,22,40,45,10,50,17,db,39,53,db,95,71,14,29,5b,\ 25,94,10,b4,37,4f,53,cf,75,24,64,2b,f6,21,2b,dd,0b,a4,9e,d5,73,c0,92,62,ce,\ e2,d0,f8,54,b4,6c,31,c7,41,52,13,a6,5a,22,91,a4,39,3e,54,58,65,20,bb,36,d5,\ f2,20,be,58,58,5d,f3,34,90,8e,0f,0e,be,19,75,0a,81,ec,e7,32,ca,06,95,f9,1c,\ ee,39,c6,c7,fa,2e,e1,c7,46,a9,8e,a2,4d,0e,33,79,bb,24,09,eb,c8,1a,17,36,c5,\ c8,61,9f,f4,36,5d,14,9d,62,a6,11,5e,3e,f4,c0,c3,f9,4c,64,16,7f,74,f7,79,43,\ aa,12,31,3c,95,0e,45,2d,7c,69,48,2a,b6,6b,73,58,62,09,f6,f4,57,09,90,97,95,\ 5e,67,5e,b8,9f,f8,f0,72,5a,4d,a2,87,d8,da,2a,a6,a0,57,6d,e9,ed,67,97,a2,60,\ 78,6a,57,f3,ea,d6,0b,2e,73,cb,bf,9d,c2,4b,39,81,62,c3,04,c6,e2,9b,b8,35,33,\ 0c,7b,eb,51,32,c8,0a,25,62,6f,ae,aa,bd,de,23,50,05,9e,55,9d,b0,20,87,1a,3b,\ ba,95,48,6d,c1,ed,a3,c3,cc,e9,97,71,6b,53,c6,da,85,45,71,93,6c,97,a4,c5,b5,\ 5d,ae,d3,48,b0,d4,3d,b3,b2,47,c4,c3,cc,52,d0,56,3a,d8,0e,6b,ca,fe,5d,7b,e0,\ 25,eb,0c,be,1b,9b,83,02,92,ab,3a,70,d1,93,d2,f2,a9,30,cb,dd,ab,21,51,76,98,\ 71,59,b5,95,19,77,ed,49,b0,fb,c4,db,ef,9a,16,97,e8,6c,ae,e9,e4,e3,41,84,57,\ f7,fe,a9,14,80,66,a6,be,e3,5e,9d,7f,f0,83,86,fc,0b,bd,77,88,8a,17,23,97,5f,\ ce,a1,76,f7,a7,6f,3a,61,86,b7,f6,b3,3d,d1,32,aa,a2,08,98,90,e4,a1,ef,63,1f,\ 19,4e,33,2d,af,95,89,cc,bf,22,f0,95,ad,bc,39,b8,8b,8f,ba,83,7d,ff,db,0e,4c,\ 81,cc,1f,b9,a1,73,4a,11,4a,a9,5d,01,42,a5,fb,ac,f4,b8,86,fb,72,3b,42,34,ba,\ c6,b8,cf,38,a3,59,84,8d,83,64,a9,8f,6f,0a,bb,91,01,cf,3b,e4,d3,33,bb,9d,38,\ 92,38,99,2a,49,aa,bf,95,84,1a,da,85,71,d1,74,b6,25,28,5d,72,cb,e9,46,76,be,\ 52,82,9d,fb,bd,14,a7,d6,80,0d,3a,ed,13,15,26,5b,70,47,ed,2e,c0,42,83,1a,33,\ 7c,52,6e,30,da,81,48,ae,7e,76,05,e1,e0,9a,fc,1a,21,5c,6c,e8,9b,78,b2,84,bd,\ 79,c0,6c,16,7c,ca,4d,af,38,95,42,26,9e,3b,07,ab,d8,76,da,e7,47,fc,11,26,1d,\ 07,8f,12,67,3c,f3,1c,e5,30,10,1e,19,2a,9d,3e,9e,2a,2e,15,bb,2b,63,10,38,a6,\ 60,17,70,57,7d,6d,a8,43,3e,d8,9f,fa,85,01,66,1a,06,1d,72,14,fc,cd,f0,33,1a,\ 43,58,da,c5,a7,45,0c,80,b9,84,32,95,a8,b7,6b,19,61,81,6c,3b,d0,fb,e9,3f,8a,\ b3,4a,c3,4d,c4,4e,58,ee,f9,9e,ce,93,36,a8,b2,22,14,aa,16,fa,cc,0d,90,e0,56,\ f5,85,3c,d2,16,a8,85,26,c9,bd,fa,e9,5f,a3,93,7f,b5,91,37,86,08,a0,2f,71,0b,\ 8a,db,73,37,b1,a3,9f,63,63,31,4d,94,5c,95,dd,bf,16,8c,69,05,cc,1b,ef,1d,c4,\ ab,17,5f,0e,dd,8d,18,cf,16,b3,76,91,83,92,a4,dd,5a,17,35,0c,63,7c,c6,5a,b7,\ 04,df,3c,c8,eb,1b,f3,a2,9d,89,62,71,26,51,1d,42,ea,9b,c2,0e,96,ac,8c,f4,56,\ 52,25,c6,48,83,bc,c7,31,41,58,b3,70,c0,6c,00,95,30,cb,ab,64,e1,64,1d,97,e8,\ ab,73,5a,95,00,97,b8,56,6c,88,8c,2b,3d,65,43,5a,f1,c7,e3,64,56,54,4c,37,ee,\ 92,be,a5,98,f8,9c,15,6d,4b,70,79,e9,28,2e,80,4b,dc,bd,0c,3e,7c,b3,e6,b8,32,\ 60,b0,23,d6,0f,1c,bb,be,88,5c,37,d6,da,d9,ab,f3,57,95,28,ad,64,df,3a,b6,ca,\ 62,d3,cc,2a,a0,3d,5e,41,33,3d,70,18,d0,46,f7,d7,ca,ed,87,de,d7,9d,2b,12,17,\ 8c,94,75,52,ed,77,fa,81,67,30,97,91,c7,ab,9b,63,f2,84,42,17,1d,6d,87,8a,40,\ d1,39,1d,c7,b6,51,b9,8b,e8,83,0f,02,54,13,25,b2,b2,ea,0e,95,ec,67,e9,f8,b6,\ a9,7d,6d,09,e4,74,d2,3d,5c,0f,34,c1,14,58,43,0f,ef,b5,9f,df,16,be,53,9b,99,\ 4c,9f,14,59,d2,fb,73,25,f1,58,72,23,46,a9,cc,72,87,a2,f1,0d,ce,c0,ff,f3,34,\ 89,ee,85,a2,15,0a,2f,e4,cd,a7,4a,ff,73,10,41,c5,62,c0,f3,a6,18,95,d5,59,c9,\ f1,c1,69,5b,35,43,3a,27,55,95,68,68,72,e7,ba,db,1f,0d,02,18,68,75,45,21,13,\ 5b,1c,3c,25,40,5a,fe,a8,98,ef,a9,ac,c3,0c,b7,8c,3e,88,b7,73,1b,83,58,1e,ae,\ 49,c4,e3,8a,79,2f,f2,ab,66,af,db,f5,bd,4e,50,dd,68,5d,2c,66,b3,0c,b5,95,50,\ ae,38,1e,8c,d2,84,50,f2,e7,ab,ea,36,24,14,87,19,99,a8,3f,dc,ca,e0,70,fa,9d,\ 22,be,16,76,4d,58,33,a0,92,7d,23,ef,87,3f,42,a3,76,88,64,90,fb,5a,0b,7c,ce,\ 5b,dd,c9,dd,90,56,53,9e,69,bb,9c,a3,fe,4f,27,6e,98,c8,21,88,73,04,46,cd,c2,\ 95,f9,03,0a,f4,ea,d8,ca,36,e1,01,6c,39,59,55,79,35,3b,6e,35,2e,0c,0a,74,75,\ 64,b1,af,73,a2,98,57,a2,de,c6,69,dc,1f,75,43,d8,ce,bb,b6,f1,6b,6a,5c,2a,7f,\ 34,2c,70,d2,13,4b,1e,dd,e7,25,c7,82,61,bd,2f,fb,21,41,9a,11,1b,e2,4a,8e,3f,\ e2,43,95,f4,59,ef,51,6f,36,af,4c,09,08,9c,9b,1d,0b,12,f7,0e,69,a6,71,38,5b,\ ba,b7,27,92,4e,93,07,d5,19,b4,5c,eb,d9,b1,f3,bb,e7,4b,19,b2,0e,f2,0a,65,9d,\ 8b,ac,78,bb,71,7e,be,fb,ba,cb,a1,30,bb,23,c5,83,ce,0b,e8,c3,52,f4,0d,fb,f4,\ 6a,d9,4a,2d,95,8e,3d,ef,0c,c6,55,a4,36,b3,90,2d,2b,64,12,30,cb,c9,56,47,18,\ 6a,18,54,3d,58,72,14,cf,64,45,f8,54,90,da,30,02,c3,c9,08,c8,c1,1a,77,93,59,\ ab,f5,ca,e0,d1,8e,1a,df,42,35,79,09,33,5a,65,70,bd,be,6d,f8,85,87,f3,0b,9c,\ 8f,30,8e,a4,02,78,f8,14,35,28,c0,52,7e,7f,5d,d3,30,0d,0e,ed,97,f4,3d,f4,0a,\ 47,82,ad,86,1c,69,06,96,e3,75,04,76,f6,65,fc,77,70,b5,06,a5,43,68,af,a8,85,\ 05,ee,e8,0b,e0,59,f4,39,9a,99,25,18,eb,1c,7e,a9,9f,09,d7,7a,df,79,3b,76,b2,\ e4,8e,01,c3,d9,73,45,65,95,f3,6c,c6,d4,08,43,3d,be,a3,aa,a3,02,b5,1e,8c,b7,\ 87,11,b6,70,f3,47,e2,be,d4,81,e2,f7,bb,59,f4,36,e3,6d,4e,a3,68,bf,fa,f5,b3,\ 5c,e4,34,39,3c,32,c4,65,6a,d3,9f,d2,64,5b,e2,be,c5,0e,8b,bc,21,3a,81,a8,31,\ ca,d4,e0,30,19,47,b1,84,04,0c,95,10,a1,43,ce,8b,2b,f9,f4,7e,5a,89,25,8a,a3,\ ac,07,43,95,c0,4d,29,01,63,f0,da,5d,41,bc,85,6a,2a,0f,a2,15,68,de,e1,9b,4f,\ f8,60,f1,15,8f,20,63,e4,f4,ba,7b,2e,a2,4e,24,41,7e,bd,0f,1b,5d,18,56,7f,c7,\ 57,60,48,fa,4f,04,fe,32,de,f1,a7,28,95,69,4d,e0,d9,88,9c,2c,88,ff,e4,8b,06,\ f1,0e,4f,31,50,90,2b,bb,98,49,8d,2d,bd,ac,2d,2b,61,21,e6,f9,4b,a8,c5,3e,15,\ c0,60,08,24,87,6a,11,dd,22,84,40,16,5f,55,73,cb,99,dc,7c,13,dc,05,69,52,4a,\ 7b,09,af,be,be,ab,c9,ae,75,29,a5,56,05,26,95,eb,13,62,93,53,0d,25,78,5a,18,\ e0,f1,39,dc,ae,76,17,34,0e,60,7e,d5,f1,a9,0c,30,11,f4,6b,99,85,cd,82,a8,92,\ 31,ed,e0,c5,51,ab,8e,3e,93,17,f4,4f,da,1a,a7,46,07,9e,36,86,bf,46,0c,dd,6f,\ 5c,98,11,8e,0a,aa,bc,22,ce,21,5a,86,28,c3,a1,6a,95,95,6c,10,1b,c1,6b,cb,05,\ f9,29,a6,76,df,0b,80,a4,61,9a,d2,f2,ec,e2,87,6f,dc,17,0f,a0,38,7f,af,7f,9c,\ 8b,1b,c3,76,47,46,62,75,f5,79,55,3f,f5,a2,9b,63,e9,ef,80,8e,15,9c,1f,01,0c,\ 09,26,42,89,10,d9,12,9b,95,5a,a0,05,5f,27,fc,e4,26,e4,95,ce,92,ed,5b,48,cb,\ 91,c1,59,0e,a3,3a,24,46,73,a0,b0,aa,6d,80,e1,e2,a9,66,a7,6b,bd,5b,75,3c,d6,\ ab,f5,aa,07,ec,f9,89,e0,3b,b5,94,43,c9,2c,0e,73,96,e9,aa,6e,7d,ef,a9,7d,71,\ f2,42,09,06,c8,46,b0,33,1a,04,98,56,5f,6a,03,78,0b,6e,24,d3,95,03,ac,31,91,\ 55,51,ba,d7,26,37,39,02,eb,51,ea,30,dc,4a,dd,03,a6,69,49,a1,61,b8,23,00,c1,\ 65,ef,60,90,68,d7,19,5c,66,fa,96,6d,d6,06,a2,f9,62,09,e2,9b,90,84,a3,02,a1,\ c1,d6,e6,b9,67,59,41,41,4c,79,bb,8a,8a,b4,66,b3,d5,c3,ab,cc,0c,d7,95,84,3b,\ 0d,24,ec,5f,ce,9c,94,74,a9,fd,d8,b7,f8,0d,f1,ca,e2,24,6c,59,74,ec,db,fe,f4,\ 65,ca,62,72,2c,f5,a5,9f,fc,b7,01,e2,75,c6,aa,a9,1c,1e,f8,fd,a4,3b,c7,5a,6b,\ 8b,1e,bd,48,23,10,fe,84,b1,e0,60,26,b2,68,67,74,e5,bc,ea,b6,ff,0a,68,3d,95,\ a0,c5,9f,a4,86,02,5b,56,00,22,8d,50,a6,b1,9c,28,48,8e,00,4f,24,4c,0c,93,5c,\ d9,0b,e8,a7,5d,8f,67,46,65,06,97,39,41,8e,ec,b4,aa,0a,8d,cd,a8,76,5a,77,b3,\ 77,2e,b3,19,37,61,05,9f,6f,92,25,6b,c5,a3,f8,22,59,04,be,4d,9b,35,8d,01,5f,\ 86,95,fe,bf,33,21,26,99,f0,4b,c8,96,8f,e7,c8,58,3e,3c,e3,fc,b3,f8,9e,42,c1,\ 74,7c,ee,29,39,74,6e,b2,c3,a2,bc,7c,86,3d,86,91,2f,c9,8c,bd,2c,8e,4a,9f,6e,\ 48,d8,01,6e,20,0e,65,6e,db,eb,e0,01,52,38,2c,cd,22,68,f8,90,a4,c3,82,61,20,\ c4,68,38,95,3d,bf,bb,b1,bc,c6,56,0d,66,ce,6e,7a,43,0e,69,94,0d,a8,f4,2b,e4,\ 8b,50,47,43,98,ec,69,33,03,39,14,bf,fd,ba,8c,a7,90,5a,de,58,ca,03,20,1c,1d,\ 6c,fa,8f,06,33,65,52,ed,2b,b3,03,4c,f7,d0,6c,14,d8,c7,fa,4c,c3,88,71,fc,b7,\ e8,df,49,4d,e9,95,ce,e1,90,3c,be,9a,10,04,d3,55,32,dd,ca,29,ca,1d,31,be,ec,\ 59,d8,f6,fe,2b,83,d3,12,33,e1,95,73,5c,c2,22,7e,61,84,ab,b4,8f,ce,8d,0c,cc,\ 81,75,8e,d8,ec,c8,1d,d3,3f,42,95,00,43,dc,16,c8,48,f4,9e,02,5e,a8,de,71,c8,\ 82,46,8e,ad,5b,63,88,95,11,79,6a,8a,04,fb,15,3c,19,77,ad,8c,1a,e1,68,ae,fa,\ af,f6,61,0b,3a,57,75,71,68,ef,8a,d7,88,dc,1a,60,7d,87,ba,e1,1f,79,9c,4d,de,\ 71,59,70,a8,b3,ed,e1,0d,a2,03,32,a2,91,73,69,a3,d7,0a,b4,dc,21,89,58,c9,0c,\ f0,eb,fc,f4,fc,c3,bf,06,ee,95,ae,fb,9d,8e,e3,58,cb,70,39,a6,35,76,97,7b,25,\ 96,ac,1e,da,dd,e0,a4,22,b4,8a,59,2b,63,63,62,97,d3,3a,a0,ce,98,ea,d6,98,2e,\ 8a,0f,eb,83,e3,3a,01,b6,27,18,ae,1f,df,58,f1,8f,26,ff,c9,d9,15,0e,4a,91,7e,\ 5f,ef,13,dd,d1,32,c7,8b,a4,5a,a4,95,35,26,95,f3,8d,90,46,56,3f,2b,a0,08,27,\ b7,74,66,c1,0c,47,af,e1,02,a8,08,a4,8f,c0,c3,a6,2f,2b,e0,75,89,06,d4,46,4f,\ 4a,8a,e7,66,58,a8,f5,47,d4,13,4f,a5,b7,b5,ca,4f,a0,7e,27,59,6b,a8,42,76,05,\ 40,8b,a9,7f,e2,ba,1d,61,c3,bf,50,40,f5,95,f8,77,93,e7,a7,1e,c2,2b,a3,10,80,\ 7d,4d,76,5b,00,c6,43,91,ca,60,cf,26,a3,52,c1,33,0a,af,33,81,79,99,11,56,eb,\ b1,c2,8f,9a,d3,0b,ef,0d,00,30,b7,52,9c,5c,77,88,da,42,23,a1,74,05,69,66,9f,\ 55,42,bc,3e,db,c8,25,56,d8,47,8a,c2,09,96,37,95,28,cd,a8,27,2b,89,5e,82,e2,\ 4c,9f,64,89,af,ab,e0,77,00,ac,45,50,9f,8e,9f,7c,a7,11,81,d8,d1,1d,02,ab,96,\ 55,06,db,94,ee,bf,61,33,c2,72,fa,88,a0,7f,1f,7a,e7,9c,38,23,53,61,0d,78,16,\ 09,7d,2d,2b,77,72,d3,e7,77,14,43,d1,47,3d,40,b3,55,95,2d,58,f1,4b,80,0b,1a,\ 49,5c,30,bd,71,ef,93,7e,a9,19,e3,68,9c,65,cc,85,02,3e,60,ac,22,60,bb,9b,95,\ 8c,e7,45,4c,80,fd,6d,d4,26,8d,74,d9,0c,40,70,ea,14,bc,7d,7b,6c,c8,58,30,c1,\ b1,2a,59,b0,ec,a1,b8,7e,fc,45,8b,08,96,0a,c6,fd,04,21,a1,95,4a,c7,14,52,d6,\ 80,12,1c,70,11,87,88,05,ff,f0,f2,17,1a,ee,48,6a,61,99,0f,01,20,16,a7,48,5b,\ 6c,cf,93,6f,93,6b,c7,f7,ce,85,57,ed,3b,93,73,11,a9,f8,7b,8f,a9,cd,ba,dc,e8,\ e0,51,e1,bc,fd,71,5b,fc,6d,ce,82,15,bd,50,e8,5a,c0,0b,a5,9c,d7,95,71,b1,fb,\ 70,c6,91,fb,cd,d5,36,da,07,e2,22,22,52,df,cc,7a,82,e2,46,c1,ce,d7,1d,5e,d5,\ 72,80,d1,de,68,a5,8e,64,df,69,0c,d2,23,37,19,8b,9a,2a,70,2d,fa,76,8d,17,b9,\ 04,c0,29,c5,5c,81,ca,76,c8,03,30,c1,b6,0b,db,ae,5f,03,63,0c,a6,4a,74,95,63,\ 43,cf,17,2a,20,de,33,3a,03,39,53,83,6e,6b,a9,fe,c3,59,53,e2,ac,1a,de,1b,ba,\ 09,09,f8,4c,18,cb,24,b3,67,97,d7,94,15,de,4d,8d,55,d5,78,1b,c5,7a,f1,bb,fc,\ d1,35,4f,62,74,0e,c4,45,4a,4f,f2,29,97,c4,c3,5f,35,69,98,d9,20,da,e8,3c,38,\ 95,0b,2a,37,43,39,f6,13,32,21,67,8c,a5,6f,c3,e0,b1,79,5e,25,e0,2d,bb,df,79,\ 48,f5,d2,02,c9,5d,15,04,a6,65,68,0e,bd,bd,c7,fc,0d,bb,3f,79,26,00,01,c3,de,\ 59,b5,ae,46,e3,11,ec,dd,73,a9,8b,03,34,09,bf,b0,92,01,e2,65,57,40,b9,63,14,\ 24,f9,95,1b,c3,d1,0a,e7,aa,81,0a,f7,82,1a,15,8e,d9,06,c4,6e,b5,3f,f3,90,7a,\ a9,c8,19,0e,a5,f0,8a,3a,e3,2c,37,54,77,0d,fa,1b,30,fb,28,e2,25,7c,c4,f1,90,\ b3,f3,28,e0,27,b0,e5,09,c6,c1,28,1f,2a,ea,f5,23,1b,60,fa,1c,54,80,72,6a,8a,\ c1,49,58,aa,95,e8,81,f0,62,7b,d4,13,e4,77,9b,c9,e7,45,ee,d5,ee,eb,0d,8c,cc,\ 7f,fe,e8,68,e2,78,d9,be,aa,00,db,26,60,52,cd,d9,ec,02,01,b1,4d,63,90,30,8e,\ a8,f0,c4,f5,49,c8,49,7d,a8,02,d0,86,f5,22,9f,cc,4f,d7,78,96,2c,d0,1f,2f,fa,\ d1,16,9a,06,06,ab,95,82,9e,97,34,70,72,7c,9a,40,40,93,14,d6,b1,f0,35,0d,7d,\ 74,29,f0,d6,a1,3b,2d,04,ac,9b,c6,4d,d4,5f,0a,17,f3,c7,c4,50,53,c5,b2,0e,c2,\ bd,39,73,e9,89,56,d4,d9,c0,d8,1a,e7,38,cd,68,ba,c9,3a,fd,a2,54,0f,5d,2b,04,\ 59,ab,f3,d4,ba,5a,b8,52,95,16,04,b5,a2,90,9a,2f,c5,b5,be,4b,1b,f6,6d,22,27,\ 5c,e1,17,93,77,b6,68,74,97,4b,04,ce,3f,6b,9d,5b,d7,2d,fd,88,a1,18,9d,c1,ee,\ 8b,74,ee,92,5c,0d,3e,95,c0,dc,23,2b,6b,d2,9d,e7,f8,2f,bc,2b,8a,98,60,e3,b4,\ 69,44,73,96,4c,3b,ed,49,0a,b9,95,88,7d,a2,94,4e,61,98,0c,14,c3,90,09,af,79,\ 1b,a5,65,ff,d1,ea,a2,61,a0,dd,ec,5c,63,bb,19,c0,b7,82,c0,18,0a,b3,ed,8d,f4,\ 57,19,08,cb,40,59,97,72,91,d5,12,71,80,7c,fe,4b,5b,f6,b1,0b,c9,da,b7,21,53,\ 22,75,6c,23,db,0c,98,0b,21,80,aa,c8,95,4b,1a,d9,89,63,0b,a0,ab,d9,51,11,c7,\ 78,df,6c,ee,98,f8,f0,33,96,dc,f1,6a,81,a6,2b,30,16,75,56,2b,ef,ca,fa,93,f7,\ 31,85,f2,21,24,9b,28,5a,2c,ad,b1,bb,49,cd,2b,04,94,c1,12,46,23,56,cf,df,2d,\ f6,f1,ab,6e,7d,ba,79,cd,49,dd,bc,3d,90,86,95,83,e1,f7,9b,ac,73,60,41,54,e6,\ 03,a3,91,4a,c0,ee,64,f1,b3,a0,e9,d0,0a,03,d1,27,13,f4,12,64,99,e9,dd,45,71,\ 33,d1,3e,50,7f,6e,1a,df,a3,cc,e4,12,98,8d,08,b5,c2,10,b6,47,78,e7,87,0c,c0,\ 8c,63,5e,5a,4f,a2,44,01,93,71,46,ed,3a,78,7f,9c,95,5e,b9,f3,d2,42,bc,23,de,\ 88,e9,df,20,a4,35,5c,c8,90,01,86,e0,c1,3e,97,8d,5a,d6,e9,92,a1,47,08,15,af,\ 91,0c,a6,6b,53,26,7d,b9,31,78,03,ee,78,2a,94,87,05,ba,84,1b,63,93,60,8f,33,\ e2,76,89,d1,a5,97,27,34,04,1b,f0,16,e5,26,0b,55,bb,2a,95,ae,9a,9e,ad,da,38,\ a1,4d,46,57,60,01,98,51,d8,a1,db,5c,7c,a9,2e,6a,84,39,b9,4d,89,61,e6,1f,4f,\ 9c,cd,e1,e1,9a,ef,62,e4,43,28,62,25,f8,df,f8,74,1c,80,31,b5,d3,2c,fa,34,09,\ ae,40,39,b6,b2,55,dc,61,31,96,1b,e3,30,4b,2a,6e,aa,ce,0a,ce,95,cb,ef,5d,ee,\ 5e,98,79,9d,89,ad,bb,92,b8,36,1e,ae,d7,c0,0c,82,c4,00,73,11,04,ba,1c,d7,b4,\ e1,39,0a,c3,00,3c,1f,5f,d8,f0,90,ad,4b,c2,dd,bd,79,5f,d0,bd,28,85,06,6d,69,\ 12,ab,d2,78,62,85,2f,e5,d7,34,31,f1,b9,b8,6a,3b,41,33,00,9c,f0,f0,95,a7,4f,\ 25,a5,cc,55,ef,f5,13,17,20,39,04,4e,a3,80,01,20,0f,d4,7c,8b,7b,bf,66,07,94,\ 0e,eb,67,ee,d5,5c,01,98,b4,6d,0e,f3,58,a0,53,c4,44,01,01,87,d1,14,db,06,73,\ 0c,96,2b,3f,3d,85,13,aa,d4,76,63,94,c6,d6,df,85,06,1c,39,36,fb,65,26,53,95,\ 31,5c,b7,7f,4f,5d,e7,98,49,da,70,3d,d6,fd,e4,8e,25,8f,f8,33,cb,18,23,a0,00,\ 48,68,97,0c,95,6f,ee,fc,26,db,92,99,f0,d8,cc,9b,1f,f3,c3,19,b7,2f,42,44,7b,\ 55,bc,55,0d,8b,8e,c4,58,28,83,bb,2b,c7,9d,ca,26,9a,13,dc,da,01,96,6a,2c,5c,\ d8,95,ee,fa,1d,4f,9b,02,21,36,4b,ff,40,d6,b9,14,23,03,f0,6e,55,e9,03,25,9d,\ 09,ff,64,8c,7e,1e,ca,52,85,3d,10,d5,3c,90,eb,05,aa,95,34,69,00,46,46,fe,1e,\ 93,a7,42,59,0f,eb,8c,7c,ea,d6,9e,0c,1f,c1,7d,d1,ee,3f,80,91,8d,00,a8,1f,1b,\ f5,2f,94,95,d5,b4,64,dd,8c,1f,b5,76,56,40,0e,74,84,78,62,c9,d5,d9,86,c4,e9,\ d0,46,d7,f9,07,b3,9d,c4,89,ba,1b,cd,27,fb,46,c3,1b,d7,c6,41,ec,cb,fa,b7,91,\ fd,3c,a8,d9,15,66,17,0b,4e,95,3b,c9,cd,2d,7a,3a,31,1d,95,67,6b,64,21,e6,d0,\ d3,36,b6,6c,15,95,6b,6b,9a,ee,01,8b,d1,c0,5e,37,c1,53,bd,0e,9f,d5,25,4e,bd,\ 20,97,3c,5d,3c,8c,c7,c7,25,9e,68,99,ce,86,4c,5f,65,46,b5,63,d9,a7,9d,c6,9a,\ e6,9d,d0,9f,ab,0e,85,ae,3a,6e,79,d8,ed,05,e5,42,e2,c8,f9,2c,f1,7d,74,2b,e1,\ 20,73,b9,db,86,86,f0,95,1e,40,09,93,f5,c2,b2,4e,e6,c4,66,3f,2d,e9,51,b4,68,\ 9f,35,37,94,46,02,c8,38,94,a8,69,e0,38,29,e0,cd,bd,f2,b8,eb,b2,6b,89,03,08,\ cd,79,32,bb,33,03,9a,b4,f4,f7,57,ee,31,c2,b5,d9,aa,f0,a0,fc,d6,ef,5b,dd,32,\ 16,75,25,d9,e5,fa,00,55,8f,95,e6,c3,b5,b5,df,d1,df,75,23,bf,28,a3,bf,b6,22,\ 56,01,19,b5,a7,31,68,72,b5,7c,65,23,ec,31,75,a7,88,30,48,fd,54,9e,bc,9e,b8,\ de,ff,10,f2,bd,f4,b8,a4,ed,d9,ef,8f,b5,26,59,9e,e6,b8,72,26,11,2e,6a,6c,f7,\ 94,33,68,41,3e,d8,c8,72,f7,10,38,f7,19,5b,13,e1,4b,82,ac,2f,50,df,90,d8,9d,\ 67,ee,1a,02,f5,47,43,25,ed,80,77,2f,1f,36,ae,c5,ef,51,fc,3a,b3,dc,15,03,5d,\ 13,10,6b,5a,be,6b,87,b9,be,50,6d,90,e6,16,a1,9c,0c,0b,d0,27,5f,71,c1,2f,fa,\ c6,88,c4,ba,48,fd,b2,4d,b9,6c,60,8c,60,aa,8e,f8,0b,50,b8,c8,ee,ec,53,e8,fe,\ ab,8c,1e,fb,19,4c,fe,34,1f,6b,56,56,83,20,c9,82,b2,bd,b9,a2,be,99,6a,fc,a3,\ 4d,65,07,ce,23,1b,7e,e0,cb,cb,b4,af,50,a6,27,8d,4b,30,57,cd,56,e9,d9,84,c4,\ 2d,a7,8d,8f,59,ba,d0,92,2f,db,c3,f9,7c,b6,30,fa,f5,f7,30,39,b4,6d,fa,9a,90,\ 1b,66,2f,87,5b,7a,b6,eb,84,43,d5,5a,0b,6c,5f,f1,ee,0f,d3,bd,52,cb,26,72,6a,\ 17,c2,60,9c,d6,ce,a2,df,2b,b0,99,68,8e,d0,98,85,20,9f,e1,c9,3b,d8,d1,69,4e,\ 06,57,e6,e8,47,aa,ec,12,4f,3c,7a,e2,b0,e9,44,4d,58,b9,75,56,3d,5b,35,f9,e3,\ f2,0c,da,4f,c4,99,69,3e,65,af,80,33,1d,06,45,c9,ea,30,51,47,c8,ce,12,75,2f,\ 03,6d,ae,de,29,a8,37,d7,c3,88,cf,ab,b3,b6,87,f7,ad,67,d4,2f,ec,3c,e3,9a,24,\ 67,2c,9e,b7,10,4a,3e,2b,f7,0a,e1,dc,5a,c2,55,ee,19,e4,13,a5,86,18,d2,c5,3a,\ e5,f4,05,c5,9b,08,68,00,06,ba,bb,0e,07,75,8c,d6,3a,78,ec,b6,d7,2c,74,75,d6,\ b5,86,7a,57,c7,d5,3c,40,bb,28,fa,28,e2,5a,ac,74,19,a6,39,bf,9d,21,ea,7f,21,\ 88,1f,e6,1e,3c,41,07,6b,8b,f7,3a,0d,31,9d,c1,50,1f,f1,ac,16,7b,f9,10,f9,70,\ e7,a2,00,6b,06,51,0e,2c,3c,7f,51,40,b6,38,f4,2d,ab,65,8a,4d,e1,43,b0,dc,72,\ 14,ee,4f,d0,14,df,e7,07,af,92,87,42,f1,2f,c2,91,3e,de,39,e9,43,e4,24,6c,2c,\ 0f,2e,eb,18,55,86,aa,ca,b8,33,63,a1,6c,a7,8d,ca,3c,98,dd,b4,2a,0b,0e,f1,c4,\ 56,b2,de,4b,21,77,59,b5,91,59,59,02,f7,77,4e,7a,d0,6a,3b,9d,ea,d8,01,5a,c7,\ 46,e0,81,46,2e,3b,79,80,52,9b,36,f1,4f,f7,66,d8,75,33,eb,e0,d6,e6,8e,ff,9d,\ 60,f2,9f,a2,ec,c6,fc,3b,52,3f,cd,54,a0,c6,26,c2,2a,ed,9d,d4,d0,a8,ab,2b,7f,\ e5,ba,56,cc,fa,6d,0d,74,db,86,d4,2b,d4,78,a0,1c,3b,d8,05,a4,c6,11,0e,a9,93,\ 59,6c,2d,6b,e4,d4,23,47,57,a2,81,13,7f,c2,96,b3,43,d0,9e,44,d7,7e,94,a4,33,\ 37,47,34,c4,01,b0,dc,61,a8,83,50,80,19,04,92,aa,0c,1c,b8,2c,e6,ac,f0,10,dd,\ 21,c1,cd,4b,5d,48,94,38,aa,64,72,45,c7,7f,0f,ec,97,fd,08,e6,43,77,69,9b,db,\ c6,72,dc,40,5d,9b,d4,41,dc,d5,3c,04,e3,13,cf,a8,24,09,fe,28,bd,33,e4,83,c4,\ 1a,7c,1a,23,d3,12,59,a6,c8,f7,99,52,ba,79,45,f9,07,12,3c,0b,29,e0,77,af,80,\ 55,ec,12,51,e4,30,b2,ff,0e,ac,65,b1,d8,f7,cc,e5,42,e5,b9,32,58,e6,31,9d,df,\ 35,cd,68,df,53,60,2c,5f,b4,da,27,70,b8,6d,d7,6d,dc,ee,c8,80,32,7d,aa,68,0e,\ 68,a6,7a,03,4d,f2,e6,0e,7f,a4,3c,10,ab,c4,2f,82,bc,a4,98,64,fb,74,bd,76,7b,\ 11,d4,ab,b4,1e,c3,9a,db,6e,56,2a,b8,e0,20,a3,03,1a,64,48,ff,a0,9e,76,27,58,\ 31,d1,1c,a6,fd,89,e1,d5,33,db,4a,b9,68,da,b2,92,e9,6f,ed,34,4f,9f,7d,65,53,\ 0c,00"NoStartMenuMFUprogramsList"=dword:00000001"LegacyDrive"=hex:b6,a2,ba,0a,c6,3d,c5,94,61,fe,0f,50,a2,21,35,74,b1,bf,3a,0a,\ 44,44,29,fe,66,24,fb,76,77,ca,ba,61,75,d1,e7,53,79,77,19,90,85,4f,e8,66,7c,\ 35,09,c1,72,87,ba,f9,26,92,61,ee,cd,4b,70,57,12,40,8b,57,5a,ce,ed,51,4c,93,\ 08,fe,91,26,6b,bd,f0,d8,06,e9,2a,1e,d1,f8,f1,2c,b7,57,e4,61,2d,f4,4c,b1,e6,\ 0c,7d,ee,ff,94,ae,46,79,d8,07,0d,ed,62,fa,bd,7b,1d,d7,3c,04,ba,9b,5d,99,53,\ 09,a8,33,4e,fd,5e,a4,85,fc,b8,cd,a3,0f,70,12,d1,d2,82,0b,93,c8,34,7c,ec,f1,\ 54,88,c9,9f,c1,21,9c,85,d7,2c,c3,48,11,20,62,3d,fb,40,a0,e4,1e,d0,44,3d,88,\ 78,e8,c6,cd,44,f1,a0,a0,ee,c5,ed,a4,60,37,7c,7f,75,46,a8,30,00,08,7d,a3,0f,\ e1,1d,83,71,f8,62,50,75,ec,c5,b1,f5,c2,7f,0b,93,23,ed,52,43,c4,39,20,09,25,\ 37,04,04,7e,8d,1c,ac,f6,17,e6,af,58,17,8a,53,03,7f,57,1d,4f,d8,d2,5b,ca,0a,\ 93,52,71,ae,1c,8f,72,c6,bd,32,36,ac,b5,8d,9f,49,9a,ee,8f,87,fb,b8,a9,09,43,\ b9,5b,19,e0,b7,1c,e2,a5,4c,f2,df,6d,f4,38,93,02,65,9e,7b,3d,1f,71,41,6e,43,\ 1d,32,fd,a8,f0,f2,52,2c,20,6e,f3,48,98,10,13,ec,e7,cf,3d,74,79,e1,f3,cd,43,\ 43,d1,6c,f9,a9,45,5a,8e,0a,fe,da,4b,5e,a2,4c,1f,a6,c0,51,36,2e,05,30,cc,0f,\ b2,79,44,f7,4d,e7,74,2d,97,8b,43,cf,bf,27,77,5e,d5,d8,c8,7d,81,f9,39,f6,f5,\ 43,a8,fe,20,39,a3,ba,25,c3,7d,02,0b,19,a1,bf,64,b6,e2,27,6c,16,9d,a5,22,9e,\ 41,48,d5,f8,20,23,17,f7,11,c6,09,cd,ce,13,d9,7e,9b,4d,88,94,29,72,f1,14,b9,\ cb,07,b2,84,c1,5e,41,5b,f2,ec,6d,8b,84,11,ac,03,b9,d6,72,b9,c4,72,a4,49,dc,\ 13,50,df,8e,db,9b,58,57,28,fb,a4,72,18,a6,6f,ef,c0,4c,49,00,05,ed,fe,61,a9,\ ed,78,c0,5f,90,81,15,51,2a,a7,05,9e,2a,32,06,f4,57,59,c5,61,5a,b5,c4,66,7d,\ f5,48,4e,b2,d4,72,bd,d7,48,ac,8c,38,fc,46,d4,56,01,61,49,e6,c0,0d,ca,1d,34,\ ae,35,2b,56,a4,80,05,d8,2b,06,68,15,7f,1e,1b,48,44,f2,97,74,fd,26,8f,1d,c6,\ bd,38,18,2f,b3,00,01,f4,28,97,94,71,55,65,6e,59,70,d5,18,ab,d0,f4,41,e2,52,\ 3a,4b,6c,fb,a7,0a,5e,df,12,c8,66,41,be,8c,01,fb,2f,9b,ee,20,3c,40,e2,e1,64,\ c9,7d,ad,66,d2,7d,9c,0b,c6,32,0e,47,a2,31,8f,80,fc,4d,fe,2e,97,44,c3,ef,a4,\ 4b,b5,4d,2d,01,da,44,5b,83,73,5e,9c,55,81,ec,0e,eb,35,a7,95,6f,a8,97,2a,be,\ cc,34,76,b3,a2,cb,9f,a9,ae,24,62,3b,a8,62,62,4e,75,2a,bf,52,55,08,eb,c4,5e,\ 0e,b9,f8,29,be,b7,15,cb,29,be,61,07,59,c7,bf,c1,ed,00,75,b6,03,1f,fb,33,6b,\ 5b,f7,51,63,b8,49,59,95,8a,dc,c5,1d,cb,d0,0a,32,27,2f,d5,58,5f,c5,94,d7,ef,\ 32,38,6b,ee,3d,39,3d,37,6b,db,12,c6,d0,b0,c3,64,26,5f,ed,87,1c,a3,e9,74,f0,\ 97,ff,a6,40,30,d6,73,1e,0b,2f,ed,62,69,d3,07,44,77,ca,f8,2a,d3,ce,e5,be,d0,\ 4d,ff,ba,44,ea,d8,58,2a,2f,62,f6,e1,9c,a8,c1,ec,76,6a,c6,37,c9,16,12,a9,ae,\ f3,18,fc,ca,a0,52,cd,17,bd,2b,ef,e7,e8,1d,05,26,eb,17,50,df,33,21,c5,01,84,\ 42,63,64,ec,a2,c3,07,f6,ec,f1,9b,1f,f6,7a,46,8e,a4,c6,a1,ff,09,a8,02,01,d0,\ 34,ea,01,61,db,d1,35,e6,29,8e,3f,3e,fd,ba,0a,39,3d,ae,50,35,18,ee,61,d9,eb,\ 71,20,07,66,3c,4e,0b,ea,35,0b,19,36,37,99,f6,43,62,64,f5,6c,b5,3f,25,d2,de,\ f1,c9,ff,50,f0,08,ca,97,6c,e6,7a,e8,8f,73,2e,fd,04,42,7b,1f,b6,1d,58,84,da,\ f7,37,dc,fb,2f,22,75,27,84,c2,f4,c9,7b,82,06,e0,8e,86,8e,d5,4f,a0,61,31,f4,\ c6,f3,b3,12,c4,2f,9f,a9,2e,a6,58,61,99,ec,31,13,0a,3f,81,8b,af,6a,f5,8d,cd,\ e9,2b,15,fa,4e,7c,e3,8c,e3,18,37,51,91,59,da,80,01,51,5d,f0,00,a5,a5,88,28,\ 9f,a7,f7,bd,7e,c4,71,a5,d5,11,6a,e9,bc,84,da,7c,96,79,ad,2e,46,5a,73,d7,8f,\ ee,ac,91,79,2b,43,24,f7,4c,58,c2,c6,22,42,f5,98,af,d5,d5,72,f1,e0,7e,53,fc,\ fa,c1,16,4b,7f,1a,99,58,d5,e2,1f,6a,f4,c6,f3,af,25,78,4e,8a,09,a4,7b,2e,de,\ 26,39,6c,fe,7a,61,c9,ec,a8,74,c9,d4,03,31,67,b7,60,4d,ba,0b,c0,56,65,f1,96,\ 81,1d,5e,ce,9c,c6,b6,0d,44,d9,9d,3b,58,09,09,3f,ad,26,9c,09,04,41,32,d6,39,\ 11,b5,af,bc,95,39,33,45,fb,45,97,c4,c1,6e,eb,97,1a,2b,9f,00,93,e4,45,d6,f6,\ 4c,98,7b,6f,f1,be,0d,ed,11,f7,ca,e1,cb,b0,85,2d,b0,e7,6e,04,b4,7f,ff,88,c4,\ be,32,5b,47,81,44,56,01,8b,b9,7e,38,1d,a0,33,16,c7,18,ab,4f,7d,13,9f,03,ed,\ 5a,44,e6,10,d1,7d,9e,00,fd,4f,6c,09,c3,95,0f,02,73,f5,e6,de,04,12,54,7e,a1,\ 03,68,c9,65,04,be,ff,64,6c,a0,4a,e9,ea,df,71,97,07,c5,4c,a3,4b,fb,e8,59,ce,\ c8,bf,5b,73,12,6f,df,6e,d2,60,bc,04,c5,a7,c4,92,64,2a,55,d1,17,05,2b,58,a6,\ 2d,78,63,f0,53,37,d2,df,0c,bd,75,9b,2e,91,86,fe,7d,7d,77,48,87,e5,ee,15,cc,\ 58,0e,8c,22,65,f9,d8,58,b0,93,dc,1a,44,a3,88,22,14,2b,90,15,5a,3c,f2,71,08,\ 35,46,f7,25,0a,80,65,ce,7c,2a,a5,90,ec,f1,45,15,72,63,27,03,2a,f7,7a,21,ce,\ 4e,e8,bb,8a,b8,11,48,0b,fa,39,4b,d9,4f,3d,77,e8,ac,cc,16,69,48,d3,ac,e6,5c,\ 39,d7,8e,27,cd,79,ce,36,7d,19,21,e2,c8,87,28,a2,1a,75,bf,fd,63,86,10,c4,1c,\ 68,7e,84,07,6c,64,35,05,7a,5d,1b,21,04,65,52,d0,3a,3c,a9,77,7d,0b,b3,2e,15,\ 4a,1c,c4,26,e1,3a,03,e0,8e,e4,35,f7,86,87,e6,53,5f,76,ec,08,2d,82,a5,88,ec,\ cb,80,17,1e,d5,bf,80,b4,df,7b,07,32,70,e8,9e,0f,32,95,da,5c,5a,03,88,2a,a3,\ 4a,90,c0,19,87,3c,d0,f0,2e,04,80,06,b6,54,1e,c5,ed,8e,0f,4b,8e,53,09,c8,15,\ ff,82,28,d2,72,69,f3,3d,16,13,71,89,1d,78,11,7c,0b,9f,0b,7d,75,57,45,ef,08,\ 28,73,bd,cc,89,83,36,aa,53,38,1c,2c,76,15,f7,85,eb,7c,af,b9,d1,e9,17,5a,9e,\ 5c,77,53,aa,93,fb,8c,ee,39,f4,25,dc,86,06,3d,e6,b6,d1,08,3f,bb,d1,21,e5,2f,\ 83,22,df,8c,ca,72,c3,9f,90,5f,7c,3a,b0,6d,4a,2a,14,ed,0a,68,1a,d1,b8,93,3d,\ be,32,9e,f1,63,3f,c6,ce,0a,cf,c8,f1,6c,84,50,a0,ca,72,b4,2c,39,bf,23,e2,1c,\ 3d,df,97,87,9a,2a,d3,c2,67,8d,89,3b,64,9a,9a,a5,8d,2a,04,56,f0,e9,57,ed,bb,\ 15,69,37,99,82,4b,54,3f,e2,7c,15,41,43,5c,a9,2b,d9,e3,79,cd,fe,92,50,d6,77,\ aa,bf,a4,f9,9d,c0,5b,eb,c2,99,35,6e,4c,03,19,9b,7d,8c,6e,0b,17,3a,31,95,9d,\ 14,71,45,73,96,16,0b,3e,21,f5,33,bc,08,60,d2,7e,25,19,b4,ef,cd,72,f3,92,03,\ b3,c8,8b,ec,bc,a2,61,83,ec,75,02,8e,41,55,08,d1,c0,43,3a,81,17,47,56,fb,81,\ be,0d,b6,ea,f6,50,77,53,f8,ca,c4,79,a5,ae,9a,b1,05,b2,62,17,db,5b,22,e7,7d,\ e5,7c,f1,2b,e2,f9,ad,97,fd,d1,f0,b1,49,5c,3f,34,a5,d0,85,b7,63,0a,c0,8a,9c,\ 8c,fb,e1,c6,c2,7c,34,88,89,3e,e5,cc,f1,a1,24,16,42,61,0f,15,3e,c5,1e,78,a6,\ 19,bf,03,00,5d,3d,e2,96,3f,e6,3d,c2,47,6d,0c,69,52,8d,2d,c6,41,ef,b4,69,f2,\ 4e,82,f9,7f,6f,d9,19,53,66,d9,ae,15,da,93,80,da,17,70,69,e5,eb,5b,b3,25,13,\ 6b,2c,fe,f4,c2,7d,4c,8b,b5,b7,a6,a7,2c,2f,df,56,4c,8c,d3,9d,54,1e,60,6c,c5,\ 71,b2,d0,c6,23,c4,6b,c6,f2,23,21,63,19,f5,15,8b,dd,3b,d4,e1,63,53,cf,62,c4,\ c1,0f,48,63,95,2e,24,2e,7f,b1,5f,76,04,4e,41,e8,a7,bc,32,9b,31,6c,76,19,1b,\ c6,5e,be,5c,b6,bb,61,7f,67,98,36,f8,4e,29,f3,b8,6b,fe,32,ff,cc,7c,17,72,52,\ 8e,32,6d,b7,98,a7,9a,d0,ac,8c,c3,10,01,92,e4,4e,a1,e8,85,c8,61,5c,46,67,16,\ c3,bc,45,06,9c,7b,d4,6c,9d,f0,74,e0,61,7c,82,e0,28,12,3f,6a,89,3d,1c,fd,90,\ 24,b1,a2,b6,b1,51,2d,10,f2,e2,c1,c6,bf,eb,92,c7,9d,ef,ef,bb,e2,fa,7f,39,1a,\ 79,cb,3b,aa,4e,fc,cf,b3,24,e6,0f,39,00,46,52,85,19,48,a4,c7,ea,4d,74,00,85,\ ea,8d,1f,2a,34,47,6a,18,e9,3b,ff,20,a3,d4,c4,5d,87,9c,53,3d,7c,39,46,44,0b,\ e3,88,fe,9f,23,0c,e2,df,db,bf,7c,3b,87,bb,cc,c5,c2,bd,e9,43,0c,d9,e9,82,ca,\ 6c,05,ed,8e,53,f9,5d,99,5a,aa,33,9e,f7,0b,a4,c9,39,41,55,00,fb,05,28,69,5d,\ 4b,55,2c,74,21,bc,7a,41,d9,79,bd,ce,e0,6a,ba,73,02,14,cd,46,9d,43,7d,bd,e2,\ b6,9f,28,70,e0,e8,37,c7,8f,02,bd,ff,cb,de,b3,ba,01,4b,80,57,60,c8,77,68,84,\ 96,a2,67,52,12,be,a4,23,42,86,82,24,ae,35,e3,fc,71,46,e1,b0,8f,7e,bf,c4,89,\ 2c,1f,a3,2f,af,75,41,b6,3a,bb,ff,0a,af,d4,66,cf,65,a3,9a,98,21,69,9a,dc,ca,\ 4f,82,98,78,e2,38,6c,5c,5b,a0,fb,98,23,0f,95,54,96,03,13,0e,07,11,03,31,05,\ 1e,06,ea,dd,d2,75,37,60,4a,4b,40,e7,0d,3f,eb,93,42,30,ab,da,20,c6,98,3f,a5,\ 57,c5,60,8b,07,ce,36,78,34,b0,99,74,11,de,e6,02,a1,90,91,95,26,86,5f,5f,6d,\ 09,0f,dc,8e,1d,ac,bc,0b,90,d8,e6,bd,23,63,be,0e,ea,1c,a3,69,f6,e7,bc,ef,30,\ 10,f5,6c,88,df,44,89,50,6d,31,42,e2,b5,95,9b,89,ee,a2,8f,9f,18,23,4a,f2,d6,\ 05,98,6c,7b,17,9c,f4,67,0e,c5,8f,94,cc,fe,cb,6c,95,e2,25,5d,de,53,bf,09,b0,\ 9a,ea,c2,17,ef,92,13,85,c7,e8,bd,c2,9a,10,a1,3e,e8,1a,e1,a5,7e,34,43,b5,f5,\ 1e,d6,4c,7d,de,d7,c6,d8,b4,d5,85,a9,50,14,d1,ef,43,2f,e3,cd,b4,02,3c,8c,54,\ c7,3b,e2,93,7f,ef,75,14,94,2a,9b,5f,bc,d7,64,d7,20,8d,fa,da,eb,be,63,87,90,\ 0c,07,38,ee,de,0a,01,59,89,7e,81,84,49,c3,67,f1,e0,9e,35,ac,80,8b,44,39,eb,\ 55,09,cb,d9,e3,96,b6,9a,55,64,27,fc,4f,4f,13,6f,95,e2,6d,67,d9,d5,9c,02,d0,\ d4,2c,eb,8b,82,c4,7e,05,be,58,2d,f9,25,9f,22,f6,d8,c8,25,b4,b7,7f,68,c1,a9,\ 8e,b8,a2,d8,c6,fd,42,ea,ff,47,c4,7f,26,5e,20,c6,82,fa,81,4b,3b,32,eb,11,1c,\ 37,21,e1,98,42,c6,e1,0b,cb,c2,68,43,fc,e7,11,3f,65,d5,0f,36,f1,1b,c0,db,19,\ 9e,84,e0,57,3f,cf,b9,de,b8,7d,a2,88,c7,66,e3,10,8f,33,53,81,3b,6f,af,1b,ee,\ e4,e1,bc,64,b5,1a,54,1d,4d,4a,1c,f6,64,58,36,23,b2,31,a6,22,0c,5f,9d,ed,d1,\ de,fe,74,84,2c,1b,4a,ba,a0,bf,9f,37,fc,72,6e,54,45,f8,f7,a3,d3,1b,70,d6,a4,\ aa,f8,dd,f5,c2,cc,4f,14,4c,bd,0b,70,c7,e2,1f,f2,48,8a,e9,90,bf,74,7b,1f,e7,\ 7b,43,44,68,f1,2c,ed,7f,b9,f2,82,50,d9,14,d2,7b,46,44,18,62,a8,1c,db,7f,5e,\ 0d,12,fb,c2,98,8c,7d,ae,c0,8f,40,3e,bf,bf,69,d8,f8,42,97,6a,2d,22,bb,f3,f2,\ f3,2a,45,61,b5,f0,09,10,fb,68,03,40,4d,0a,97,57,cc,83,8d,90,14,0b,11,f2,67,\ f3,f8,fe,7e,07,7d,5c,ad,e3,f1,26,1a,76,ed,51,7b,ed,fd,0b,d5,88,6b,40,f0,42,\ 59,63,09,b4,0c,6b,c8,37,8b,1c,71,49,69,87,5e,31,df,d4,ad,e6,1d,3f,36,2e,e2,\ 61,c0,03,4b,b1,74,3a,e8,4a,91,67,15,ef,62,fb,88,4c,6d,af,26,7e,ee,26,1b,d6,\ 84,cd,29,ec,da,29,06,40,8d,67,87,50,f1,c9,fc,5b,c9,90,f4,ce,a3,a8,fa,11,16,\ db,02,5d,49,43,08,ce,b4,05,f3,b9,2b,3c,bf,3f,18,34,db,22,07,d9,d0,d8,69,6f,\ 24,de,91,83,7e,4f,03,21,0a,b5,ee,47,1f,1f,f7,9a,20,73,38,58,a0,06,89,8e,c9,\ 6a,fe,8b,fe,87,fc,b0,94,bf,ee,c1,d9,cd,69,9a,a8,8f,d7,77,e1,b5,37,26,aa,1b,\ 02,0b,63,f0,be,68,dc,17,d0,db,c6,cd,92,28,68,8d,a5,39,93,30,88,63,d8,59,6a,\ eb,f8,10,3d,c9,9c,ad,0c,ac,47,f8,8e,3e,88,8e,fb,a8,74,87,1e,59,53,55,ac,03,\ 9a,ef,d4,e7,19,2f,17,ff,53,76,79,5a,69,da,9e,3a,21,ea,00,9f,91,f9,f6,94,6d,\ 7c,72,56,ca,be,e1,aa,27,d5,52,74,ad,d4,db,86,b6,42,38,b6,8d,cb,b6,33,74,36,\ 4f,19,ec,97,17,42,30,c6,d6,5f,03,0f,f7,48,ab,2b,a1,91,3e,6f,23,5e,1c,44,95,\ 78,bd,d7,bc,a0,ad,11,2f,23,a8,d4,ca,b8,ae,fb,3a,fd,64,8c,b0,60,2e,99,86,23,\ 52,20,54,d0,48,8e,64,d8,c8,81,66,7a,28,d2,65,e6,e5,d3,fa,a3,7f,d5,c0,2e,8b,\ ee,07,e4,03,f8,cd,21,e0,dd,e9,aa,eb,12,8a,48,d0,62,e0,b6,74,ed,19,bd,88,70,\ 8f,9e,5e,c7,40,b0,fc,b0,7e,4a,70,d4,d1,e7,e3,62,fd,98,78,f0,b3,9e,2e,b5,e7,\ ad,39,2b,05,15,fc,34,34,f1,72,f3,d7,a2,cc,e0,5a,7c,5c,1c,2b,be,b1,01,06,c8,\ 04,fe,76,88,d2,a2,99,36,cb,f6,23,41,eb,10,a5,89,e7,e5,0f,ce,ca,5f,74,68,e0,\ af,0e,39,d3,e5,82,e1,14,be,65,30,7c,bd,f1,fe,e1,33,7d,4e,85,d2,45,4d,bd,c4,\ dd,77,ac,f2,a0,87,ac,9f,d3,83,40,90,35,f8,4a,71,d7,87,7f,74,2e,a0,17,3b,67,\ 8e,c9,f8,fa,b4,f6,d3,82,16,25,8b,cc,1a,af,61,2e,90,bb,32,1a,f1,6d,e3,f2,e4,\ 5b,01,1e,07,41,a9,5d,eb,f5,a6,58,60,9d,da,7d,e7,f4,1f,df,0a,b6,d9,ed,68,40,\ 92,ff,bb,f4,b1,31,b7,85,ad,6d,b5,b9,c5,46,06,6e,f1,24,87,db,18,a2,75,19,83,\ 34,83,e2,92,0d,2a,98,ae,40,41,89,7e,25,cd,71,5e,fe,1a,40,0d,da,0b,1e,a5,ba,\ ae,ad,d1,f3,13,8e,3a,d3,5f,26,42,87,1c,a2,f5,3c,d3,95,38,3c,85,dd,b0,54,fd,\ 76,24,7f,2d,13,04,fa,b0,f5,5c,2e,94,ff,5a,2a,04,c5,0a,51,24,e5,65,50,3d,9a,\ 8a,53,1a,8e,4b,79,b2,f0,eb,85,06,c7,26,d6,4d,86,72,99,4f,e0,85,3d,0f,dd,17,\ 27,ac,2e,e9,a8,89,bd,06,2c,ac,89,49,b4,64,b1,1f,86,2f,ce,b0,8e,22,da,86,77,\ 79,ea,5e,18,5a,3b,d0,d4,2d,e7,9e,37,e3,69,65,35,2d,03,75,b2,ec,5c,e0,47,e9,\ 6e,d1,44,c7,9f,20,f1,35,2e,23,1a,68,d1,c6,ca,c9,9d,de,56,eb,25,ba,9d,bf,e6,\ fb,8f,0b,e3,a6,ec,18,8c,78,4e,ab,e4,7a,6a,37,e3,d4,93,51,19,e6,95,7f,64,95,\ 95,4e,a6,05,e3,c8,4b,1e,c3,e7,f8,3f,2b,95,7a,51,6a,b6,b8,f1,bc,69,e6,d1,1c,\ 8b,fc,5b,59,7d,67,98,6c,28,fe,51,09,3e,37,74,74,c2,9b,b8,96,ca,77,84,50,84,\ d5,0d,0f,77,aa,bf,a1,0b,51,df,47,4c,38,6e,0b,eb,da,50,53,85,ed,ad,b7,be,28,\ dc,98,10,14,77,ef,d1,be,e9,82,9b,1b,eb,77,0b,1a,38,ec,d6,72,41,df,19,9f,21,\ 4b,ea,27,d3,94,33,22,a3,25,c0,f9,e2,58,96,6e,de,96,87,dd,11,bf,03,c1,99,cc,\ 31,79,e8,b3,3e,4c,bd,8a,f5,ac,53,f0,91,b7,d8,a9,cf,03,20,88,47,9b,9b,92,fb,\ 99,45,85,60,31,07,5c,c5,7e,e9,97,b1,24,fb,95,55,9d,9a,d4,88,78,f0,63,6a,64,\ ba,9a,47,8b,4e,08,be,21,dc,ad,22,3c,f4,69,20,e6,48,b5,a2,70,b4,91,f4,0a,7b,\ bd,25,91,d3,2c,b1,a8,a5,b6,5c,0a,8e,0d,61,1e,29,f2,cc,cc,90,a9,25,90,20,aa,\ 4e,cd,fc,7d,99,ae,63,d6,78,8f,83,6b,1c,c5,c2,4c,dd,91,6d,63,92,c4,1d,b4,bc,\ 28,8b,e4,02,1b,a5,f8,de,7d,e1,60,95,cd,d1,34,6c,8e,f7,bd,19,f0,db,37,78,ac,\ 5c,d5,7f,30,44,06,74,fc,1f,f7,5d,4c,4c,59,b9,f7,54,64,6d,97,7b,1c,01,ea,95,\ d3,0c,78,1b,da,ef,ed,76,7e,ed,bc,eb,bb,a6,80,11,30,d1,a3,fe,ae,ca,a3,83,cf,\ 91,09,55,8a,16,9f,6a,04,b4,de,a6,a9,fb,a6,b7,7c,b2,31,3d,ab,1c,4a,2f,67,7b,\ ba,7a,f2,d3,04,eb,fa,f0,52,4e,25,aa,ae,d8,ed,68,75,c2,ae,e3,09,37,fd,2d,c7,\ 70,3c,f1,39,1d,6b,f8,fc,8c,08,41,fc,44,f5,7c,88,2e,cc,75,61,96,fa,f7,f8,bb,\ 14,51,30,80,bd,aa,64,64,cb,95,ac,b4,a5,e5,5c,ff,ef,c3,ce,cb,6a,fd,62,86,15,\ a1,c2,bf,98,cb,6b,96,e3,bb,69,72,13,2b,61,f2,95,df,d5,25,8d,7d,a4,fd,79,9f,\ d0,01,11,27,84,43,72,d2,e6,56,92,7c,10,c9,f0,79,14,16,46,ff,27,2c,57,17,41,\ f5,f3,9e,da,db,6d,ec,fe,8b,4e,b4,a0,f8,4b,2b,30,a3,75,6d,6f,1a,b0,1c,83,bf,\ 66,4a,46,cb,7d,99,e4,93,86,a0,a5,09,37,91,07,85,1b,19,10,c6,88,88,e2,33,d1,\ 32,90,67,be,15,30,ed,39,bc,32,95,48,4a,62,ef,37,46,5b,85,36,42,b0,e3,48,ce,\ 09,20,f4,e0,d1,11,8e,0f,94,1a,b7,02,ac,44,27,27,1c,90,aa,a8,bc,8b,69,9b,97,\ 23,6b,78,91,b9,5c,d1,4c,77,8c,3d,4d,e4,3a,95,5b,b6,13,64,28,e7,f6,98,34,0b,\ fa,7e,ed,e0,b2,ed,1b,27,b0,c0,7b,b2,de,47,8a,aa,bf,95,86,45,84,c1,cd,4f,0b,\ 82,cc,d3,40,e1,f4,ca,48,3f,b3,3e,15,99,a4,b0,38,0b,02,b8,f6,93,63,eb,9d,18,\ a3,01,18,ab,1e,37,c2,0c,22,f3,78,70,a3,a7,f2,81,31,f7,53,a7,28,1e,fe,86,27,\ 8e,ac,c7,c3,d6,bb,1c,7c,c9,c9,7e,ef,dd,82,c4,b9,4e,d1,b6,2b,0e,93,af,c9,df,\ 60,c1,62,e1,2d,22,28,15,46,fc,6c,11,35,c1,a9,f9,e5,bf,c4,aa,07,f4,92,38,b5,\ 23,9b,9b,55,27,1e,a5,c1,88,54,37,a4,4c,f9,b5,27,10,09,b7,ce,57,c7,02,9c,21,\ 04,b6,7e,bf,9e,c8,e6,e7,47,b3,b7,04,88,6b,61,cf,95,05,93,4d,23,02,ef,7b,0d,\ 26,1c,69,23,7f,7f,38,18,c7,7b,0a,8d,e6,e7,ae,29,b7,bf,7f,eb,0f,19,89,bf,fc,\ 5b,ee,50,4a,ac,88,1e,4c,a8,d0,d0,d8,58,ff,cb,94,61,72,03,70,7b,53,11,74,25,\ 76,86,bc,97,81,80,c1,f9,50,7b,d9,d2,98,69,01,c3,ca,04,b2,db,75,3a,63,f3,d0,\ 80,cb,46,6e,1e,c8,05,4f,64,7d,96,ce,91,39,dc,d3,3b,4a,b8,4b,f1,16,d0,d5,1e,\ 67,8f,be,30,07,6c,30,fa,8d,70,a6,57,76,f2,a3,11,78,a5,a4,01,12,d6,53,77,68,\ ee,fd,db,4e,3e,46,95,a3,fc,1c,2b,e0,88,e9,a9,f0,f4,0d,46,43,c0,c4,8b,44,1e,\ f2,02,18,35,35,e0,cb,7b,83,d2,a0,39,d5,7e,f7,5d,2a,75,71,15,ce,63,55,9d,dc,\ 89,33,55,02,6e,c7,17,84,d1,1f,c7,84,e1,00,2c,80,b0,87,fe,1c,e6,0c,40,22,b2,\ 4b,cf,c7,07,c6,3c,30,04,65,d7,34,b3,60,0c,64,f7,5e,f3,48,c0,de,22,db,ec,81,\ d7,c5,9b,e4,9b,f1,eb,bc,01,36,f9,3b,c3,74,f6,65,25,ef,e3,c4,d8,a5,98,5e,1d,\ de,0b,e4,2d,06,cf,2c,d9,b8,db,e1,6e,1b,8d,79,db,71,ee,68,16,ed,38,94,bb,c5,\ 96,08,f6,89,2a,ec,a4,b3,54,b5,b5,7f,32,99,d5,fd,63,46,4b,64,11,d3,21,a9,c1,\ 2e,f7,85,50,fd,79,6f,82,d5,e7,84,61,21,8b,3a,98,ac,9b,3e,36,1c,b0,12,bc,bb,\ 79,fb,74,7e,b1,1a,05,3f,4e,d9,45,4e,fc,88,4e,28,c9,48,d4,86,22,29,b5,9a,fe,\ 8f,d2,95,59,da,1e,6c,e4,46,f4,dc,fb,0f,ae,ab,d7,d9,73,32,05,50,50,18,16,0c,\ 8b,95,60,98,b7,34,a6,46,71,fc,a5,7c,73,4a,fd,ee,f3,8c,33,98,48,cb,fa,f8,4f,\ 83,b1,7c,0d,b1,2c,36,96,2d,b7,d7,2d,3a,58,db,ac,5c,55,01,26,69,f6,fe,cc,e3,\ 8c,72,0d,85,b2,1b,01,1c,d3,49,08,98,ed,92,ae,63,94,c6,d3,f2,39,25,08,99,ac,\ d0,3b,a3,de,e0,7e,97,a2,ee,70,a6,04,5d,a7,b9,e7,a1,54,89,2e,e1,90,1e,d5,fe,\ 4d,f0,81,d0,8d,4d,5c,b2,d1,fa,1f,42,d5,1d,70,62,7a,5a,6f,82,04,3d,8c,22,85,\ d8,9b,92,99,ad,2a,fd,54,cd,12,a5,79,42,4c,70,ed,ab,06,a4,6b,26,f6,ef,78,73,\ ef,aa,9a,55,b2,c1,5e,c5,3c,06,88,16,22,0b,99,c3,b3,cb,41,52,b0,12,ed,0a,95,\ 7f,8e,a8,7a,dc,9d,52,37,ab,5c,d1,cb,01,5e,fa,ff,98,49,6d,46,1f,db,83,e8,d4,\ 2b,81,5f,55,32,12,01,b3,89,f4,e0,c9,74,f1,ef,cc,20,11,66,22,29,0e,67,78,5f,\ 08,e1,0f,ca,7a,b4,56,cf,eb,6d,17,be,45,eb,37,ca,1c,b7,21,65,7d,3b,e2,79,7e,\ c2,ed,bd,c7,e7,bd,ce,52,4d,bb,82,6e,91,61,79,0a,7d,a0,f5,30,7f,7f,eb,d0,59,\ 05,59,bf,19,5a,db,ff,4c,29,79,41,6f,48,c4,a8,a6,9b,21,d0,b0,36,64,0f,1b,c1,\ a1,fb,b4,21,3e,2c,42,54,4d,95,42,74,9d,19,2a,17,e2,ff,9e,8c,52,80,eb,7a,4a,\ 93,f7,c0,7a,40,82,ae,44,6a,ac,74,64,ed,b8,da,d6,e8,0f,32,f4,5c,88,8b,df,f7,\ e6,28,21,2a,a2,30,91,81,eb,a7,76,34,ec,9d,ef,f9,4d,a6,92,1d,fc,8a,53,d3,2d,\ 3d,a7,cc,9f,11,ea,08,22,2a,fe,eb,c5,56,32,36,93,b5,4f,72,69,d4,52,8b,f6,e5,\ 31,f1,f8,81,b8,92,b6,a4,7b,fe,90,fa,0f,c9,da,59,7a,31,eb,8e,e7,01,70,5c,9e,\ b5,06,c2,34,df,09,7d,ff,ca,a6,ce,cd,5c,38,7d,d6,41,d1,1e,ee,45,16,93,00,02,\ 51,d2,b7,bc,c1,e8,7e,89,34,3e,ab,b5,d8,9d,1c,f7,64,4f,6b,32,79,01,bf,34,b7,\ b6,95,17,26,64,d8,a3,b9,45,aa,0a,2d,2d,62,d6,34,1b,d1,1f,d3,0e,ca,01,09,1a,\ e1,4d,b1,ba,72,7f,a9,68,e6,f1,34,6b,31,4e,9d,f1,9f,48,1e,5d,d1,8e,ff,e2,02,\ f8,02,51,8f,05,ff,2f,b7,88,cc,0b,9f,9e,5f,0e,c2,99,e3,37,d4,a5,e6,f7,7a,38,\ da,55,f9,3d,8e,32,b2,5a,9e,0a,49,74,eb,8f,b7,75,4a,91,9b,4d,79,21,d1,36,57,\ f6,46,3d,54,0f,0b,fe,26,9a,a8,af,bd,15,b2,60,7a,b3,a0,80,9c,01,da,a4,fa,c9,\ 13,84,f8,37,d9,46,b4,3a,6a,00,80,2d,ca,78,95,b7,12,e5,2d,05,f0,0b,9c,f2,c5,\ fb,bc,fe,9d,bf,cb,02,3c,1a,4c,03,e8,4d,51,62,cb,e8,f6,52,99,df,2e,8f,72,e0,\ c2,4d,0a,e4,96,6f,07,05,2e,fa,ab,8f,72,c9,b2,59,ae,82,7e,56,dd,c8,71,67,27,\ b3,9a,73,a8,7d,95,ba,73,7e,ac,66,d7,5a,42,63,e0,79,72,71,98,21,b7,f3,78,b1,\ 5d,3f,1b,74,50,f4,8f,9c,89,7a,ae,6f,c5,e6,47,4a,7e,1e,b9,e6,19,3e,c0,da,61,\ 3b,8e,61,34,c6,1e,5e,7c,74,c5,9d,61,1b,09,5c,bd,7f,b7,0a,d1,2e,30,4e,36,a8,\ 04,4b,16,c3,c2,22,9b,4e,0d,b9,a8,f5,f3,bb,c8,64,7b,e1,63,af,7d,95,6f,38,f2,\ b7,01,07,34,1c,87,8e,92,6f,8f,b7,99,11,c2,10,f3,18,b2,7b,46,a0,d3,27,59,66,\ c6,bf,79,92,de,e1,1b,d5,dd,d1,c2,b4,fe,6f,23,24,39,66,87,56,c2,a7,72,d4,d2,\ 16,82,cd,ab,82,99,ad,d6,db,3e,f1,b0,9f,41,3a,24,96,9e,a0,ba,bf,a4,48,e6,d1,\ 8a,57,39,28,47,12,6b,a4,df,71,21,4d,c2,6d,79,99,20,c9,42,ed,5c,ad,0d,61,be,\ 91,87,c3,67,5d,06,df,8b,cf,61,fe,da,1c,05,ad,3f,da,45,c0,cd,1d,f2,96,f6,e1,\ 2c,9d,ff,a8,77,19,b0,63,11,22,50,96,83,ec,d1,b8,77,4c,47,d8,c9,77,9e,86,e1,\ bc,0c,8d,f1,3f,55,c6,4d,57,c9,70,78,a0,d6,d6,dc,e8,de,61,97,ea,7f,c3,d9,22,\ 18,76,8e,e0,89,65,3e,9c,3a,e8,31,89,5e,f6,d6,6c,79,96,65,af,1f,97,c4,b1,ff,\ 81,a7,61,21,cb,fc,0b,6c,4f,86,71,6b,fa,c8,1e,50,c8,24,f7,3a,f0,44,13,b3,5b,\ b9,cd,dd,7d,5b,e2,17,8e,9a,10,10,59,50,e7,d9,4f,ba,07,a5,a6,c7,ec,10,59,14,\ 13,b2,70,1a,5f,f3,81,a6,ba,21,77,8a,ff,bf,92,93,18,21,af,bb,63,35,ca,9f,5b,\ a4,c1,33,74,1a,5a,b4,46,e1,88,de,ee,b5,ea,60,b2,d4,95,8d,e3,54,13,54,08,b9,\ ab,72,38,c7,95,e3,e6,c8,95,44,a5,26,e3,5d,90,05,ad,0a,a3,bb,00,f7,6f,e7,0d,\ 5f,ca,56,7c,1a,c5,28,03,d6,de,2e,36,a4,77,97,a1,b7,87,cc,14,69,90,98,3e,7f,\ d1,8c,7d,ae,bc,a2,f5,5e,aa,20,df,ad,ce,bf,24,b7,67,0d,2b,15,3a,10,ef,a3,40,\ 2c,54,87,9c,46,bb,e7,6f,cf,2a,d4,19,2f,2a,b3,19,95,08,27,d7,57,17,47,d7,76,\ 9c,4d,3d,18,7a,a8,90,38,0f,4c,be,9c,59,4d,60,07,5d,ac,40,b0,c9,70,18,f4,d8,\ f9,9d,48,76,92,bc,71,a4,45,24,f7,1f,f3,04,d7,3c,a3,16,78,17,1b,dc,e0,ec,ad,\ 29,28,c5,54,e4,2d,56,00,f8,09,89,25,2d,f0,c2,ed,ba,d2,c0,45,f9,89,85,7d,02,\ 97,18,c9,4e,6a,c2,a1,81,de,7d,67,86,04,aa,4b,e1,22,02,6c,41,fb,cf,3f,55,50,\ 5c,35,e1,a6,aa,98,11,4a,64,b6,0d,93,15,42,cd,67,99,f7,2f,00,d1,7e,47,f0,9b,\ 92,f6,63,02,62,be,a5,b1,37,d4,c6,e4,ae,56,77,36,45,28,81,dd,41,98,3c,ca,62,\ bd,76,61,0c,b9,d8,7c,3d,e1,73,b2,c1,1d,9c,d9,a9,92,fa,c9,f9,7f,dd,63,a1,65,\ d1,d2,af,6b,73,11,c2,00,84,ae,c2,c2,3c,cd,ce,9f,e1,6f,76,3a,97,f5,2b,90,7a,\ df,f3,db,ea,da,61,b6,26,fa,c5,83,1d,fb,44,a0,0a,80,6f,5b,62,1c,eb,38,15,67,\ 23,88,7f,59,ff,1e,77,7d,ae,05,31,47,a2,6e,63,a8,dc,ec,a7,e0,69,e4,21,93,2d,\ 3e,61,20,df,61,8b,2e,55,5f,b5,87,02,6c,90,2a,bd,95,4b,9b,c3,ae,b4,7e,00,8d,\ a1,64,8a,75,8e,e5,6e,d5,87,ef,b0,33,48,5d,95,8d,63,a4,cc,03,fc,23,aa,94,0c,\ ef,8f,46,0b,f1,d1,ee,0e,37,52,ae,3d,99,9d,bd,87,9c,32,66,94,96,1d,54,fc,13,\ ce,0c,b6,78,24,bb,d3,e6,cb,32,6c,61,c8,2f,d9,32,52,de,23,89,e4,9f,bc,67,90,\ 0a,6e,bb,96,30,92,cb,35,24,82,d6,c1,bb,50,f8,f6,d9,8f,b9,4d,8c,4a,54,59,0b,\ 21,0f,a8,e1,9e,dc,b1,b2,a3,a8,00,ef,ac,8d,95,aa,54,48,87,a9,1a,ed,ec,b9,66,\ d9,fd,44,c7,e9,76,26,7f,e9,3c,bd,41,50,42,3f,39,2a,ad,51,4d,55,37,d5,a3,f0,\ d1,03,63,11,8c,bb,be,b6,b9,19,2f,ff,4f,4a,00,9a,8e,9f,b3,10,7e,e2,e0,d5,dc,\ 0a,e3,9d,52,79,5d,19,62,fd,f7,1b,24,9e,a5,9f,37,c9,33,08,fd,ae,20,ad,08,e6,\ b0,94,cf,59,3d,7d,a6,5f,ce,23,ed,25,ea,be,87,52,af,cc,8d,eb,1e,11,44,74,b9,\ dd,4d,59,50,8d,1c,8c,18,54,ab,6e,fd,3c,70,f3,39,67,8c,01,26,ec,9b,45,1a,50,\ fd,b6,3b,cf,1d,c5,04,d4,33,56,18,81,a8,be,c7,fe,d9,7b,eb,c9,17,22,0f,4d,f2,\ 98,d7,b7,b7,85,9b,05,37,06,56,5f,ca,a2,bf,ab,94,80,b5,5c,07,d7,e0,8a,a9,a5,\ 96,48,18,a4,fb,32,4b,7a,6d,45,1a,30,1f,f3,01,e5,03,77,21,c4,ee,67,f4,87,33,\ f6,88,b1,4d,1f,e5,4e,93,37,23,46,de,ff,0f,fa,98,8b,79,cd,2c,ec,45,e3,bb,0c,\ bf,28,11,d8,2f,95,d7,a5,ad,ae,0a,cc,37,50,ab,98,01,a9,b9,63,0c,88,5c,fb,fa,\ d7,63,4a,21,65,f0,37,de,e9,72,c7,2c,44,d4,88,75,07,f4,2f,a7,35,57,80,8b,f6,\ 4a,1b,6e,52,7c,2d,84,71,40,bb,83,b0,10,ed,4d,7d,6c,d0,01,85,1f,92,68,86,c3,\ f5,90,5e,87,fe,b6,68,30,ed,69,09,5e,72,ed,86,11,1e,de,19,6b,18,15,43,b7,11,\ cf,63,ab,7a,0c,88,ea,f4,36,84,cd,08,03,41,63,18,9c,59,b7,95,ff,e0,51,73,a2,\ 84,b2,ff,da,59,d9,d4,1f,79,ee,72,f2,3e,24,85,d9,6a,40,90,dc,2f,be,ec,82,4f,\ 68,0d,fd,82,28,08,a2,18,1b,52,9c,df,e6,cb,e0,47,4d,fb,63,c4,01,9b,8b,74,ba,\ 57,e4,02,86,d2,15,ca,61,eb,12,3e,05,3e,93,88,03,ee,c4,70,13,a2,3e,81,a9,ce,\ 36,67,c9,e8,34,f4,9c,1b,aa,87,44,42,1d,b8,54,6a,d6,3c,fa,20,fc,2d,39,67,5b,\ bb,d4,08,63,1f,6e,29,74,d1,ef,21,58,fb,2a,8b,11,2d,bc,99,d6,52,37,ab,58,e3,\ 80,21,49,5a,75,6d,1f,ea,d3,6c,16,6d,57,f6,74,9e,24,b3,10,88,65,31,15,3e,33,\ 34,04,cd,b9,4e,d1,f8,6f,96,af,2e,02,82,3d,c4,b8,35,e7,c1,0f,84,37,56,04,ce,\ 27,63,83,96,36,3d,23,71,bb,af,10,23,78,3f,48,05,72,b2,0b,a9,00,d2,8c,c1,23,\ 6e,ed,3d,15,a3,6a,b4,25,5a,d5,05,c1,12,42,3e,d5,df,03,bd,53,b3,d7,94,13,dd,\ 5e,32,de,cf,d0,40,c5,ea,24,ef,ca,b8,e2,3a,9f,54,fc,64,fa,fb,1b,04,62,2a,9d,\ 8e,ce,07,de,82,0d,3a,b7,e3,65,fe,45,eb,7b,78,ec,fd,72,47,9b,db,57,5c,51,19,\ bd,0c,e0,d1,a4,63,f0,99,a0,bc,48,b2,36,8e,49,82,8a,89,bb,45,37,e2,cd,ff,7f,\ eb,56,b5,a4,e6,61,dc,95,1b,b6,e9,12,cd,28,e1,0c,79,99,77,d0,d9,b8,9a,24,e8,\ a6,ba,46,3f,ab,cf,dd,37,cb,9c,30,4e,9a,35,96,cc,50,bf,2d,a5,20,77,cf,a2,c6,\ f5,42,bc,60,b2,af,c8,7e,c9,56,5a,7c,fa,7f,e3,10,f4,b4,1c,1f,d4,2d,a8,d5,e9,\ 8c,f4,f4,ba,ca,63,6c,4a,72,a8,2c,cd,9a,0d,72,39,70,dd,4f,fd,57,ce,ca,e1,e7,\ a9,d7,1e,46,8b,72,cf,ef,95,82,4b,b2,e6,03,b3,fc,c6,64,c7,59,24,2e,fe,37,43,\ e7,d5,ed,b0,36,67,fc,77,47,3e,94,96,71,69,5a,b2,17,ce,68,09,cc,c2,95,a8,ba,\ d7,f7,de,44,f5,a7,f0,ea,ad,c4,0e,6d,c9,a7,bb,86,34,28,c5,38,ef,c9,b0,4a,7a,\ 25,e3,1d,04,c2,9d,7f,70,05,7d,22,fb,47,47,4c,20,2c,e5,d1,b8,30,ac,3e,66,83,\ e1,58,32,17,7c,c5,74,f7,2b,08,f4,da,9a,b3,4f,f8,f2,d7,9d,1c,9f,c0,50,fb,57,\ df,5f,c4,58,08,a4,f8,f1,dd,83,7c,43,8a,cd,ec,d9,49,b4,e4,33,16,ab,1f,59,5e,\ e7,70,9b,38,b2,44,c1,22,22,aa,ac,46,4a,b8,2f,fb,b1,2a,1f,8f,03,4d,ae,44,07,\ 1b,f4,98,d1,a8,cf,ca,39,bd,ed,99,8c,c2,27,4f,80,e1,11,fe,6e,68,cf,0a,bb,6f,\ 2a,e7,97,bb,e2,24,eb,e3,46,a9,8c,b1,03,3d,b5,cb,3a,f2,4a,b4,93,d5,e5,e3,4b,\ 1a,09,da,7d,80,23,e3,9a,c2,d4,ae,e1,33,f2,47,82,51,d0,44,04,9c,bf,43,e4,a9,\ d4,94,7f,72,ec,32,31,f0,ee,f8,bf,ec,50,11,f2,11,dd,b1,85,47,b5,02,41,3c,95,\ 61,67,43,58,cb,4e,62,be,92,4d,a6,6d,55,db,ba,35,2e,f5,b8,fb,98,2d,c0,3f,8a,\ 06,70,c6,75,06,68,30,80,4c,a3,a0,11,35,52,8e,90,18,c7,1b,6e,34,91,a1,67,e6,\ e9,8f,04,1f,4c,74,63,16,6a,59,3a,3a,3f,54,1a,6b,80,5a,f1,69,38,55,d3,8d,b3,\ 76,fa,b7,9b,cd,0b,87,61,17,9a,d0,de,d7,f1,49,3b,a8,0d,86,0e,d1,cf,ea,27,c5,\ 1a,00,50,48,de,0e,58,da,62,16,c6,40,65,a9,79,26,f8,64,26,be,90,bb,08,aa,5a,\ f5,d2,1c,ce,78,e9,3c,87,47,d0,ca,52,c9,e3,04,85,cc,49,ca,92,c9,24,00,db,6a,\ 0a,34,c8,49,b9,80,17,fb,06,b2,74,4d,17,ab,4a,cd,d2,05,d8,8d,95,f8,87,f7,23,\ 28,7f,7b,f4,f0,b6,68,b3,65,87,a7,24,c5,85,89,26,0a,18,eb,f0,1a,db,0a,9b,3f,\ 42,99,e0,d6,80,11,24,4b,a8,49,b1,45,12,46,47,1d,00,54,d3,95,81,55,7e,c7,96,\ 5a,e9,5b,94,70,b7,fd,c9,bc,4d,0e,62,cb,d5,9a,8c,23,89,8b,da,1e,2e,1c,e7,f8,\ a3,de,90,3c,26,0b,23,74,e9,c1,41,9d,24,2b,f6,e2,6a,59,a5,67,5c,40,fe,75,32,\ 03,2a,d7,97,70,48,84,ba,ce,1d,7d,a2,d6,07,f9,c1,ff,33,c0,cd,ff,10,d5,cb,8e,\ 04,57,6c,6d,5d,a9,9d,a7,8a,d1,5a,16,8b,1e,c3,2a,a6,0e,71,e6,5c,6e,0a,2b,9b,\ c3,13,da,39,35,e9,06,73,91,fa,a5,62,a0,71,8d,fd,13,90,0e,28,cc,fe,3a,7a,92,\ b5,3c,43,08,1b,eb,ce,e0,6f,9f,e3,4c,67,44,90,b5,18,ad,29,b0,15,2a,8e,2e,db,\ 5c,ac,f2,6d,48,47,49,3b,ab,f6,f5,48,8d,6f,6a,8c,19,04,3d,97,ac,6e,d9,78,2c,\ ca,73,dd,9b,c4,e1,41,7b,ec,ac,e7,b1,15,17,32,68,65,06,09,3d,18,96,a1,e2,29,\ a5,ef,c1,67,94,63,e3,cb,4b,d3,11,09,7e,b5,39,65,2f,92,12,c8,75,b7,03,13,00"NoDriveAutoRun"=dword:03ffffff"NoDrives"=dword:00000000[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]OK, now for the DUAL boot question: I don't even know what that means, so I guess not. I DID have another OS (it was still XP though) on D drive because it was from an old computer, but I have since formatted it and now only use it for storage. I hope that answers your question. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 16, 2010 Root Admin ID:233586 Share Posted April 16, 2010 STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from hereERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.Double click on erunt-setup.exe to Install ERUNT by following the prompts.Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\Windows\ERDNT which is acceptable.[*]Make sure that at least the first two check boxes are selected.[*]Click on OK[*]Then click on YES to create the folder.Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"DriveConfiguration"=-"LegacyDrive"=-Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Disable your Antivirus software. If it has Script Blocking features, please disable these as well. A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit.A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.Post back the Combofix log on your next reply.STEP 03Update and Scan with Malwarebytes' Anti-MalwareStart MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.Update Malwarebytes' Anti-Malware Select the Update tabClick Update[*]When the update is complete, select the Scanner tab[*]Select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtThen post back the MBAM log Link to post Share on other sites More sharing options...
noobJ Posted April 16, 2010 Author ID:233682 Share Posted April 16, 2010 I backed up my registry with ERUNT.When Combofix opened, it said there was a newer version and asked if I wanted to update it, I clicked yes...I hope that was the right thing to do. Here is the Combofix log:ComboFix 10-04-14.04 - Val 04/16/2010 0:12.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.652 [GMT -4:00]Running from: c:\documents and settings\Val\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Val\Desktop\CFscript.txtAV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}.((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 ))))))))))))))))))))))))))))))).2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k72010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k62010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k52010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k42010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k32010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k22010-04-15 08:35 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k12010-04-15 08:35 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k02010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"LegacyDrive"= b6a2ba0ac63dc59461fe0f50a2213574b1bf3a0a444429fe6624fb7677caba6175d1e75379771990854fe8667c3509c17287baf9269261eecd4b705712408b575aceed514c9308fe91266bbdf0d806e92a1ed1f8f12cb757e4612df44cb1e60c7deeff94ae4679d8070ded62fabd7b1dd73c04ba9b5d995309a8334efd5ea485fcb8cda30f7012d1d2820b93c8347cecf15488c99fc1219c85d72cc3481120623dfb40a0e41ed0443d8878e8c6cd44f1a0a0eec5eda460377c7f7546a83000087da30fe11d8371f8625075ecc5b1f5c27f0b9323ed5243c4392009253704047e8d1cacf617e6af58178a53037f571d4fd8d25bca0a935271ae1c8f72c6bd3236acb58d9f499aee8f87fbb8a90943b95b19e0b71ce2a54cf2df6df4389302659e7b3d1f71416e431d32fda8f0f2522c206ef348981013ece7cf3d7479e1f3cd4343d16cf9a9455a8e0afeda4b5ea24c1fa6c051362e0530cc0fb27944f74de7742d978b43cfbf27775ed5d8c87d81f939f6f543a8fe2039a3ba25c37d020b19a1bf64b6e2276c169da5229e4148d5f8202317f711c609cdce13d97e9b4d88942972f114b9cb07b284c15e415bf2ec6d8b8411ac03b9d672b9c472a449dc1350df8edb9b585728fba47218a66fefc04c490005edfe61a9ed78c05f908115512aa7059e2a3206f45759c5615ab5c4667df5484eb2d472bdd748ac8c38fc46d456016149e6c00dca1d34ae352b56a48005d82b0668157f1e1b4844f29774fd268f1dc6bd38182fb30001f42897947155656e5970d518abd0f441e2523a4b6cfba70a5edf12c86641be8c01fb2f9bee203c40e2e164c97dad66d27d9c0bc6320e47a2318f80fc4dfe2e9744c3efa44bb54d2d01da445b83735e9c5581ec0eeb35a7956fa8972abecc3476b3a2cb9fa9ae24623ba862624e752abf525508ebc45e0eb9f829beb715cb29be610759c7bfc1ed0075b6031ffb336b5bf75163b84959958adcc51dcbd00a32272fd5585fc594d7ef32386bee3d393d376bdb12c6d0b0c364265fed871ca3e974f097ffa64030d6731e0b2fed6269d3074477caf82ad3cee5bed04dffba44ead8582a2f62f6e19ca8c1ec766ac637c91612a9aef318fccaa052cd17bd2befe7e81d0526eb1750df3321c50184426364eca2c307f6ecf19b1ff67a468ea4c6a1ff09a80201d034ea0161dbd135e6298e3f3efdba0a393dae503518ee61d9eb712007663c4e0bea350b19363799f6436264f56cb53f25d2def1c9ff50f008ca976ce67ae88f732efd04427b1fb61d5884daf737dcfb2f22752784c2f4c97b8206e08e868ed54fa06131f4c6f3b312c42f9fa92ea6586199ec31130a3f818baf6af58dcde92b15fa4e7ce38ce31837519159da8001515df000a5a588289fa7f7bd7ec471a5d5116ae9bc84da7c9679ad2e465a73d78feeac91792b4324f74c58c2c62242f598afd5d572f1e07e53fcfac1164b7f1a9958d5e21f6af4c6f3af25784e8a09a47b2ede26396cfe7a61c9eca874c9d4033167b7604dba0bc05665f196811d5ece9cc6b60d44d99d3b5809093fad269c09044132d63911b5afbc95393345fb4597c4c16eeb971a2b9f0093e445d6f64c987b6ff1be0ded11f7cae1cbb0852db0e76e04b47fff88c4be325b47814456018bb97e381da03316c718ab4f7d139f03ed5a44e610d17d9e00fd4f6c09c3950f0273f5e6de0412547ea10368c96504beff646ca04ae9eadf719707c54ca34bfbe859cec8bf5b73126fdf6ed260bc04c5a7c492642a55d117052b58a62d7863f05337d2df0cbd759b2e9186fe7d7d774887e5ee15cc580e8c2265f9d858b093dc1a44a38822142b90155a3cf271083546f7250a8065ce7c2aa590ecf14515726327032af77a21ce4ee8bb8ab811480bfa394bd94f3d77e8accc166948d3ace65c39d78e27cd79ce367d1921e2c88728a21a75bffd638610c41c687e84076c6435057a5d1b21046552d03a3ca9777d0bb32e154a1cc426e13a03e08ee435f78687e6535f76ec082d82a588eccb80171ed5bf80b4df7b073270e89e0f3295da5c5a03882aa34a90c019873cd0f02e048006b6541ec5ed8e0f4b8e5309c815ff8228d27269f33d161371891d78117c0b9f0b7d755745ef082873bdcc898336aa53381c2c7615f785eb7cafb9d1e9175a9e5c7753aa93fb8cee39f425dc86063de6b6d1083fbbd121e52f8322df8cca72c39f905f7c3ab06d4a2a14ed0a681ad1b8933dbe329ef1633fc6ce0acfc8f16c8450a0ca72b42c39bf23e21c3ddf97879a2ad3c2678d893b649a9aa58d2a0456f0e957edbb15693799824b543fe27c1541435ca92bd9e379cdfe9250d677aabfa4f99dc05bebc299356e4c03199b7d8c6e0b173a31959d1471457396160b3e21f533bc0860d27e2519b4efcd72f39203b3c88becbca26183ec75028e415508d1c0433a81174756fb81be0db6eaf6507753f8cac479a5ae9ab105b26217db5b22e77de57cf12be2f9ad97fdd1f0b1495c3f34a5d085b7630ac08a9c8cfbe1c6c27c3488893ee5ccf1a1241642610f153ec51e78a619bf03005d3de2963fe63dc2476d0c69528d2dc641efb469f24e82f97f6fd9195366d9ae15da9380da177069e5eb5bb325136b2cfef4c27d4c8bb5b7a6a72c2fdf564c8cd39d541e606cc571b2d0c623c46bc6f223216319f5158bdd3bd4e16353cf62c4c10f4863952e242e7fb15f76044e41e8a7bc329b316c76191bc65ebe5cb6bb617f679836f84e29f3b86bfe32ffcc7c1772528e326db798a79ad0ac8cc3100192e44ea1e885c8615c466716c3bc45069c7bd46c9df074e0617c82e028123f6a893d1cfd9024b1a2b6b1512d10f2e2c1c6bfeb92c79defefbbe2fa7f391a79cb3baa4efccfb324e60f39004652851948a4c7ea4d740085ea8d1f2a34476a18e93bff20a3d4c45d879c533d7c3946440be388fe9f230ce2dfdbbf7c3b87bbccc5c2bde9430cd9e982ca6c05ed8e53f95d995aaa339ef70ba4c939415500fb0528695d4b552c7421bc7a41d979bdcee06aba730214cd469d437dbde2b69f2870e0e837c78f02bdffcbdeb3ba014b805760c877688496a2675212bea42342868224ae35e3fc7146e1b08f7ebfc4892c1fa32faf7541b63abbff0aafd466cf65a39a9821699adcca4f829878e2386c5c5ba0fb98230f95549603130e07110331051e06eaddd27537604a4b40e70d3feb934230abda20c6983fa557c5608b07ce367834b0997411dee602a190919526865f5f6d090fdc8e1dacbc0b90d8e6bd2363be0eea1ca369f6e7bcef3010f56c88df4489506d3142e2b5959b89eea28f9f18234af2d605986c7b179cf4670ec58f94ccfecb6c95e2255dde53bf09b09aeac217ef921385c7e8bdc29a10a13ee81ae1a57e3443b5f51ed64c7dded7c6d8b4d585a95014d1ef432fe3cdb4023c8c54c73be2937fef7514942a9b5fbcd764d7208dfadaebbe6387900c0738eede0a0159897e818449c367f1e09e35ac808b4439eb5509cbd9e396b69a556427fc4f4f136f95e26d67d9d59c02d0d42ceb8b82c47e05be582df9259f22f6d8c825b4b77f68c1a98eb8a2d8c6fd42eaff47c47f265e20c682fa814b3b32eb111c3721e19842c6e10bcbc26843fce7113f65d50f36f11bc0db199e84e0573fcfb9deb87da288c766e3108f3353813b6faf1beee4e1bc64b51a541d4d4a1cf664583623b231a6220c5f9dedd1defe74842c1b4abaa0bf9f37fc726e5445f8f7a3d31b70d6a4aaf8ddf5c2cc4f144cbd0b70c7e21ff2488ae990bf747b1fe77b434468f12ced7fb9f28250d914d27b46441862a81cdb7f5e0d12fbc2988c7daec08f403ebfbf69d8f842976a2d22bbf3f2f32a4561b5f00910fb6803404d0a9757cc838d90140b11f267f3f8fe7e077d5cade3f1261a76ed517bedfd0bd5886b40f042596309b40c6bc8378b1c714969875e31dfd4ade61d3f362ee261c0034bb1743ae84a916715ef62fb884c6daf267eee261bd684cd29ecda2906408d678750f1c9fc5bc990f4cea3a8fa1116db025d494308ceb405f3b92b3cbf3f1834db2207d9d0d8696f24de91837e4f03210ab5ee471f1ff79a20733858a006898ec96afe8bfe87fcb094bfeec1d9cd699aa88fd777e1b53726aa1b020b63f0be68dc17d0dbc6cd9228688da53993308863d8596aebf8103dc99cad0cac47f88e3e888efba874871e595355ac039aefd4e7192f17ff5376795a69da9e3a21ea009f91f9f6946d7c7256cabee1aa27d55274add4db86b64238b68dcbb63374364f19ec97174230c6d65f030ff748ab2ba1913e6f235e1c449578bdd7bca0ad112f23a8d4cab8aefb3afd648cb0602e998623522054d0488e64d8c881667a28d265e6e5d3faa37fd5c02e8bee07e403f8cd21e0dde9aaeb128a48d062e0b674ed19bd88708f9e5ec740b0fcb07e4a70d4d1e7e362fd9878f0b39e2eb5e7ad392b0515fc3434f172f3d7a2cce05a7c5c1c2bbeb10106c804fe7688d2a29936cbf62341eb10a589e7e50fceca5f7468e0af0e39d3e582e114be65307cbdf1fee1337d4e85d2454dbdc4dd77acf2a087ac9fd383409035f84a71d7877f742ea0173b678ec9f8fab4f6d38216258bcc1aaf612e90bb321af16de3f2e45b011e0741a95debf5a658609dda7de7f41fdf0ab6d9ed684092ffbbf4b131b785ad6db5b9c546066ef12487db18a27519833483e2920d2a98ae4041897e25cd715efe1a400dda0b1ea5baaeadd1f3138e3ad35f2642871ca2f53cd395383c85ddb054fd76247f2d1304fab0f55c2e94ff5a2a04c50a5124e565503d9a8a531a8e4b79b2f0eb8506c726d64d8672994fe0853d0fdd1727ac2ee9a889bd062cac8949b464b11f862fceb08e22da867779ea5e185a3bd0d42de79e37e36965352d0375b2ec5ce047e96ed144c79f20f1352e231a68d1c6cac99dde56eb25ba9dbfe6fb8f0be3a6ec188c784eabe47a6a37e3d4935119e6957f6495954ea605e3c84b1ec3e7f83f2b957a516ab6b8f1bc69e6d11c8bfc5b597d67986c28fe51093e377474c29bb896ca77845084d50d0f77aabfa10b51df474c386e0bebda505385edadb7be28dc98101477efd1bee9829b1beb770b1a38ecd67241df199f214bea27d3943322a325c0f9e258966ede9687dd11bf03c199cc3179e8b33e4cbd8af5ac53f091b7d8a9cf032088479b9b92fb9945856031075cc57ee997b124fb95559d9ad48878f0636a64ba9a478b4e08be21dcad223cf46920e648b5a270b491f40a7bbd2591d32cb1a8a5b65c0a8e0d611e29f2cccc90a9259020aa4ecdfc7d99ae63d6788f836b1cc5c24cdd916d6392c41db4bc288be4021ba5f8de7de16095cdd1346c8ef7bd19f0db3778ac5cd57f30440674fc1ff75d4c4c59b9f754646d977b1c01ea95d30c781bdaefed767eedbcebbba6801130d1a3feaecaa383cf9109558a169f6a04b4dea6a9fba6b77cb2313dab1c4a2f677bba7af2d304ebfaf0524e25aaaed8ed6875c2aee30937fd2dc7703cf1391d6bf8fc8c0841fc44f57c882ecc756196faf7f8bb14513080bdaa6464cb95acb4a5e55cffefc3cecb6afd628615a1c2bf98cb6b96e3bb6972132b61f295dfd5258d7da4fd799fd0011127844372d2e656927c10c9f079141646ff272c571741f5f39edadb6decfe8b4eb4a0f84b2b30a3756d6f1ab01c83bf664a46cb7d99e49386a0a509379107851b1910c68888e233d1329067be1530ed39bc3295484a62ef37465b853642b0e348ce0920f4e0d1118e0f941ab702ac4427271c90aaa8bc8b699b97236b7891b95cd14c778c3d4de43a955bb6136428e7f698340bfa7eede0b2ed1b27b0c07bb2de478aaabf95864584c1cd4f0b82ccd340e1f4ca483fb33e1599a4b0380b02b8f69363eb9d18a30118ab1e37c20c22f37870a3a7f28131f753a7281efe86278eacc7c3d6bb1c7cc9c97eefdd82c4b94ed1b62b0e93afc9df60c162e12d22281546fc6c1135c1a9f9e5bfc4aa07f49238b5239b9b55271ea5c1885437a44cf9b5271009b7ce57c7029c2104b67ebf9ec8e6e747b3b704886b61cf9505934d2302ef7b0d261c69237f7f3818c77b0a8de6e7ae29b7bf7feb0f1989bffc5bee504aac881e4ca8d0d0d858ffcb94617203707b531174257686bc978180c1f9507bd9d2986901c3ca04b2db753a63f3d080cb466e1ec8054f647d96ce9139dcd33b4ab84bf116d0d51e678fbe30076c30fa8d70a65776f2a31178a5a40112d6537768eefddb4e3e4695a3fc1c2be088e9a9f0f40d4643c0c48b441ef202183535e0cb7b83d2a039d57ef75d2a757115ce63559ddc893355026ec71784d11fc784e1002c80b087fe1ce60c4022b24bcfc707c63c300465d734b3600c64f75ef348c0de22dbec81d7c59be49bf1ebbc0136f93bc374f66525efe3c4d8a5985e1dde0be42d06cf2cd9b8dbe16e1b8d79db71ee6816ed3894bbc59608f6892aeca4b354b5b57f3299d5fd63464b6411d321a9c12ef78550fd796f82d5e78461218b3a98ac9b3e361cb012bcbb79fb747eb11a053f4ed9454efc884e28c948d4862229b59afe8fd29559da1e6ce446f4dcfb0faeabd7d9733205505018160c8b956098b734a64671fca57c734afdeef38c339848cbfaf84f83b17c0db12c36962db7d72d3a58dbac5c55012669f6fecce38c720d85b21b011cd3490898ed92ae6394c6d3f239250899acd03ba3dee07e97a2ee70a6045da7b9e7a154892ee1901ed5fe4df081d08d4d5cb2d1fa1f42d51d70627a5a6f82043d8c2285d89b9299ad2afd54cd12a579424c70edab06a46b26f6ef7873efaa9a55b2c15ec53c068816220b99c3b3cb4152b012ed0a957f8ea87adc9d5237ab5cd1cb015efaff98496d461fdb83e8d42b815f55321201b389f4e0c974f1efcc20116622290e67785f08e10fca7ab456cfeb6d17be45eb37ca1cb721657d3be2797ec2edbdc7e7bdce524dbb826e9161790a7da0f5307f7febd0590559bf195adbff4c2979416f48c4a8a69b21d0b036640f1bc1a1fbb4213e2c42544d9542749d192a17e2ff9e8c5280eb7a4a93f7c07a4082ae446aac7464edb8dad6e80f32f45c888bdff7e628212aa2309181eba77634ec9deff94da6921dfc8a53d32d3da7cc9f11ea08222afeebc556323693b54f7269d4528bf6e531f1f881b892b6a47bfe90fa0fc9da597a31eb8ee701705c9eb506c234df097dffcaa6cecd5c387dd641d11eee451693000251d2b7bcc1e87e89343eabb5d89d1cf7644f6b327901bf34b7b695172664d8a3b945aa0a2d2d62d6341bd11fd30eca01091ae14db1ba727fa968e6f1346b314e9df19f481e5dd18effe202f802518f05ff2fb788cc0b9f9e5f0ec299e337d4a5e6f77a38da55f93d8e32b25a9e0a4974eb8fb7754a919b4d7921d13657f6463d540f0bfe269aa8afbd15b2607ab3a0809c01daa4fac91384f837d946b43a6a00802dca7895b712e52d05f00b9cf2c5fbbcfe9dbfcb023c1a4c03e84d5162cbe8f65299df2e8f72e0c24d0ae4966f07052efaab8f72c9b259ae827e56ddc8716727b39a73a87d95ba737eac66d75a4263e07972719821b7f378b15d3f1b7450f48f9c897aae6fc5e6474a7e1eb9e6193ec0da613b8e6134c61e5e7c74c59d611b095cbd7fb70ad12e304e36a8044b16c3c2229b4e0db9a8f5f3bbc8647be163af7d956f38f2b70107341c878e926f8fb79911c210f318b27b46a0d3275966c6bf7992dee11bd5ddd1c2b4fe6f232439668756c2a772d4d21682cdab8299add6db3ef1b09f413a24969ea0babfa448e6d18a57392847126ba4df71214dc26d799920c942ed5cad0d61be9187c3675d06df8bcf61feda1c05ad3fda45c0cd1df296f6e12c9dffa87719b0631122509683ecd1b8774c47d8c9779e86e1bc0c8df13f55c64d57c97078a0d6d6dce8de6197ea7fc3d92218768ee089653e9c3ae831895ef6d66c799665af1f97c4b1ff81a76121cbfc0b6c4f86716bfac81e50c824f73af04413b35bb9cddd7d5be2178e9a10105950e7d94fba07a5a6c7ec10591413b2701a5ff381a6ba21778affbf92931821afbb6335ca9f5ba4c133741a5ab446e188deeeb5ea60b2d4958de354135408b9ab7238c795e3e6c89544a526e35d9005ad0aa3bb00f76fe70d5fca567c1ac52803d6de2e36a47797a1b787cc146990983e7fd18c7daebca2f55eaa20dfadcebf24b7670d2b153a10efa3402c54879c46bbe76fcf2ad4192f2ab319950827d7571747d7769c4d3d187aa890380f4cbe9c594d60075dac40b0c97018f4d8f99d487692bc71a44524f71ff304d73ca31678171bdce0ecad2928c554e42d5600f80989252df0c2edbad2c045f989857d029718c94e6ac2a181de7d678604aa4be122026c41fbcf3f55505c35e1a6aa98114a64b60d931542cd6799f72f00d17e47f09b92f6630262bea5b137d4c6e4ae567736452881dd41983cca62bd76610cb9d87c3de173b2c11d9cd9a992fac9f97fdd63a165d1d2af6b7311c20084aec2c23ccdce9fe16f763a97f52b907adff3dbeada61b626fac5831dfb44a00a806f5b621ceb38156723887f59ff1e777dae053147a26e63a8dceca7e069e421932d3e6120df618b2e555fb587026c902abd954b9bc3aeb47e008da1648a758ee56ed587efb033485d958d63a4cc03fc23aa940cef8f460bf1d1ee0e3752ae3d999dbd879c326694961d54fc13ce0cb67824bbd3e6cb326c61c82fd93252de2389e49fbc67900a6ebb963092cb352482d6c1bb50f8f6d98fb94d8c4a54590b210fa8e19edcb1b2a3a800efac8d95aa544887a91aedecb966d9fd44c7e976267fe93cbd4150423f392aad514d5537d5a3f0d10363118cbbbeb6b9192fff4f4a009a8e9fb3107ee2e0d5dc0ae39d52795d1962fdf71b249ea59f37c93308fdae20ad08e6b094cf593d7da65fce23ed25eabe8752afcc8deb1e114474b9dd4d59508d1c8c1854ab6efd3c70f339678c0126ec9b451a50fdb63bcf1dc504d433561881a8bec7fed97bebc917220f4df298d7b7b7859b053706565fcaa2bfab9480b55c07d7e08aa9a5964818a4fb324b7a6d451a301ff301e5037721c4ee67f48733f688b14d1fe54e93372346deff0ffa988b79cd2cec45e3bb0cbf2811d82f95d7a5adae0acc3750ab9801a9b9630c885cfbfad7634a2165f037dee972c72c44d4887507f42fa73557808bf64a1b6e527c2d847140bb83b010ed4d7d6cd001851f926886c3f5905e87feb66830ed69095e72ed86111ede196b181543b711cf63ab7a0c88eaf43684cd08034163189c59b795ffe05173a284b2ffda59d9d41f79ee72f23e2485d96a4090dc2fbeec824f680dfd822808a2181b529cdfe6cbe0474dfb63c4019b8b74ba57e40286d215ca61eb123e053e938803eec47013a23e81a9ce3667c9e834f49c1baa8744421db8546ad63cfa20fc2d39675bbbd408631f6e2974d1ef2158fb2a8b112dbc99d65237ab58e38021495a756d1fead36c166d57f6749e24b310886531153e333404cdb94ed1f86f96af2e02823dc4b835e7c10f84375604ce27638396363d2371bbaf1023783f480572b20ba900d28cc1236eed3d15a36ab4255ad505c112423ed5df03bd53b3d79413dd5e32decfd040c5ea24efcab8e23a9f54fc64fafb1b04622a9d8ece07de820d3ab7e365fe45eb7b78ecfd72479bdb575c5119bd0ce0d1a463f099a0bc48b2368e49828a89bb4537e2cdff7feb56b5a4e661dc951bb6e912cd28e10c799977d0d9b89a24e8a6ba463fabcfdd37cb9c304e9a3596cc50bf2da52077cfa2c6f542bc60b2afc87ec9565a7cfa7fe310f4b41c1fd42da8d5e98cf4f4baca636c4a72a82ccd9a0d723970dd4ffd57cecae1e7a9d71e468b72cfef95824bb2e603b3fcc664c759242efe3743e7d5edb03667fc77473e949671695ab217ce6809ccc295a8bad7f7de44f5a7f0eaadc40e6dc9a7bb863428c538efc9b04a7a25e31d04c29d7f70057d22fb47474c202ce5d1b830ac3e6683e15832177cc574f72b08f4da9ab34ff8f2d79d1c9fc050fb57df5fc45808a4f8f1dd837c438acdecd949b4e43316ab1f595ee7709b38b244c12222aaac464ab82ffbb12a1f8f034dae44071bf498d1a8cfca39bded998cc2274f80e111fe6e68cf0abb6f2ae797bbe224ebe346a98cb1033db5cb3af24ab493d5e5e34b1a09da7d8023e39ac2d4aee133f2478251d044049cbf43e4a9d4947f72ec3231f0eef8bfec5011f211ddb18547b502413c9561674358cb4e62be924da66d55dbba352ef5b8fb982dc03f8a0670c675066830804ca3a01135528e9018c71b6e3491a167e6e98f041f4c7463166a593a3a3f541a6b805af1693855d38db376fab79bcd0b8761179ad0ded7f1493ba80d860ed1cfea27c51a005048de0e58da6216c64065a97926f86426be90bb08aa5af5d21cce78e93c8747d0ca52c9e30485cc49ca92c92400db6a0a34c849b98017fb06b2744d17ab4acdd205d88d95f887f723287f7bf4f0b668b36587a724c58589260a18ebf01adb0a9b3f4299e0d68011244ba849b1451246471d0054d39581557ec7965ae95b9470b7fdc9bc4d0e62cbd59a8c23898bda1e2e1ce7f8a3de903c260b2374e9c1419d242bf6e26a59a5675c40fe7532032ad797704884bace1d7da2d607f9c1ff33c0cdff10d5cb8e04576c6d5da99da78ad15a168b1ec32aa60e71e65c6e0a2b9bc313da3935e9067391faa562a0718dfd13900e28ccfe3a7a92b53c43081bebcee06f9fe34c674490b518ad29b0152a8e2edb5cacf26d4847493babf6f5488d6f6a8c19043d97ac6ed9782cca73dd9bc4e1417becace7b1151732686506093d1896a1e229a5efc1679463e3cb4bd311097eb539652f9212c875b7031300[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents\\Webshit\\setupxv.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\AIM6\\aim6.exe"=R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160]R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652]R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?]S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]tapisrv REG_MULTI_SZ Tapisrv.Contents of the 'Scheduled Tasks' folder2010-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]..------- Supplementary Scan -------.uStart Page = hxxp://www.pogo.com/home/home.domStart Page = hxxp://ca.yahoo.comuSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000LSP: c:\windows\system32\VetRedir.dllTrusted Zone: pogo.com\wwwDPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dllDPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dllFF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-04-16 00:24Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(820)c:\windows\system32\UmxWnp.Dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll- - - - - - - > 'lsass.exe'(1088)c:\windows\system32\VetRedir.dllc:\windows\system32\ISafeIf.dll- - - - - - - > 'explorer.exe'(3640)c:\windows\system32\WININET.dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2010-04-16 00:32:29ComboFix-quarantined-files.txt 2010-04-16 04:32ComboFix2.txt 2010-04-10 00:10Pre-Run: 51,956,932,608 bytes freePost-Run: 51,925,209,088 bytes free- - End Of File - - 40D29E291AAD241EF14FA259930D7A71I tried to update MBAM but still can't, got the same message:MBAM_ERROR_UPDATING (122,0, MultiByteToWideChar)The data area passed to a system call is too smallI ran the quick scan anyway, here is the log:Malwarebytes' Anti-Malware 1.45www.malwarebytes.orgDatabase version: 3930Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187024/16/2010 12:55:16 AMmbam-log-2010-04-16 (00-55-16).txtScan type: Quick scanObjects scanned: 101756Time elapsed: 18 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 16, 2010 Root Admin ID:233686 Share Posted April 16, 2010 I'm sorry, I forgot the directive to tell Combofix what to do. Please run the following again and then proceed to Step 3 STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from hereERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.Double click on erunt-setup.exe to Install ERUNT by following the prompts.Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\Windows\ERDNT which is acceptable.[*]Make sure that at least the first two check boxes are selected.[*]Click on OK[*]Then click on YES to create the folder.Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank linesRegistry::[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"DriveConfiguration"=-"LegacyDrive"=-Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Disable your Antivirus software. If it has Script Blocking features, please disable these as well. A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit.A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.Post back the Combofix log on your next reply.STEP 03You may have corrupted files on your disk. Please try running the following.First close ALL Applications as this routine will automatically restart your computer.Click on START - RUN and copy / paste the following entry into the box and click OKCMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30 Link to post Share on other sites More sharing options...
noobJ Posted April 16, 2010 Author ID:233939 Share Posted April 16, 2010 Ok, I backed up my registry again using ERUNT, then ran combofix again using the new CFScript.txt, here is the log:ComboFix 10-04-15.05 - Val 04/16/2010 12:44:41.3.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.538 [GMT -4:00]Running from: c:\documents and settings\Val\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Val\Desktop\CFscript.txtAV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}.((((((((((((((((((((((((( Files Created from 2010-03-16 to 2010-04-16 ))))))))))))))))))))))))))))))).2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k72010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k62010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k52010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k42010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k32010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k22010-04-16 07:00 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k12010-04-16 07:00 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k02010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents\\Webshit\\setupxv.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\AIM6\\aim6.exe"=R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160]R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652]R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]S0 lwctth;lwctth;c:\windows\system32\drivers\sjlimgl.sys --> c:\windows\system32\drivers\sjlimgl.sys [?]S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]tapisrv REG_MULTI_SZ Tapisrv.Contents of the 'Scheduled Tasks' folder2010-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]..------- Supplementary Scan -------.uStart Page = hxxp://www.pogo.com/home/home.domStart Page = hxxp://ca.yahoo.comuSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000LSP: c:\windows\system32\VetRedir.dllTrusted Zone: pogo.com\wwwDPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dllDPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dllFF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-04-16 12:58Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1064)c:\windows\system32\UmxWnp.Dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll- - - - - - - > 'lsass.exe'(1332)c:\windows\system32\VetRedir.dllc:\windows\system32\ISafeIf.dll- - - - - - - > 'explorer.exe'(3552)c:\windows\system32\WININET.dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2010-04-16 13:07:40ComboFix-quarantined-files.txt 2010-04-16 17:07ComboFix2.txt 2010-04-16 04:32ComboFix3.txt 2010-04-10 00:10Pre-Run: 51,863,126,016 bytes freePost-Run: 51,825,545,216 bytes free- - End Of File - - B0CFF26F6F2AEFCFA7E425F22E9EE0C0Then I ran your CHKDSK routine, when it was done and the system was booting up again, a screen appeared that said "The volume is clean" Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 19, 2010 Root Admin ID:235294 Share Posted April 19, 2010 Please download a new version of Combofix and overwrite the current one on your desktop and run the following.Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank linesDriver::lwctthFile::c:\windows\system32\drivers\sjlimgl.sysOpen a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Disable your Antivirus software. If it has Script Blocking features, please disable these as well. A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit.A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.Post back the Combofix log on your next reply. Link to post Share on other sites More sharing options...
noobJ Posted April 19, 2010 Author ID:235338 Share Posted April 19, 2010 I downloaded the new version of ComboFix but it wouldn't let me overwrite the old one, said it was a read only file, so I renamed the old one, wasn't sure if I could just delete it or not.Here is the ComboFix log:ComboFix 10-04-17.07 - Val 04/19/2010 1:49.4.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.600 [GMT -4:00]Running from: c:\documents and settings\Val\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Val\Desktop\CFscript.txtAV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}FILE ::"c:\windows\system32\drivers\sjlimgl.sys".((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_lwctth((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 ))))))))))))))))))))))))))))))).2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k72010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k62010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k52010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k42010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k32010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k22010-04-19 06:05 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k12010-04-19 06:05 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k02010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-18 17:59 . 2007-11-11 23:37 -------- d-----w- c:\program files\MSBuild2010-02-18 17:59 . 2010-02-18 17:59 -------- d-----w- c:\program files\Reference Assemblies2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents\\Webshit\\setupxv.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\AIM6\\aim6.exe"=R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160]R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]tapisrv REG_MULTI_SZ Tapisrv.Contents of the 'Scheduled Tasks' folder2010-04-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]..------- Supplementary Scan -------.uStart Page = hxxp://www.pogo.com/home/home.domStart Page = hxxp://ca.yahoo.comuSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000LSP: c:\windows\system32\VetRedir.dllTrusted Zone: pogo.com\wwwDPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dllDPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dllFF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-04-19 02:08Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(460)c:\windows\system32\UmxWnp.Dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll- - - - - - - > 'lsass.exe'(516)c:\windows\system32\VetRedir.dllc:\windows\system32\ISafeIf.dll- - - - - - - > 'explorer.exe'(3848)c:\windows\system32\WININET.dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\webcheck.dllc:\windows\system32\IEFRAME.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Lavasoft\Ad-Aware\AAWService.exec:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exec:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exec:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exec:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exec:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exec:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exec:\program files\Dell Support Center\bin\sprtsvc.exec:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exec:\program files\Viewpoint\Common\ViewpointService.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\wbem\unsecapp.exec:\windows\system32\wscntfy.exec:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exec:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exec:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exec:\program files\CA\CA Internet Security Suite\ccprovsp.exec:\program files\Lavasoft\Ad-Aware\AAWTray.exe.**************************************************************************.Completion time: 2010-04-19 02:24:04 - machine was rebootedComboFix-quarantined-files.txt 2010-04-19 06:23ComboFix2.txt 2010-04-16 17:07ComboFix3.txt 2010-04-16 04:32ComboFix4.txt 2010-04-10 00:10Pre-Run: 51,833,638,912 bytes freePost-Run: 52,484,857,856 bytes free- - End Of File - - 5228EB92DE15F2B7B1F28308EC49ACC2Not sure if this is anything to worry about or not, WinPatrol popped up just now saying there was a change in my HOSTS file....this is what was in the notepad:127.0.0.1 localhost Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 19, 2010 Root Admin ID:235826 Share Posted April 19, 2010 The entry for 127.0.0.1 localhost is correct and you should allow it.Please run the following. It will make changes to the registry, please allow the change if WinPatrol says anything.Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank linesRegistry::[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]"DisableMonitoring"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]"DisableMonitoring"=dword:00000000FileLook::C:\WINDOWS\system32\drivers\etc\hostsOpen a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Disable your Antivirus software. If it has Script Blocking features, please disable these as well. A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit.A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.Post back the Combofix log on your next reply. Link to post Share on other sites More sharing options...
noobJ Posted April 20, 2010 Author ID:235927 Share Posted April 20, 2010 A weird thing happened when ComboFix finished, I re-enabled my AV as usual and opened up my browser to post my log. It gave me the message about Firefox not being my default browser, which is normal, but after I clicked "yes" to make it my default browser, my computer froze completely, I had to power it down as nothing would respond to my mouse. When I booted it up again, I got the message again about my default browser and my home page didn't load, there was just a tab that said "Session Manager Loading" but my PC wasn't doing anything (no drive light or CPU activity showing on the Speed Up My PC icon in the system tray). Not sure if this has anything to do with what we're working on or not. Anyway, here is the ComboFix log:ComboFix 10-04-18.04 - Val 04/19/2010 21:36:15.5.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.669 [GMT -4:00]Running from: c:\documents and settings\Val\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Val\Desktop\CFscript.txtAV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}.((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 ))))))))))))))))))))))))))))))).2010-04-16 03:53 . 2010-04-16 03:53 -------- d-----w- c:\program files\ERUNT2010-04-14 18:43 . 2010-04-14 19:27 -------- d-----w- C:\Lop SD2010-03-31 17:45 . 2010-03-31 17:45 -------- d-----w- c:\documents and settings\Val\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-31 17:44 . 2010-03-31 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-03-31 17:44 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-31 17:44 . 2010-03-31 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k72010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k62010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k52010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k42010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k32010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k22010-04-19 07:09 . 2007-11-11 23:06 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k12010-04-19 07:09 . 2007-11-11 23:06 551670 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k02010-04-15 08:34 . 2007-11-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-04-13 19:00 . 2005-08-16 12:48 -------- d-----w- c:\program files\Common Files\Java2010-04-13 18:57 . 2008-12-16 18:26 411368 ----a-w- c:\windows\system32\deploytk.dll2010-04-13 18:57 . 2005-08-16 12:48 -------- d-----w- c:\program files\Java2010-04-13 17:34 . 2005-11-22 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-04-13 17:28 . 2009-10-12 22:40 -------- d-----w- c:\program files\CCleaner2010-03-14 05:48 . 2010-03-14 05:48 503808 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcp71.dll2010-03-14 05:48 . 2010-03-14 05:48 348160 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\msvcr71.dll2010-03-14 05:48 . 2010-03-14 05:48 499712 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d431812-n\jmc.dll2010-03-14 05:47 . 2010-03-14 05:47 61440 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-sse.dll2010-03-14 05:47 . 2010-03-14 05:47 12800 ----a-w- c:\documents and settings\Val\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ed455dd-n\decora-d3d.dll2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll2010-03-08 19:33 . 2005-09-10 14:12 103464 ----a-w- c:\documents and settings\Val\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-03-06 07:27 . 2009-06-20 05:58 566648 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe2010-03-06 07:27 . 2009-06-20 05:58 567144 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe2010-03-06 07:27 . 2009-06-20 05:57 2357064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe2010-03-06 07:26 . 2009-06-20 05:57 524632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe2010-03-06 07:26 . 2009-06-20 05:57 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe2010-02-25 06:24 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll2010-02-24 13:11 . 2005-08-16 12:28 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-02-17 13:10 . 2004-08-10 17:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe2010-02-17 02:40 . 2010-02-17 02:40 17299889 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24c36_4_0_1.0.14.19.exe2010-02-17 02:27 . 2010-02-17 02:27 1988872 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_244e7_0_0_1011.exe2010-02-17 02:26 . 2010-02-17 02:23 1139600 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_24cb5_1_1_1001.exe2010-02-17 02:25 . 2010-02-17 02:25 1043184 ----a-w- c:\documents and settings\Val\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25605_1_0_1006.exe2010-02-16 13:25 . 2004-08-04 03:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe2010-02-15 02:01 . 2010-02-15 02:01 70984 ----a-w- c:\documents and settings\Val\g2mdlhlpx.exe2010-02-14 05:00 . 2010-02-14 05:00 30976 ----a-w- c:\windows\rascntrl.dll2010-02-14 05:00 . 2010-02-14 05:00 23104 ----a-w- c:\windows\system32\svcprmpt.dll2010-02-14 05:00 . 2010-02-14 05:00 16384 ----a-w- c:\windows\system32\msdrve.dll2010-02-14 05:00 . 2010-02-14 05:00 10816 ----a-w- c:\windows\vmoptver.dll2010-02-12 04:33 . 2004-08-10 17:50 100864 ----a-w- c:\windows\system32\6to4svc.dll2010-02-11 12:02 . 2004-08-10 17:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys2010-01-29 19:23 . 2010-01-29 19:23 609280 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\C23D6EEF7F9C2C2548D5138966622E6E.exe2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll2009-11-14 22:11 . 2009-11-14 22:11 56 --sh--r- c:\windows\system32\9B0176E0FA.sys2009-11-14 22:11 . 2009-11-14 22:11 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe.(((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))).--- c:\windows\system32\drivers\etc\hosts ---Company: ------File Description: ------File Version: ------Product Name: ------Copyright: ------Original Filename: ------File size: 27Created time: 2004-08-10 17:51Modified time: 2010-04-19 06:07MD5: 6A4029CFF35FD4BA34C001C1ED5D9945SHA1: DB23360218B3BC39606394836768B13B43BB6FC7((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-04-02 9442584][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-11-11 14088]"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]"WinPatrol"="c:\documents\Webshit\WinPatrol\winpatrol.exe" [2005-06-06 106496]"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]2001-08-09 21:06 45056 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]2009-11-29 18:52 126976 ----a-w- c:\windows\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2005-05-12 03:12 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2009-11-29 18:52 155648 ----a-w- c:\windows\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents\\Webshit\\setupxv.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\AIM6\\aim6.exe"=R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2009 3:28 AM 64160]R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1029456]R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2009 12:17 AM 24652]R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 10:10 PM 189704]S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/27/2009 3:17 PM 85504][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]tapisrv REG_MULTI_SZ Tapisrv.Contents of the 'Scheduled Tasks' folder2010-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:27]2010-03-27 c:\windows\Tasks\CAAntiSpywareScan_Daily as Val at 4 00 AM.job- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]..------- Supplementary Scan -------.uStart Page = hxxp://www.pogo.com/home/home.domStart Page = hxxp://ca.yahoo.comuSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000LSP: c:\windows\system32\VetRedir.dllTrusted Zone: pogo.com\wwwDPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dllDPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dllFF - ProfilePath - c:\documents and settings\Val\Application Data\Mozilla\Firefox\Profiles\v7nm513q.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-04-19 21:50Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(304)c:\windows\system32\UmxWnp.Dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll- - - - - - - > 'lsass.exe'(596)c:\windows\system32\VetRedir.dllc:\windows\system32\ISafeIf.dll- - - - - - - > 'explorer.exe'(2904)c:\windows\system32\WININET.dllc:\program files\CA\SharedComponents\PPRT\bin\CACheck.dllc:\program files\CA\SharedComponents\PPRT\bin\CAHook.dllc:\program files\CA\SharedComponents\PPRT\bin\CAServer.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2010-04-19 21:59:36ComboFix-quarantined-files.txt 2010-04-20 01:59ComboFix2.txt 2010-04-19 06:24ComboFix3.txt 2010-04-16 17:07ComboFix4.txt 2010-04-16 04:32ComboFix5.txt 2010-04-20 01:32Pre-Run: 51,672,240,128 bytes freePost-Run: 51,636,817,920 bytes free- - End Of File - - B44F0625BFEC9D0160EF5D9310A2094A Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 21, 2010 Root Admin ID:236558 Share Posted April 21, 2010 Please temporarily disable WinPatrol and reboot the computer.Then run the following.Windows XP:Click on Start and select Control PanelOpen Add/Remove ProgramsUninstall Malwarebytes' Anti-MalwareRestart your computer very importantDownload and run mbam-clean.exe from here It will ask to restart your computer, please allow it to do so very importantAfter the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from hereNote: You will need to reactivate the program using the license you were sent via email if using the Pro versionLaunch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.Restart the computer and see if you can now update MBAM. Link to post Share on other sites More sharing options...
noobJ Posted April 21, 2010 Author ID:236615 Share Posted April 21, 2010 I followed all your instructions until it came to setting up file exclusions for my firewall, I tried twice but when I open my firewall and try to go anywhere but the overview page, it just hangs until it stops responding altogether and then I have to close it with the task manager. I was, however, able to add exclusions for AV & Anti-spyware on demand and real-time scanners. I rebooted again and tried to update, but got the same error message. I then disabled my firewall, which I can do from a right click on the icon in the system tray, and then I could update MBAM. I now have database version 4014 instead of 3930, should I run it? Are we done? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 21, 2010 Root Admin ID:236617 Share Posted April 21, 2010 Well maybe try uninstalling your firewall and then reinstall it again. If it won't allow you to change it then I'd really suggest changing firewalls. Link to post Share on other sites More sharing options...
noobJ Posted April 21, 2010 Author ID:236619 Share Posted April 21, 2010 I don't know how to do that, it is part of a suite, and I have been thinking that it is too heavy for my system and that maybe I should replace the whole thing. I have kept it so long because I get the full version for free, but it would appear that there are many good free replacements out there now that would be lighter for my system. Do you have any recommendations? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 21, 2010 Root Admin ID:236671 Share Posted April 21, 2010 Please see the post here from Exile360http://forums.malwarebytes.org/index.php?s...st&p=236623Let me know what you want to do, but at this time your system appears to be free from Malware. Link to post Share on other sites More sharing options...
noobJ Posted April 21, 2010 Author ID:237096 Share Posted April 21, 2010 I think, for now, I will uninstall and re-install my CA Internet Security Suite, while I research and decide what combination of free security software will work the best for my internet habits and allow me to feel secure, because if I am scared to go on the internet, then my computer is basically useless. Thank you so much for all of your assistance, I really do appreciate it. Is there anything else I need to do or know before you close the topic? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 22, 2010 Root Admin ID:237122 Share Posted April 22, 2010 Nope we should be done here now. I'll leave you with this link though for reference and assistance as well and go ahead and close your post.So how did I get infected in the first place? Link to post Share on other sites More sharing options...
Recommended Posts