Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My virus scanner stopped working [Solved]


  • This topic is locked This topic is locked

#1
Maengar

Maengar

    Member

  • Member
  • PipPip
  • 16 posts
i use AVG Antivirus software.
I noticed it stopped doing its automatic scanning on monday
I tried to do a manual scan and it would not let me

I ran hijack this and it stopped minway thru the scan
When I try to start it again it says "Windows cannot access the specified device, path or file. You may not have the appropratepermissions to access the item."

This is my home computer and I am logged as administrator.

Then, I downloaded malwarebyte and it did the same thing.

Other symtoms I am having is that google search sends me to the wrong places.

Can you help me?
  • 0

Advertisements


#2
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello! :) Welcome to GeekstoGo! I'm piano9playa5 and will be assisting you with your malware problems. If you have any questions, ask away! Just a few tips to make things go smoothly:
  • Please be patient. There may be delays in between my posts, as I must check everything with a moderator before posting.
  • Don't run tools you see being used in another topic. Running tools unsupervised can be dangerous.
  • Copy\Paste logs in your replies, rather than attaching them, unless I instruct you to do otherwise. This makes things easier for me, and the moderator looking over this topic.

I'll post back some instructions shortly.
  • 0

#3
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello :) Sorry for the delay. Give this a shot:

You must use Internet Explorer to download this!

Please download Combofix from any of the links below. You must rename it before saving.
Please rename it to svchost.com before saving it to your desktop.

Download Link #1
Download Link #2


=================================
You can refer to this diagram of the Save As... dialogue if necessary:

Posted Image

You will need to change the "Save as type:" to All Files.

==================================


Double click on svchost and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • 0

#4
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for your help.
Ran ComboFix as you instructed.
This is all the report says:

ComboFix 09-10-17.01 - Jennifer 10/18/2009 11:21:31.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.480.19 [GMT -4:00]
Running from: C:\Documents and Settings\Jennifer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
  • 0

#5
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello. :)


STEP 1
Download Win32kDiag from any of the following locations and save it to your Desktop.

Link 1
Link 2
Link 3

  • Double-click on Win32kDiag to start the program.
  • When finished (message will show), press any key to close it.
  • Open the Win32kDiag.txt now on your Desktop and copy\paste the contents back here.




STEP 2
Please delete ComboFix from you desktop before proceeding. You really need to rename the file this time!

You must use Internet Explorer to download this!
  • Please download Combofix from any of the links below. You must rename it before saving.
    Please rename it to svchost.com before saving it to your desktop.

    Download Link #1
    Download Link #2

  • Once you click on one of the download links, the following dialogue should pop up. Click Save.

    Posted Image

  • Then, the Save As... dialogue will pop up. Use the following information, along with the diagram below it to fill it out.
    Click Save once the information is correct.

  • On the Save In: click on the drop-down menu and select Desktop
  • In File Name: type in svchost.com
  • In Save as Type: use the drop-down menu to change it to All Files

Posted Image

==================================


Double click on svchost and follow the prompts.
  • When finished (it will take some time), it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Edited by piano9playa5, 18 October 2009 - 01:56 PM.

  • 0

#6
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I can't do that
my computer now will not access the internet and I have no start menu.
I am really aggravated.
I followed your instructions to the letter, by the way.
  • 0

#7
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I ran win32kdiag.exe by copying to a flash drive
here is the txt file:

Running from: G:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Jennifer\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\System.EnterpriseServices

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\IEExecRemote

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12E.tmp\ZAP12E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24D.tmp\ZAP24D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AC.tmp\ZAP2AC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP35F.tmp\ZAP35F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43B.tmp\ZAP43B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\BinFiles\BinFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\Downloaded Installations

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\inf\MEDIAINF\MEDIAINF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\network diagnostic\Sqm\Sqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\NKCCDViewerSetting\cddata\cddata

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
  • 0

#8
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i ran combofix from a flash drive..changed the name when i saved it to the flash drive
it says i have a rootkit virus.
I tried to fix eventlog.dll
but it rebooted and then flashed on and off.
There was no log file.

I got my start bar back..it was just hidden
the internet connection is gone.
  • 0

#9
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello. Nicely done with the Flashdrive tactic! :) Use it as necessary.


STEP 1
  • Please go to Start > Run
  • Copy\Paste the following into the dialogue:

    "%userprofile%\desktop\win32kdiag.exe" -f -r
  • Click Ok
  • Once done, there should be a file, Win32kDiag.txt on your Desktop.
  • Open it, and post the contents here.




STEP 2
Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



STEP 3
Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll

  • Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

NOTES:
  • If OTL fails to run, do the following and try again:
    • Go to Start > All Programs > Accessories > System Tools > Command Prompt
    • Copy\Paste the following command into the Command Prompt:

      ren "%userprofile%\desktop\OTL.exe" "OTL.com"

    • Hit ENTER
    • Close the Command Prompt.
  • If the Notepad files won't open, attach them instead.



STEP 4
Please post back the following logs:
Win32kDiag.txt
RootRepeal.txt
OTListIt.txt
Extras.txt

  • 0

#10
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
okay
I got wind32kdiag and combofix to give me complete log files.
here they are.

I will run the other programs and give you results.

Running from: G:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Jennifer\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\System.EnterpriseServices

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\IEExecRemote

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12E.tmp\ZAP12E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24D.tmp\ZAP24D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AC.tmp\ZAP2AC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP35F.tmp\ZAP35F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43B.tmp\ZAP43B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\BinFiles\BinFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\Downloaded Installations

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\inf\MEDIAINF\MEDIAINF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\network diagnostic\Sqm\Sqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\NKCCDViewerSetting\cddata\cddata

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SiSInf\SiSInf

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-10-02 14:01:57 25198016 C:\WINDOWS\system32\MRT.exe ()

[2] 2006-09-11 13:37:21 8960936 C:\System Volume Information\_restore{D839708B-656B-494B-86E3-26468D92D9CC}\RP274\A0049458.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\svchost.exe

[1] 2008-04-13 20:12:36 14336 C:\WINDOWS\ServicePackFiles\i386\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:36 14336 C:\WINDOWS\system32\svchost.exe ()



Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^



Finished!







ComboFix 09-10-18.02 - Jennifer 10/19/2009 6:35.5.1 - NTFSx86
Running from: G:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Steven\err.log
c:\windows\win32k.sys

c:\windows\system32\eventlog.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_6to4
-------\Legacy_isapeep
-------\Service_isapeep
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-18 23:39 . 2009-10-19 00:25 0 ----a-r- c:\windows\win32k.sys
2009-10-16 22:42 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-16 22:42 . 2009-10-16 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 22:42 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-16 03:18 . 2009-10-16 03:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-15 21:09 . 2009-10-15 21:09 -------- d-----w- c:\documents and settings\Jennifer\Application Data\Malwarebytes
2009-10-15 21:09 . 2009-10-15 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-20 23:11 . 1994-09-21 04:00 92208 ------w- c:\windows\system32\WING.DLL
2009-09-20 23:11 . 1994-09-21 04:00 6736 ------w- c:\windows\system32\WINGDIB.DRV
2009-09-20 23:11 . 1994-09-21 04:00 12800 ------w- c:\windows\system32\WING32.DLL
2009-09-20 23:11 . 1994-08-24 04:00 188960 ------w- c:\windows\system32\WINGDE.DLL
2009-09-20 22:04 . 1994-09-21 04:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV
2009-09-20 22:03 . 1994-09-21 04:00 92208 ----a-w- c:\windows\system\WING.DLL
2009-09-20 22:03 . 1994-09-21 04:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-09-20 22:03 . 1994-08-24 04:00 188960 ----a-w- c:\windows\system\WINGDE.DLL
2009-09-20 22:03 . 1994-08-09 15:56 44464 ----a-w- c:\windows\system\D2HTOOLS.DLL
2009-09-20 22:03 . 1993-11-23 23:52 21008 ----a-w- c:\windows\system\CTL3D.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 10:14 . 2009-05-29 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-16 03:49 . 2007-12-29 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-07 12:07 . 2006-09-23 13:45 -------- d-----w- c:\program files\Verizon
2009-09-21 11:05 . 2005-04-18 21:04 63896 ----a-w- c:\documents and settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 23:40 . 2009-09-18 23:39 -------- d-----w- c:\documents and settings\Jennifer\Application Data\Costco Photo Viewer US
2009-09-16 11:57 . 2006-09-26 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-09-16 11:51 . 2009-09-16 11:47 -------- d-----w- c:\program files\Common Files\Motive
2009-09-16 11:48 . 2006-11-19 18:39 -------- d-----w- c:\documents and settings\Jennifer\Application Data\Motive
2009-08-27 12:47 . 2009-05-29 21:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-27 12:47 . 2009-05-29 21:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 12:47 . 2009-05-29 21:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-21 20:50 . 2009-08-21 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2002-12-12 08:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 16:25 . 2009-08-28 16:30 77312 ----a-w- c:\windows\DEVCON.EXE
2009-07-29 04:37 . 2004-03-08 18:36 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-03-08 18:36 81920 ----a-w- c:\windows\system32\fontsub.dll
2007-03-26 01:05 . 2007-03-26 01:06 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-05-09 23:41 . 2005-05-09 23:41 39424 --sh--r- c:\windows\system32\shdocpl.dll
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-03 2023704]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\Logi_MwX.Exe [2003-07-29 19968]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2004-07-14 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-27 12:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\AOE2\\empires2.exe"=
"d:\\Program Files\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-27 908056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-12 278528]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-27 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-29 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-27 297752]
S2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-13 86098]
S3 HSFHWSIS;HSFHWSIS;c:\windows\system32\DRIVERS\HSFHWSIS.sys [2003-06-15 175744]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2003-07-29 15126]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2007-04-25 18944]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2007-04-11 17920]
S3 SMSCMS;SMSC LPC Memory Stick Host Controller;c:\windows\system32\DRIVERS\SMSCMS.sys [2004-01-29 58624]

.
Contents of the 'Scheduled Tasks' folder

2004-09-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-03-08 00:12]

2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{C71330FF-3D32-4CDC-877B-2A4D8C7B5123}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uDefault_Search_URL =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - http://edits.mywebse...arch.jhtml?p=ZK
IE: E&xport to Microsoft Excel - d:\progra~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Steph\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: 63.219.181.7
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 07:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Sony\vaio media integrated server\Video\GPVSvr.exe
c:\program files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
c:\program files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
c:\program files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
c:\program files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
c:\combofix\CF31006.exe
c:\program files\Sony\usbsircs\USBsircs.exe
c:\program files\Sony\VAIO Action Setup\VAServ.exe
c:\windows\system32\PELMICED.EXE
.
**************************************************************************
.
Completion time: 2009-10-19 7:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 11:35

Pre-Run: 1,699,958,784 bytes free
Post-Run: 1,689,788,416 bytes free

- - End Of File - - 06FAB545BD6324A5A55D6F0285CC4C22
  • 0

Advertisements


#11
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
rootrepeal will not run. it gives me an error..insufficient virtual memory.

Here are other log files:

Running from: G:\win32kdiag.exe

Log file at : C:\Documents and Settings\Jennifer\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

Cannot access: C:\WINDOWS\system32\svchost.exe

Attempting to restore permissions of : C:\WINDOWS\system32\svchost.exe



Finished!

OTL logfile created on: 10/20/2009 6:25:08 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.53 Mb Total Physical Memory | 129.97 Mb Available Physical Memory | 27.10% Memory free
1.17 Gb Paging File | 0.92 Gb Available in Paging File | 78.19% Paging File free
Paging file location(s): C:\pagefile.sys 800 850 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.60 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
Drive D: | 167.33 Gb Total Space | 67.74 Gb Free Space | 40.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 247.22 Mb Total Space | 184.36 Mb Free Space | 74.57% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICKERT-1
Current User Name: Jennifer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 17:15:58 | 00,521,216 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2009/08/27 08:47:33 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/27 08:47:23 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/27 08:46:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/10 14:57:18 | 01,553,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2008/12/10 01:12:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/04/11 13:13:04 | 00,151,552 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelmiced.exe
PRC - [2006/04/24 14:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/07/14 15:36:54 | 00,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ICO.EXE
PRC - [2004/03/12 20:32:38 | 00,086,098 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
PRC - [2004/02/25 08:22:06 | 00,737,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
PRC - [2004/02/25 08:12:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
PRC - [2003/10/30 15:48:10 | 01,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
PRC - [2003/10/06 23:26:10 | 00,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\usbsircs\usbsircs.exe
PRC - [2003/07/28 21:12:18 | 00,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Logi_MwX.Exe
PRC - [2003/02/17 01:35:06 | 00,053,248 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
PRC - [2002/08/20 14:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\System32\ezSP_Px.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (SymWSC [Auto | Stopped])
SRV - [2009/08/27 08:46:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/08/27 08:46:23 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Stopped])
SRV - [2009/02/20 13:52:23 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Stopped])
SRV - [2008/12/10 01:12:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:36 | 00,014,336 | ---- | M] () -- C:\WINDOWS\System32\svchost.exe -- (AppMgmt [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
SRV - [2006/04/24 14:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/01/20 14:48:06 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi [Auto | Stopped])
SRV - [2005/05/04 00:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS [Disabled | Stopped])
SRV - [2005/05/03 22:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2005/05/03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS [Disabled | Stopped])
SRV - [2004/03/12 20:33:54 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service [On_Demand | Stopped])
SRV - [2004/03/12 20:32:38 | 00,086,098 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service [Auto | Running])
SRV - [2004/03/12 20:11:34 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2004/03/12 19:57:42 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter [On_Demand | Stopped])
SRV - [2004/03/12 15:20:34 | 01,691,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [Auto | Stopped])
SRV - [2004/03/05 16:35:34 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2004/02/25 08:22:06 | 00,737,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP [Auto | Running])
SRV - [2004/02/25 08:22:06 | 00,737,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [Auto | Running])
SRV - [2004/02/25 08:12:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP [Auto | Running])
SRV - [2004/02/25 08:12:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [Auto | Running])
SRV - [2003/12/09 09:38:14 | 00,065,625 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2003/12/09 09:32:58 | 00,065,622 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2003/12/05 16:32:56 | 00,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\shwserv.exe -- (Giga Pocket Hardware Detector [Auto | Stopped])
SRV - [2003/12/05 16:32:06 | 00,090,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe -- (Sony TV Tuner Manager [On_Demand | Stopped])
SRV - [2003/10/30 15:48:10 | 01,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer [Auto | Running])
SRV - [2003/09/25 16:38:56 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\halsv.exe -- (Sony TV Tuner Controller [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/05/30 17:55:31 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; FunWebProducts; Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk = C:\Program Files\sony\usbsircs\usbsircs.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steph\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 63.219.181.7 ([]http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163367750046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/...tall/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - .Trashes [2008/11/03 13:08:10 | 00,000,000 | -H-D | M]
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/20 17:10:50 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\svchost.exe ()
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/15 17:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/15 17:09:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\Malwarebytes
[2009/10/16 18:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 10:33:45 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/18 10:31:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/18 10:31:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/18 10:31:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/18 10:31:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/18 10:30:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/18 10:29:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/16 18:42:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/16 18:42:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/16 18:15:49 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jennifer\Desktop\mbam-setup.exe
[2007/03/25 21:06:02 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2009/10/20 06:18:22 | 00,002,313 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Microsoft Office Word 2007.lnk
[2009/10/20 06:11:08 | 00,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/19 07:28:36 | 00,000,451 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/19 07:28:17 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/18 20:25:49 | 00,000,000 | R--- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/18 11:58:00 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C71330FF-3D32-4CDC-877B-2A4D8C7B5123}.job
[2009/10/18 11:42:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 11:39:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 10:34:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/17 17:54:49 | 43,179,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/16 18:16:58 | 04,236,152 | -H-- | M] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\IconCache.db
[2009/10/16 18:16:00 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jennifer\Desktop\mbam-setup.exe
[2009/10/16 08:35:14 | 00,033,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/16 00:18:45 | 00,002,275 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Microsoft Office Excel 2007.lnk
[2009/10/16 00:01:56 | 00,527,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/16 00:01:56 | 00,459,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/16 00:01:56 | 00,078,880 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 17:00:35 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Jennifer\My Documents\SLR 2009 - Applelicious.xlsx
[2009/10/14 09:10:52 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/14 09:10:51 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/11 22:35:08 | 00,015,179 | ---- | M] () -- C:\Documents and Settings\Jennifer\My Documents\SLR 2008 - Applelicious.xlsx
[2009/10/11 21:03:38 | 00,315,904 | ---- | M] () -- C:\WINDOWS\System32\~.exe.xxx
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/07 09:04:27 | 00,012,537 | ---- | M] () -- C:\Documents and Settings\Jennifer\My Documents\scrapbook info.xlsx

========== Files - No Company Name ==========
[2009/10/18 19:39:27 | 00,000,000 | R--- | C] () -- C:\WINDOWS\win32k.sys
[2009/10/18 10:34:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/18 10:34:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/18 10:31:02 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/18 10:31:02 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/18 10:31:02 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/18 10:31:02 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/11 21:03:37 | 00,315,904 | ---- | C] () -- C:\WINDOWS\System32\~.exe.xxx
[2009/10/08 07:59:01 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Jennifer\My Documents\SLR 2009 - Applelicious.xlsx
[2009/09/20 19:11:53 | 00,000,253 | ---- | C] () -- C:\WINDOWS\Creator.INI
[2009/09/20 18:03:23 | 00,000,035 | ---- | C] () -- C:\WINDOWS\SIMTOWN.INI
[2009/06/30 19:34:04 | 04,236,152 | -H-- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\IconCache.db
[2009/04/25 14:08:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2008/01/05 02:59:25 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/01/05 02:58:04 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/05 02:58:04 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/12/09 21:58:34 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/06/08 06:59:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/05/20 18:36:10 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/05/20 17:10:50 | 00,000,347 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/04/26 23:13:04 | 00,001,080 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/17 20:51:57 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/03/24 18:13:29 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Caesar2.ini
[2007/02/12 14:33:26 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/14 17:37:33 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/25 22:32:00 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/09/10 15:20:55 | 00,000,331 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2005/08/07 16:01:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/02 23:11:06 | 00,000,011 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/07/23 12:34:19 | 00,000,020 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/05/09 19:41:05 | 00,039,424 | RHS- | C] () -- C:\WINDOWS\System32\shdocpl.dll
[2005/04/18 17:04:59 | 00,063,896 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/09/15 20:37:38 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/09/15 19:42:55 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/09/15 19:40:38 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/09/15 19:40:38 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/09/15 19:36:47 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSON RX500 Installer.ini
[2004/09/15 12:46:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jennifer\Application Data\desktop.ini
[2004/05/20 18:08:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/20 18:08:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/20 18:08:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/20 18:08:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/20 18:08:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/20 18:08:07 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/20 18:03:05 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2004/05/20 18:02:07 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/09 18:53:25 | 00,000,903 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/09 18:50:59 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/03/09 18:46:27 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/03/08 23:50:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/08 18:11:51 | 00,034,403 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/03/08 18:11:51 | 00,016,558 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/03/08 18:07:51 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/03/08 17:09:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/08 15:49:01 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/08 14:36:51 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2004/03/08 14:36:50 | 00,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/08 14:36:37 | 00,000,839 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/03/08 14:36:35 | 00,000,451 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/08 14:36:19 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2004/03/08 07:40:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/08/12 12:58:40 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 12:58:32 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 12:58:22 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 12:58:20 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/06/12 16:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/12 11:58:20 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 11:57:18 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2001/06/30 16:12:16 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\BBJPeg.dll
[2000/12/07 11:13:58 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[1998/10/11 01:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/10/19 06:14:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/05/20 16:35:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/07/04 06:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2006/12/27 11:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2006/09/23 10:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2009/09/16 07:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2006/09/23 10:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/07/06 19:11:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/02/11 22:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/05/20 17:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2006/11/03 17:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2004/03/08 15:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/06/01 14:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2009/02/10 19:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/01 12:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/18 11:30:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jennifer\Application Data
[2004/09/15 22:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\ArcSoft
[2009/06/14 14:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\AVGTOOLBAR
[2009/09/18 19:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Costco Photo Viewer US
[2004/11/13 13:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Drag'n Drop CD+DVD
[2008/12/25 15:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\EPSON
[2009/04/01 20:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\ErrorFix
[2009/03/20 23:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\gtk-2.0
[2007/06/10 09:35:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\IMVU
[2009/03/20 23:31:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\InterVideo
[2006/07/16 09:49:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Leadertech
[2009/09/16 07:48:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Motive
[2008/04/28 10:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Move Networks
[2006/09/25 22:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\MSN6
[2006/09/25 22:08:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\MSNInstaller
[2008/03/20 22:49:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\pdf995
[2004/09/15 22:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Smart Panel
[2007/09/26 08:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\U3
[2006/09/23 21:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Verizon
[2007/01/25 12:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\WinAntiVirus Pro 2006
[2009/03/15 09:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Windows Search
[2009/04/01 22:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\yoclient
[2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/09/14 23:53:59 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2009/10/18 11:39:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/18 11:58:00 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C71330FF-3D32-4CDC-877B-2A4D8C7B5123}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/04/12 23:11:55 | 00,000,000 | RHS- | M] () -- C:\new.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\DtcInstall.log:jjyogc
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\_default.pif:laxsql
@Alternate Data Stream - 197755 bytes -> C:\WINDOWS\VAIOUpdt.INI:ncmhxo
@Alternate Data Stream - 197755 bytes -> C:\WINDOWS\desktop.ini:rifjea
@Alternate Data Stream - 197755 bytes -> C:\WINDOWS\_default.pif:szenwj
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\comsetup.log:yhnwkp
@Alternate Data Stream - 13581 bytes -> C:\WINDOWS\_default.pif:izuhbz
< End of report >

OTL Extras logfile created on: 10/20/2009 6:25:08 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.53 Mb Total Physical Memory | 129.97 Mb Available Physical Memory | 27.10% Memory free
1.17 Gb Paging File | 0.92 Gb Available in Paging File | 78.19% Paging File free
Paging file location(s): C:\pagefile.sys 800 850 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.60 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
Drive D: | 167.33 Gb Total Space | 67.74 Gb Free Space | 40.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 247.22 Mb Total Space | 184.36 Mb Free Space | 74.57% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICKERT-1
Current User Name: Jennifer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "D:\Program Files\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\AOE2\empires2.exe" = D:\AOE2\empires2.exe:*:Disabled:Age of Empires II -- (Microsoft Corporation)
"D:\Program Files\Office12\ONENOTE.EXE" = D:\Program Files\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008EF266-872C-4D71-9D9D-C4A9B9B733D7}" = PlayLinc
"{01AF4645-78E6-46C4-B528-54863679CC40}" = VAIO SLIT-C Screen Saver
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0D490016-5D01-4CB3-A037-55814AC63D2E}" = Giga Pocket Hardware Library 5.5
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.0
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{266AEE68-5718-4A31-BDD3-D356B1250C70}" = VAIO SLIT Pattern Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{30AD5099-00DA-4210-B5C2-BAF47B75232B}" = Vz In Home Agent
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.16
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{40ACEAF4-1EB2-45FC-90C3-6810700C0595}" = Verizon PC Security Checkup
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{48820099-ED7D-424B-890C-9A82EF00656C}" = VAIO Update 2
"{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}" = VAIO Remote Commander Utility 6.2
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5BA1BC54-9440-4D9E-AD1B-8A361684F9CE}" = Security Advisor
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}" = OpenMG Secure Module 3.4.00
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.0
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.02
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.0
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 2.0
"{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"{857343AD-9A00-4287-BF8B-F65C9633CA0C}" = MyCam CIF
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}" = Giga Pocket Demo Movie
"{98A3A654-3AEF-42D9-BA91-DE5815EA5897}" = Click to DVD 2.0 Menu Data
"{9DF095E1-8EC2-4892-8740-93769DB1E944}" = User Agent String Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6BFDF60-FD08-4EF9-8D26-B762A19DB9A0}" = Giga Pocket 5.5
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 1.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2444FA0-04AA-4221-B652-73713947ED22}" = Anti-Spyware
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D3386797-A836-4030-AB5D-4E89F2F15F33}" = Authentium
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}" = SonicStage MP3 Add-on program
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{EA7FC832-8133-46B4-B2CF-5A955326D309}" = Wireless Desktop
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins 1.0
"{EEDBE2DF-4141-44A9-8614-9832B16637E6}" = Mouse Suite
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires 2.0" = Microsoft Age of Empires II
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_816F104D" = SoftK56 Data Fax
"CONNECT" = CONNECT
"EPSON Printer and Utilities" = EPSON Printer Software
"Forte Agent" = Forté Agent
"FreeUndelete" = FreeUndelete
"HijackThis" = HijackThis 1.99.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE SecPlugin_is1" = IE SecPlugin 1.0
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"InterActual Player" = InterActual Player
"LEGO Creator" = LEGO Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"mr97310c_79b33283ba293e6c94e125bce27e0ecded0a2591" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWebSearch bar Uninstall" = My Web Search (Webfetti)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.4-03-12-16-01" = OpenMG Limited Patch 3.4-03-12-16-01
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0.0.13
"PCGen5141" = PCGen5141
"Pdf995" = Pdf995
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"Rp Scan and Clean {40ACEAF4-1EB2-45FC-90C3-6810700C0595}" = Verizon PC Security Checkup
"Silent Package Run-Time Sample" = EPSON SP RX500 Reference Guide
"SiS Compatible VGA V2.21a" = SiS Compatible VGA V2.21a
"The Game of Life - SpongeBob SquarePants Edition" = The Game of Life - SpongeBob SquarePants Edition
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon Online DSL_is1" = Verizon Online DSL
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZBB" = Verizon Broadband Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2009 8:43:30 AM | Computer Name = RICKERT-1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x033e9c5c.

Error - 6/30/2009 6:44:03 PM | Computer Name = RICKERT-1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 7/22/2009 7:05:03 PM | Computer Name = RICKERT-1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/22/2009 7:05:03 PM | Computer Name = RICKERT-1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/4/2009 6:44:06 PM | Computer Name = RICKERT-1 | Source = Application Error | ID = 1000
Description = Faulting application aranock-online.exe, version 1.0.0.0, faulting
module aranock-online.exe, version 1.0.0.0, fault address 0x0000b2ec.

Error - 8/27/2009 6:44:22 PM | Computer Name = RICKERT-1 | Source = Application Error | ID = 1000
Description = Faulting application aranock-online.exe, version 1.0.0.0, faulting
module aranock-online.exe, version 1.0.0.0, fault address 0x0000b2ec.

Error - 9/11/2009 1:21:53 PM | Computer Name = RICKERT-1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 9/22/2009 9:08:57 PM | Computer Name = RICKERT-1 | Source = Application Error | ID = 1000
Description = Faulting application LaunchCD.exe, version 0.0.0.0, faulting module
MSVCR71.dll, version 0.0.0.0, fault address 0x0001f0cb.

Error - 10/12/2009 6:33:39 PM | Computer Name = RICKERT-1 | Source = Application Error | ID = 1000
Description = Faulting application return of mercenaries.exe, version 1.0.0.0, faulting
module return of mercenaries.exe, version 1.0.0.0, fault address 0x0000b2f4.

Error - 10/15/2009 8:13:34 PM | Computer Name = RICKERT-1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ OSession Events ]
Error - 1/28/2008 2:36:39 AM | Computer Name = RICKERT-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 80
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/3/2008 1:42:39 PM | Computer Name = RICKERT-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3941
seconds with 780 seconds of active time. This session ended with a crash.

Error - 6/12/2008 8:42:42 AM | Computer Name = RICKERT-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1239
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/18/2009 12:05:54 PM | Computer Name = RICKERT-1 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/18/2009 12:05:55 PM | Computer Name = RICKERT-1 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/18/2009 12:06:02 PM | Computer Name = RICKERT-1 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/18/2009 12:08:37 PM | Computer Name = RICKERT-1 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/18/2009 12:08:39 PM | Computer Name = RICKERT-1 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/18/2009 12:08:44 PM | Computer Name = RICKERT-1 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/18/2009 12:09:05 PM | Computer Name = RICKERT-1 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service EventSystem with
arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/18/2009 6:02:38 PM | Computer Name = RICKERT-1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000003A'
while processing the file 'KB968389' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.

Error - 10/18/2009 7:35:12 PM | Computer Name = RICKERT-1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000003A'
while processing the file 'KB968389' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.

Error - 10/19/2009 6:44:48 AM | Computer Name = RICKERT-1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000003A'
while processing the file 'KB968389' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.


< End of report >
  • 0

#12
Onaipian

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello.


STEP 1
  • 1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


STEP 2
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    [2001/06/30 16:12:16 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\BBJPeg.dll
    [2009/10/18 19:39:27 | 00,000,000 | R--- | C] () -- C:\WINDOWS\win32k.sys
    [2009/10/11 21:03:37 | 00,315,904 | ---- | C] () -- C:\WINDOWS\System32\~.exe.xxx
    
    :Services
    
    :Reg
    
    :Files
    @C:\WINDOWS\DtcInstall.log:jjyogc
    @C:\WINDOWS\_default.pif:laxsql
    @C:\WINDOWS\VAIOUpdt.INI:ncmhxo
    @C:\WINDOWS\desktop.ini:rifjea
    @C:\WINDOWS\_default.pif:szenwj
    @C:\WINDOWS\comsetup.log:yhnwkp
    @C:\WINDOWS\_default.pif:izuhbz
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


STEP 3
Some questions for you:
  • How is the network problem doing? Do get any errors, or warnings?
  • How is the computer itself working?

Also, remember to post back C:\avenger.txt and the OTL results!
  • 0

#13
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
the computer is running but all the services have stopped.
The network does not run and i cannot create a new connection.
the printer doesnt work and i cannot add a new printer.
I cannot cut & paste.
I cannot do a system restore. It says reboot and try again.

I wanted to try to repair windows, but I dont have a CD...the windows xp software is in a directory on the hard drive.

Any help here would be appreciated.
  • 0

#14
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


OTL logfile created on: 10/21/2009 8:31:06 PM - Run 3
OTL by OldTimer - Version 3.0.21.0 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.53 Mb Total Physical Memory | 121.37 Mb Available Physical Memory | 25.31% Memory free
1.10 Gb Paging File | 0.83 Gb Available in Paging File | 75.78% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.64 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
Drive D: | 167.33 Gb Total Space | 67.74 Gb Free Space | 40.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 247.22 Mb Total Space | 183.02 Mb Free Space | 74.03% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICKERT-1
Current User Name: Jennifer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 17:15:58 | 00,521,216 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2009/08/27 08:47:33 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/27 08:46:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/10 14:57:18 | 01,553,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2008/12/10 01:12:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/10 01:12:04 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/04/11 13:13:04 | 00,151,552 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\Pelmiced.exe
PRC - [2006/04/24 14:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/07/14 15:36:54 | 00,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ICO.EXE
PRC - [2004/03/12 20:32:38 | 00,086,098 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
PRC - [2004/02/25 08:22:06 | 00,737,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
PRC - [2004/02/25 08:12:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
PRC - [2003/10/30 15:48:10 | 01,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
PRC - [2003/10/06 23:26:10 | 00,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\usbsircs\usbsircs.exe
PRC - [2003/07/28 21:12:18 | 00,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Logi_MwX.Exe
PRC - [2003/02/17 01:35:06 | 00,053,248 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
PRC - [2002/08/20 14:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\System32\ezSP_Px.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WSearch [Auto | Stopped])
SRV - File not found -- -- (winss [Auto | Stopped])
SRV - File not found -- -- (SymWSC [Auto | Stopped])
SRV - File not found -- -- (OneCareMP [Auto | Stopped])
SRV - File not found -- -- (OcHealthMon [Auto | Stopped])
SRV - File not found -- -- (msfwsvc [Auto | Stopped])
SRV - [2009/08/27 08:46:43 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/08/27 08:46:23 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Stopped])
SRV - [2009/02/20 13:52:23 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Stopped])
SRV - [2008/12/10 01:12:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
SRV - [2006/04/24 14:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/01/20 14:48:06 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi [Auto | Stopped])
SRV - [2005/05/04 00:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS [Disabled | Stopped])
SRV - [2005/05/03 22:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2005/05/03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS [Disabled | Stopped])
SRV - [2004/03/12 20:33:54 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service [On_Demand | Stopped])
SRV - [2004/03/12 20:32:38 | 00,086,098 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -- (VAIO Entertainment File Import Service [Auto | Running])
SRV - [2004/03/12 20:11:34 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2004/03/12 19:57:42 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -- (VAIO Entertainment UPnP Client Adapter [On_Demand | Stopped])
SRV - [2004/03/12 15:20:34 | 01,691,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [Auto | Stopped])
SRV - [2004/03/05 16:35:34 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2004/02/25 08:22:06 | 00,737,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP [Auto | Running])
SRV - [2004/02/25 08:22:06 | 00,737,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [Auto | Running])
SRV - [2004/02/25 08:12:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP [Auto | Running])
SRV - [2004/02/25 08:12:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [Auto | Running])
SRV - [2003/12/09 09:38:14 | 00,065,625 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2003/12/09 09:32:58 | 00,065,622 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2003/12/05 16:32:56 | 00,077,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\shwserv.exe -- (Giga Pocket Hardware Detector [Auto | Stopped])
SRV - [2003/12/05 16:32:06 | 00,090,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\RM_SV.exe -- (Sony TV Tuner Manager [On_Demand | Stopped])
SRV - [2003/10/30 15:48:10 | 01,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer [Auto | Running])
SRV - [2003/09/25 16:38:56 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Giga Pocket\halsv.exe -- (Sony TV Tuner Controller [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.verizon.net/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/05/30 17:55:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/10 01:12:06 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\isc_ui.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; FunWebProducts; Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk = C:\Program Files\sony\usbsircs\usbsircs.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steph\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 63.219.181.7 ([]http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163367750046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/...tall/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 71.242.0.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - .Trashes [2008/11/03 13:08:10 | 00,000,000 | -H-D | M]
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - .Trashes [2008/11/03 13:08:10 | 00,000,000 | -H-D | M]
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/20 17:10:50 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/15 17:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/15 17:09:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\Malwarebytes
[2009/10/21 20:17:30 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/10/18 10:33:45 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/18 10:31:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/18 10:31:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/18 10:31:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/18 10:31:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/18 10:30:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/18 10:29:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2007/03/25 21:06:02 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 14 Days ==========

[2009/10/21 20:26:52 | 00,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/21 19:48:28 | 00,445,532 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/21 19:48:26 | 00,078,402 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/21 17:57:31 | 00,002,313 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Microsoft Office Word 2007.lnk
[2009/10/21 06:31:36 | 00,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/21 06:23:13 | 00,000,451 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/21 06:10:11 | 00,002,279 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Microsoft Office PowerPoint 2007.lnk
[2009/10/20 18:34:00 | 00,056,832 | ---- | M] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/19 07:28:17 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/18 11:58:00 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C71330FF-3D32-4CDC-877B-2A4D8C7B5123}.job
[2009/10/18 11:42:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 11:39:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/18 10:34:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/17 17:54:49 | 43,179,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/16 18:16:58 | 04,236,152 | -H-- | M] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\IconCache.db
[2009/10/16 08:35:14 | 00,033,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/16 00:18:45 | 00,002,275 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Microsoft Office Excel 2007.lnk
[2009/10/16 00:01:56 | 00,527,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 17:00:35 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\Jennifer\My Documents\SLR 2009 - Applelicious.xlsx
[2009/10/14 09:10:52 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/14 09:10:51 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/11 22:35:08 | 00,015,179 | ---- | M] () -- C:\Documents and Settings\Jennifer\My Documents\SLR 2008 - Applelicious.xlsx
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files - No Company Name ==========
[2009/10/18 10:34:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/18 10:34:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/18 10:31:02 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/18 10:31:02 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/18 10:31:02 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/18 10:31:02 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/08 07:59:01 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Jennifer\My Documents\SLR 2009 - Applelicious.xlsx
[2009/09/20 19:11:53 | 00,000,253 | ---- | C] () -- C:\WINDOWS\Creator.INI
[2009/09/20 18:03:23 | 00,000,035 | ---- | C] () -- C:\WINDOWS\SIMTOWN.INI
[2009/06/30 19:34:04 | 04,236,152 | -H-- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\IconCache.db
[2009/04/25 14:08:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2008/01/05 02:59:25 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/01/05 02:58:04 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/05 02:58:04 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/12/09 21:58:34 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/06/08 06:59:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/05/20 18:36:10 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/05/20 17:10:50 | 00,000,347 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/04/26 23:13:04 | 00,001,080 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/17 20:51:57 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/03/24 18:13:29 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Caesar2.ini
[2007/02/12 14:33:26 | 00,056,832 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/14 17:37:33 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/25 22:32:00 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/09/10 15:20:55 | 00,000,331 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2005/08/07 16:01:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/08/02 23:11:06 | 00,000,011 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/07/23 12:34:19 | 00,000,020 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/05/09 19:41:05 | 00,039,424 | RHS- | C] () -- C:\WINDOWS\System32\shdocpl.dll
[2005/04/18 17:04:59 | 00,063,896 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/09/15 20:37:38 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/09/15 19:42:55 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/09/15 19:40:38 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2004/09/15 19:40:38 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2004/09/15 19:36:47 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSON RX500 Installer.ini
[2004/09/15 12:46:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Jennifer\Application Data\desktop.ini
[2004/05/20 18:08:07 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/20 18:08:07 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/20 18:08:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/20 18:08:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/20 18:08:07 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/20 18:08:07 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/05/20 18:03:05 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2004/05/20 18:02:07 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/09 18:53:25 | 00,000,903 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/09 18:50:59 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/03/09 18:46:27 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/03/08 23:50:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/08 18:11:51 | 00,034,403 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2004/03/08 18:11:51 | 00,016,558 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2004/03/08 18:07:51 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2004/03/08 17:09:41 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/08 15:49:01 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/08 14:36:51 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2004/03/08 14:36:50 | 00,000,730 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/08 14:36:37 | 00,000,839 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/03/08 14:36:35 | 00,000,451 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/08 07:40:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/08/12 12:58:40 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/08/12 12:58:32 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/08/12 12:58:22 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/12 12:58:20 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/06/12 16:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/12 11:58:20 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 11:57:18 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 11:13:58 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[1998/10/11 01:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 20:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/10/21 19:35:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/05/20 16:35:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/07/04 06:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2006/12/27 11:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2006/09/23 10:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2009/09/16 07:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2006/09/23 10:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/07/06 19:11:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/02/11 22:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/05/20 17:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2006/11/03 17:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2004/03/08 15:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/06/01 14:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2009/02/10 19:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/01 12:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/18 11:30:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jennifer\Application Data
[2004/09/15 22:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\ArcSoft
[2009/06/14 14:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\AVGTOOLBAR
[2009/09/18 19:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Costco Photo Viewer US
[2004/11/13 13:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Drag'n Drop CD+DVD
[2008/12/25 15:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\EPSON
[2009/04/01 20:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\ErrorFix
[2009/03/20 23:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\gtk-2.0
[2007/06/10 09:35:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\IMVU
[2009/03/20 23:31:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\InterVideo
[2006/07/16 09:49:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Leadertech
[2009/09/16 07:48:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Motive
[2008/04/28 10:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Move Networks
[2006/09/25 22:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\MSN6
[2006/09/25 22:08:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\MSNInstaller
[2008/03/20 22:49:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\pdf995
[2004/09/15 22:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Smart Panel
[2007/09/26 08:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\U3
[2006/09/23 21:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Verizon
[2007/01/25 12:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\WinAntiVirus Pro 2006
[2009/03/15 09:04:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Windows Search
[2009/04/01 22:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\yoclient
[2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/09/14 23:53:59 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2009/10/18 11:39:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/18 11:58:00 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C71330FF-3D32-4CDC-877B-2A4D8C7B5123}.job

========== Purity Check ==========


< End of report >
  • 0

#15
Maengar

Maengar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I think I got all my functionality back.
I replaced the svchost.exe with a copy stored under servicepackfiles.
Now everything seems to work fine.

One problem is that some files, like my virus scanner, give me the access denied error. I can't re-install the software because it wont remoe the old version.
Is there a way to reset the file attributes to give me access to them?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP