Deckard's System Scanner v20071014.68
Run by Kimberly on 2008-03-03 12:11:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
43: 2008-03-03 17:11:27 UTC - RP43 - Deckard's System Scanner Restore Point
42: 2008-03-02 23:11:04 UTC - RP42 - System Checkpoint
41: 2008-03-01 21:05:09 UTC - RP41 - System Checkpoint
40: 2008-02-29 20:45:34 UTC - RP40 - System Checkpoint
39: 2008-02-28 16:59:27 UTC - RP39 - ComboFix created restore point
-- First Restore Point --
1: 2008-02-27 12:32:35 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 320 MiB (512 MiB recommended).-- HijackThis (run as Kimberly.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:36 PM, on 3/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\Kimberly\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kimberly.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.onenewsnow.comO2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link Wireless G WDA-1320] C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
--
End of file - 3385 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080303-120555-124 O15 - Trusted Zone: *.avsystemcare.com
backup-20080303-120555-282 O15 - Trusted Zone: *.gomyhit.com (HKLM)
backup-20080303-120555-287 O15 - Trusted Zone: *.amaena.com (HKLM)
backup-20080303-120555-299 O15 - Trusted Zone: *.imageservr.com
backup-20080303-120555-315 O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
backup-20080303-120555-367 O15 - Trusted Zone: *.amaena.com
backup-20080303-120555-511 O15 - Trusted Zone: *.safetydownload.com (HKLM)
backup-20080303-120555-529 O15 - Trusted Zone: *.onerateld.com
backup-20080303-120555-530 O15 - Trusted Zone: *.safetydownload.com
backup-20080303-120555-554 O15 - Trusted Zone: *.imageservr.com (HKLM)
backup-20080303-120555-608 O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!
http://adxanet.net/c...::/xpreload.ocxbackup-20080303-120555-707 O15 - Trusted Zone: *.imagesrvr.com
backup-20080303-120555-729 O15 - Trusted Zone: *.storageguardsoft.com
backup-20080303-120555-736 O15 - Trusted Zone: *.virusschlacht.com
backup-20080303-120555-742 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080303-120555-758 O15 - Trusted Zone: *.avsystemcare.com (HKLM)
backup-20080303-120555-796 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20080303-120555-868 O15 - Trusted Zone: *.onerateld.com (HKLM)
backup-20080303-120555-904 O15 - Trusted Zone: *.gomyhit.com
backup-20080303-120555-920 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20080303-120555-998 O15 - Trusted Zone: *.virusschlacht.com (HKLM)
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 catchme - c:\docume~1\kimberly\locals~1\temp\catchme.sys (file missing)
S3 TnIDriver - c:\docume~1\kimberly\locals~1\temp\tni63.tmp (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S3 jswpsapi (Jumpstart Wifi Protected Setup) - c:\program files\d-link\wireless g wda-1320\jswutil\jswpsapi.exe <Not Verified; Atheros Communications, Inc.; JumpStart>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm
-- Files created between 2008-02-03 and 2008-03-03 -----------------------------
2008-03-02 10:53:00 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Thunderbird
2008-03-02 10:52:37 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-01 17:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-01 17:21:57 0 d-------- C:\Documents and Settings\Ron\Application Data\Apple Computer
2008-02-29 12:13:49 0 d-------- C:\Hp Printer Drives DeskJet 3520
2008-02-28 11:54:04 0 d-------- C:\ComboFix(2)
2008-02-27 14:30:48 0 d-------- C:\Program Files\Quick StartUp
2008-02-27 09:37:27 136627 --a------ C:\WINDOWS\POTA777444.exe
2008-02-27 07:34:26 0 d-------- C:\Program Files\NoDNS
2008-02-27 07:27:16 0 d-------- C:\Program Files\Paltalk Messenger Interop
2008-02-27 07:25:57 0 d-------- C:\Program Files\xInsIDE
2008-02-27 07:25:51 0 d-------- C:\Program Files\JavaCore
2008-02-27 07:23:33 0 d-------- C:\Program Files\RABCO
2008-02-27 07:22:06 0 d-------- C:\WINDOWS\System32\jk8
2008-02-27 07:22:06 0 d-------- C:\WINDOWS\System32\hc4
2008-02-27 07:22:06 0 d-------- C:\WINDOWS\System32\fs7
2008-02-27 07:22:06 0 d-------- C:\WINDOWS\System32\ax3
2008-02-27 07:21:39 0 d-------- C:\WINDOWS\System32\iDlo01
2008-02-26 07:13:35 2936 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-02-22 05:47:45 0 d-------- C:\WUTemp
2008-02-21 16:26:42 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Apple Computer
2008-02-21 14:52:55 0 d--hs---- C:\WINDOWS\ftpcache
2008-02-21 14:36:36 0 d-------- C:\Program Files\QuickTime
2008-02-21 14:36:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 09:13:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-21 09:12:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 09:12:55 0 d-------- C:\Documents and Settings\Kimberly\Application Data\SUPERAntiSpyware.com
2008-02-21 09:12:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-18 12:34:02 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-18 12:30:25 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Media Player Classic
2008-02-16 17:31:29 0 d-------- C:\Program Files\PeaZip
2008-02-15 10:57:22 0 d-------- C:\Program Files\Auto Greeter
2008-02-15 09:17:47 21312 --a------ C:\WINDOWS\choice.exe
2008-02-15 09:11:02 0 dr-hs---- C:\cmdcons
2008-02-15 09:11:00 0 d-------- C:\WINDOWS\setup.pss
2008-02-15 09:10:49 0 d-------- C:\WINDOWS\setupupd
2008-02-12 11:22:06 0 d-------- C:\Documents and Settings\Ron\Application Data\Macromedia
2008-02-12 11:22:05 0 d-------- C:\Documents and Settings\Ron\Application Data\Adobe
2008-02-12 11:20:16 0 d-------- C:\Documents and Settings\Ron\Application Data\Mozilla
2008-02-12 00:02:43 0 d-------- C:\Documents and Settings\Kimberly\.housecall6.6
2008-02-12 00:01:29 0 d-------- C:\WINDOWS\Sun
2008-02-12 00:01:29 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Sun
2008-02-11 23:58:48 0 d-------- C:\Program Files\Java
2008-02-11 23:58:12 0 d-------- C:\Program Files\Common Files\Java
2008-02-11 23:57:30 1397 --a------ C:\WINDOWS\mozver.dat
2008-02-11 12:20:32 0 d-------- C:\ie-spyad
2008-02-11 12:09:21 0 d-------- C:\Program Files\LogMeIn
2008-02-10 15:15:10 68096 --a------ C:\WINDOWS\System32\zip.exe
2008-02-10 15:15:10 98816 --a------ C:\WINDOWS\System32\sed.exe
2008-02-10 15:15:10 80412 --a------ C:\WINDOWS\System32\grep.exe
2008-02-10 15:15:10 73728 --a------ C:\WINDOWS\System32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-10 13:31:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-02-10 13:17:10 0 d-------- C:\Program Files\Trend Micro
2008-02-10 10:47:38 0 d---s---- C:\Documents and Settings\Kimberly\UserData
2008-02-10 10:30:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 10:29:58 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Mozilla
2008-02-10 06:37:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-02-09 20:25:01 0 d-------- C:\Program Files\SpywareGuard
2008-02-09 20:10:42 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-02-09 20:10:38 0 d-------- C:\Program Files\SpywareBlaster
2008-02-09 19:39:53 4 --a------ C:\WINDOWS\System32\SvcNm
2008-02-09 19:39:39 34816 --a------ C:\wintlsu.exe
2008-02-09 14:47:29 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-02-09 14:46:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-02-09 14:29:48 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-09 11:41:08 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-02-09 11:04:15 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-09 11:03:59 46592 --a------ C:\WINDOWS\System32\drivers\dhlp.sys <Not Verified; ; DHLP>
2008-02-09 10:57:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-09 10:53:37 0 d-------- C:\Temp
2008-02-09 09:46:23 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Macromedia
2008-02-09 09:46:22 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Adobe
2008-02-09 08:35:10 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Paltalk
2008-02-09 08:35:01 0 d-------- C:\WINDOWS\PaltalkScene
2008-02-09 08:35:00 0 d-------- C:\Program Files\Paltalk Messenger
2008-02-08 17:34:52 9 --a------ C:\WINDOWS\System32\ANIWZCSUSERNAME{F06BFA31-CB6A-4C0B-80B3-8C5BC76C03C6}
2008-02-08 17:30:19 0 d-------- C:\WINDOWS\Internet Logs
2008-02-08 17:21:23 4 --a------ C:\WINDOWS\System32\ANIWZCSUSERNAME{D41A3268-B87D-4205-8E56-3828882A4E10}
2008-02-08 16:27:06 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-08 16:27:05 0 d-------- C:\Documents and Settings\Ron\Application Data\MSN6
2008-02-08 16:25:31 7 --a------ C:\WINDOWS\System32\ANIWZCSUSERNAME{89E59345-5857-4226-9BA1-6EF31A395C98}
2008-02-08 16:21:02 212992 --a------ C:\WINDOWS\System32\wlanapi.dll <Not Verified; Alpha Networks Inc.; WLANAPI Dynamic Link Library>
2008-02-08 16:18:14 7 --a------ C:\WINDOWS\System32\ANIWZCSUSERNAME
2008-02-08 16:06:01 0 d-------- C:\Documents and Settings\Ron\Application Data\Identities
2008-02-08 16:05:39 0 dr------- C:\Documents and Settings\Ron\Favorites
2008-02-08 16:05:39 0 d-------- C:\Documents and Settings\Ron\Desktop
2008-02-08 16:05:39 0 d---s---- C:\Documents and Settings\Ron\Cookies
2008-02-08 16:05:39 0 dr-h----- C:\Documents and Settings\Ron\Application Data
2008-02-08 16:05:39 0 d---s---- C:\Documents and Settings\Ron\Application Data\Microsoft
2008-02-08 16:05:38 0 d--h----- C:\Documents and Settings\Ron\Templates
2008-02-08 16:05:38 0 dr------- C:\Documents and Settings\Ron\Start Menu
2008-02-08 16:05:38 0 dr-h----- C:\Documents and Settings\Ron\SendTo
2008-02-08 16:05:38 0 dr-h----- C:\Documents and Settings\Ron\Recent
2008-02-08 16:05:38 0 d--h----- C:\Documents and Settings\Ron\PrintHood
2008-02-08 16:05:38 2097152 --ah----- C:\Documents and Settings\Ron\NTUSER.DAT
2008-02-08 16:05:38 0 d--h----- C:\Documents and Settings\Ron\NetHood
2008-02-08 16:05:38 0 dr------- C:\Documents and Settings\Ron\My Documents
2008-02-08 16:05:38 0 d--h----- C:\Documents and Settings\Ron\Local Settings
2008-02-08 14:25:01 262144 --a------ C:\WINDOWS\System32\wnicapi.dll <Not Verified; Wireless Service; WNICAPI Dynamic Link Library>
2008-02-08 14:25:01 217088 --a------ C:\WINDOWS\System32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2008-02-08 14:25:00 233472 --a------ C:\WINDOWS\System32\WlanApp.dll <Not Verified; ; WlanApp Dynamic Link Library>
2008-02-08 14:25:00 1327189 --a------ C:\WINDOWS\System32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2008-02-08 14:25:00 49152 --a------ C:\WINDOWS\System32\JJAKEn.dll <Not Verified; ; JJAKEn Dynamic Link Library>
2008-02-08 14:25:00 49152 --a------ C:\WINDOWS\System32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2008-02-08 14:25:00 679936 --a------ C:\WINDOWS\System32\ANIWZCS2.dll <Not Verified; Wireless Service; ANIWZCS Dynamic Link Library>
2008-02-08 14:25:00 45115 --a------ C:\WINDOWS\System32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2008-02-08 14:24:41 48128 --a------ C:\WINDOWS\System32\ANIO64.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-02-08 14:24:41 11904 --a------ C:\WINDOWS\System32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2008-02-08 14:24:41 28195 --a------ C:\WINDOWS\System32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2008-02-08 14:24:41 0 d-------- C:\Program Files\ANI
2008-02-08 14:24:33 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-08 14:24:29 405583 --a------ C:\WINDOWS\System32\jswscsup.dll <Not Verified; Atheros Communications, Inc.; JSCSCSUP>
2008-02-08 14:24:28 24576 --a------ C:\WINDOWS\System32\DWLInst.dll <Not Verified; D-Link Corporation; D-Link CoInstaller DLL>
2008-02-08 14:24:28 36864 --a------ C:\WINDOWS\System32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2008-02-08 14:24:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-08 14:24:28 0 d-------- C:\Program Files\D-Link
2008-02-08 14:24:17 0 d-------- C:\Documents and Settings\Kimberly\Application Data\InstallShield
2008-02-08 14:09:43 0 d--hs---- C:\WINDOWS\Installer
2008-02-08 14:09:36 0 d-------- C:\Documents and Settings\Kimberly\Application Data\Identities
2008-02-08 14:09:01 0 dr------- C:\Documents and Settings\Kimberly\Favorites
2008-02-08 14:09:01 0 d-------- C:\Documents and Settings\Kimberly\Desktop
2008-02-08 14:09:01 0 d---s---- C:\Documents and Settings\Kimberly\Cookies
2008-02-08 14:09:01 0 dr-h----- C:\Documents and Settings\Kimberly\Application Data
2008-02-08 14:09:00 0 d--h----- C:\Documents and Settings\Kimberly\Templates
2008-02-08 14:09:00 0 dr------- C:\Documents and Settings\Kimberly\Start Menu
2008-02-08 14:09:00 0 dr-h----- C:\Documents and Settings\Kimberly\SendTo
2008-02-08 14:09:00 0 dr-h----- C:\Documents and Settings\Kimberly\Recent
2008-02-08 14:09:00 0 d--h----- C:\Documents and Settings\Kimberly\PrintHood
2008-02-08 14:09:00 4456448 --ah----- C:\Documents and Settings\Kimberly\NTUSER.DAT
2008-02-08 14:09:00 0 d--h----- C:\Documents and Settings\Kimberly\NetHood
2008-02-08 14:09:00 0 dr------- C:\Documents and Settings\Kimberly\My Documents
2008-02-08 14:09:00 0 d--h----- C:\Documents and Settings\Kimberly\Local Settings
2008-02-08 14:05:10 0 d---s---- C:\WINDOWS\System32\Microsoft
2008-02-08 14:03:35 0 d--hs---- C:\System Volume Information
2008-02-08 14:03:34 0 d-------- C:\WINDOWS\Prefetch
2008-02-08 14:03:32 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-02-08 14:03:32 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-02-08 14:03:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-02-08 14:03:32 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-02-08 14:03:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-02-08 14:03:31 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-02-08 14:03:31 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-02-08 14:03:31 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-02-08 14:03:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-02-08 14:03:31 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-02-08 13:56:00 0 d-------- C:\WINDOWS\System32\xircom
2008-02-08 13:56:00 0 d-------- C:\Program Files\microsoft frontpage
2008-02-08 13:55:50 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-02-08 13:55:50 0 d-------- C:\DELL
2008-02-08 13:55:33 0 -rahs---- C:\MSDOS.SYS
2008-02-08 13:55:33 0 -rahs---- C:\IO.SYS
2008-02-08 13:55:33 0 --a------ C:\CONFIG.SYS
2008-02-08 13:55:33 0 --a------ C:\AUTOEXEC.BAT
2008-02-08 13:53:17 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-02-08 13:52:50 0 dr------- C:\WINDOWS\Offline Web Pages
2008-02-08 13:52:50 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-08 13:51:39 0 d-------- C:\WINDOWS\System32\DirectX
2008-02-08 13:50:34 0 d---s---- C:\WINDOWS\Tasks
2008-02-08 13:50:30 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-08 13:50:24 0 d-------- C:\WINDOWS\srchasst
2008-02-08 13:50:23 0 d-------- C:\WINDOWS\System32\Macromed
2008-02-08 13:50:21 0 d-------- C:\Program Files\Movie Maker
2008-02-08 13:50:15 0 d-------- C:\WINDOWS\System32\Restore
2008-02-08 13:50:15 0 d-------- C:\WINDOWS\PCHealth
2008-02-08 13:49:45 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-02-08 13:49:22 0 d-------- C:\WINDOWS\Registration
2008-02-08 13:48:04 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-08 13:48:04 0 d-------- C:\Program Files\Online Services
2008-02-08 13:47:54 0 d-------- C:\Program Files\Messenger
2008-02-08 13:47:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-08 13:46:45 0 d-------- C:\Program Files\Windows NT
2008-02-08 13:46:40 0 d-------- C:\WINDOWS\System32\MsDtc
2008-02-08 13:46:39 0 d-------- C:\WINDOWS\System32\Com
2008-02-08 08:34:29 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-08 08:34:23 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-08 08:34:22 0 dr------- C:\Program Files
2008-02-08 08:34:22 0 d-------- C:\Program Files\Common Files
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-02-08 08:33:38 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-02-08 08:33:38 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-02-08 08:33:38 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-02-08 08:33:38 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-02-08 08:33:38 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-02-08 08:33:38 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-02-08 08:33:38 0 dr------- C:\Documents and Settings\All Users\Documents
2008-02-08 08:33:38 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-02-08 08:32:49 0 d-------- C:\WINDOWS\System32\CatRoot2
2008-02-08 08:32:49 0 d-------- C:\WINDOWS\System32\CatRoot
2008-02-08 08:32:44 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-02-08 08:32:44 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-02-08 08:32:43 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-02-08 08:32:43 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-02-08 08:31:54 0 d-------- C:\Documents and Settings
2008-02-08 08:21:26 0 d-------- C:\WINDOWS
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\WinSxS
2008-02-08 08:21:26 0 dr------- C:\WINDOWS\Web
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\twain_32
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\system32
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\wins
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\wbem
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\usmt
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\spool
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\ShellExt
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\Setup
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\ras
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\oobe
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\npp
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\mui
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\inetsrv
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\IME
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\icsxml
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\ias
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\export
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\drivers
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\drivers\etc
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\drivers\disdn
2008-02-08 08:21:26 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\dhcp
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\config
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\3com_dmi
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\3076
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\2052
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1054
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1042
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1041
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1037
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1033
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1031
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1028
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\System32\1025
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\system
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\security
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Resources
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\repair
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\mui
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\msapps
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\msagent
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Media
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\java
2008-02-08 08:21:26 0 d--h----- C:\WINDOWS\inf
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\ime
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Help
2008-02-08 08:21:26 0 dr--s---- C:\WINDOWS\Fonts
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Driver Cache
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Debug
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Cursors
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Connection Wizard
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\Config
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\AppPatch
2008-02-08 08:21:26 0 d-------- C:\WINDOWS\addins
-- Find3M Report ---------------------------------------------------------------
2008-02-27 07:44:13 10 --a------ C:\Program Files\.autoreg <AUTORE~1>
2008-02-08 08:33:38 62 --ahs---- C:\Documents and Settings\Kimberly\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}]
01/30/2008 02:02 PM 414992 --a------ C:\Program Files\RABCO\RABCO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link Wireless G WDA-1320"="C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe" [08/29/2007 03:16 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 AM]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [08/18/2004 11:47 AM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 03:09 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 03:08 PM]
C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [12/11/2007 3:34:40 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"runner1"=C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"a47dfd46"=rundll32.exe "C:\WINDOWS\System32\pansqjqm.dll",b
"NBInstall"=C:\DOCUME~1\Kimberly\LOCALS~1\Temp\MBDownloader_876923.exe
"horyhyt"=C:\Program Files\MSN\horyhyt77798.exe
-- End of Deckard's System Scanner: finished at 2008-03-03 12:19:49 ------------
Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel Pentium II processor
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 319.46 MiB / 118.59 MiB
Pagefile Memory (total/avail): 774.83 MiB / 603.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.46 MiB
C: is Fixed (NTFS) - 28.63 GiB total, 25.26 GiB free.
D: is Fixed (NTFS) - 1.51 GiB total, 0.71 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - Conner Peripherals 1620MB - CFS1621A - 1547.44 MiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 1547.41 MiB - D:
\\.\PHYSICALDRIVE0 - WDC WD307AA-00BAA0 - 28.64 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 28.63 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
AUState says computer has updates disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kimberly\Application Data
CLASSPATH=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIMBERLY-28GW9Y
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kimberly
LOGONSERVER=\\KIMBERLY-28GW9Y
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\MOZILL~1;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Mozilla Firefox
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0502
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kimberly\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kimberly\LOCALS~1\Temp
USERDOMAIN=KIMBERLY-28GW9Y
USERNAME=Kimberly
USERPROFILE=C:\Documents and Settings\Kimberly
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Kimberly
(admin)Ron
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Auto Greeter --> "C:\Program Files\Auto Greeter\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 3500 series --> rundll32 hpzcon09.dll,VendorJettison hp deskjet 3500 series
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JavaCore --> C:\Program Files\JavaCore\UnInstall.exe
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
NoDNS --> C:\Program Files\\NoDNS\\UnInstall.exe
Paltalk Messenger Interop --> "C:\Program Files\Paltalk Messenger Interop\uninstall.exe"
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PeaZip 1.11 --> "C:\Program Files\PeaZip\unins000.exe"
Quick StartUp 2.3 --> "C:\Program Files\Quick StartUp\unins000.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RABCO --> "C:\Program Files\RABCO\un_RABCOSetup_16230.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
WinTouch --> C:\Documents and Settings\Kimberly\Application Data\WinTouch\WTUninstaller.exe
Wireless G WDA-1320 --> C:\Program Files\InstallShield Installation Information\{C38C985C-266A-4CEE-BEC3-1A4270F09FD4}\setup.exe -runfromtemp -l0x0009 -removeonly
xInsIDE --> "C:\Program Files\xInsIDE\xInsIDE.exe" -uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type344 / Warning
Event Submitted/Written: 03/02/2008 03:09:47 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type343 / Error
Event Submitted/Written: 03/02/2008 03:09:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application , version 0.0.0.0, hang module QuickTime.qts, version 7.0.3.50, hang address 0x000c7ade.
Event Record #/Type328 / Warning
Event Submitted/Written: 02/29/2008 11:32:20 AM
Event ID/Source: 1005 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 10 days.
Event Record #/Type311 / Error
Event Submitted/Written: 02/28/2008 09:13:17 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application , version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type310 / Error
Event Submitted/Written: 02/28/2008 09:13:02 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application , version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2620 / Warning
Event Submitted/Written: 02/29/2008 07:37:36 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.
Event Record #/Type2619 / Warning
Event Submitted/Written: 02/29/2008 07:37:36 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type2618 / Warning
Event Submitted/Written: 02/29/2008 07:37:35 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type2617 / Warning
Event Submitted/Written: 02/29/2008 07:37:34 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type2616 / Warning
Event Submitted/Written: 02/29/2008 07:37:33 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
-- End of Deckard's System Scanner: finished at 2008-03-03 12:19:49 ------------
OT Log
File/Folder C:\Program Files\Rabio not found.
[Custom Input]
< C:\Documents and Settings\Kimberly\Application Data\s?curity /u >
File/Folder C:\Documents and Settings\Kimberly\Application Data\s?curity not found.
< C:\WINDOWS\system32\S?mantec /u >
File/Folder C:\WINDOWS\system32\S?mantec not found.
OTMoveIt2 v1.0.20 log created on 03032008_120846