WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Error message

2 posters

descriptionError message EmptyError message5th March 2010, 4:05 am

more_horiz
I was having some problems with my computer freezing all the time. I decided to update the Malwarebytes program before running it. Except that after updating, it won't run. Instead of opening up it says it encountered "Error 701". And now I don't know what to do about it at all.

descriptionError message EmptyRe: Error message5th March 2010, 8:38 pm

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message5th March 2010, 9:25 pm

more_horiz
OTL logfile created on: 05/03/2010 2:16:15 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.39 Gb Free Space | 63.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OKOTOKS-0F1C618
Current User Name: User
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/05 13:43:04 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2008/04/13 17:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/05 13:43:04 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/22 19:03:01 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/06/24 17:21:00 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/21 15:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 01:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/15 09:40:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Stopped] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


========== Driver Services (SafeList) ==========

DRV - [2010/02/03 02:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100305.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 02:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100305.004\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/19 20:02:58 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20100224.001\SymIDSco.sys -- (SYMIDSCO)
DRV - [2009/08/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 11:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 11:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/08 21:02:39 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 13:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/31 18:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 18:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 18:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/08 17:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/01 13:28:38 | 000,095,488 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/04/12 08:44:00 | 006,738,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/02/14 14:09:08 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/01/29 16:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/09/29 09:06:26 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2006/09/06 01:04:12 | 004,377,600 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/14 12:44:30 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2006/06/13 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 04:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 04:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 04:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/06/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/03/17 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/10/20 15:25:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb32.sys -- (asusgsb)
DRV - [2005/06/01 20:37:28 | 000,463,872 | ---- | M] (Belkin Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGD.sys -- (BLKWGD)
DRV - [2004/04/21 16:51:34 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA,en-ca;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 75 21 CE 8F BC CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/09 10:10:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 17:42:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 19:04:24 | 000,000,000 | ---D | M]

[2009/03/02 10:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/03/02 10:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/02 17:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions
[2009/09/02 12:13:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/16 09:54:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/03 17:36:56 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009/12/14 23:18:52 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\searchplugins\conduit.xml
[2009/03/14 18:31:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\searchplugins\live-search.xml
[2010/03/02 17:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/15 06:25:26 | 000,227,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\AdVComponent.dll
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/02/19 17:42:44 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/19 17:42:44 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/19 17:42:44 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/19 17:42:44 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe (AceGain Inc.)
O4 - HKLM..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [zzzHPSETUP] File not found
O4 - HKCU..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Power DVD Player] C:\Program Files\Power DVD Player\PowerDVDPlayer.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk = E:\Belkinwcui.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe File not found
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186807405734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/10 20:40:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/05 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\NSS
[2010/03/05 11:31:04 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/03/05 11:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/03/04 18:51:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/22 19:03:01 | 000,225,280 | ---- | C] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2010/02/22 19:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ArtistScope Plugin IE 42
[2010/02/22 19:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2010/02/19 03:15:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/19 00:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/02/19 00:26:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 00:26:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 00:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/19 00:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/19 00:18:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/18 21:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\LimeWire
[2010/02/18 19:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\jlsart
[2010/02/16 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/16 15:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/16 15:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/04 16:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2009/12/22 15:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DVDVideoSoft
[2009/04/08 16:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/08 15:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/07/25 17:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/07/05 23:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/02/18 14:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2008/02/07 22:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2007/08/13 23:54:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/08/10 20:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/08/10 20:40:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/05/11 22:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/05 14:15:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 14:14:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/05 14:11:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/05 14:11:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/05 13:57:23 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/03/05 13:57:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/03/05 13:47:18 | 002,146,082 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NortonSecurityScan.exe
[2010/03/05 12:13:38 | 000,000,548 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/05 12:13:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/03/05 12:13:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/05 11:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/04 17:27:24 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{21A8F16F-6A2F-449D-9C77-AE31BA6FAE30}.job
[2010/03/02 17:01:05 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2010/03/02 15:19:17 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Grasley_Science_311_Developed Draft.doc
[2010/03/02 15:19:04 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Grasley_Science_311_Outline.doc
[2010/03/02 15:13:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/01 16:26:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/28 03:35:35 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mineral.doc
[2010/02/28 02:40:47 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Physics.doc
[2010/02/24 08:17:50 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to Internet.lnk
[2010/02/24 03:00:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 19:03:01 | 000,266,240 | ---- | M] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/02/22 19:03:01 | 000,225,280 | ---- | M] (Art Dept (nsw) Pty Ltd) -- C:\WINDOWS\System32\CSInstru.DLL
[2010/02/21 00:07:40 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Structural Geology.doc
[2010/02/19 00:26:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/17 13:18:31 | 000,240,551 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\adCenterExcelAddinV5.5_External.config
[2010/02/14 21:38:23 | 000,074,240 | ---- | M] () -- C:\Documents and Settings\User\My Documents\curtis' Reseme.doc
[2010/02/12 16:22:21 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Security Licence Application Form Questions-Curtis Grasley.doc
[2010/02/12 14:59:48 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Paint.lnk
[2010/02/07 23:22:22 | 000,010,750 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Sites.docx
[2010/02/04 16:30:20 | 000,070,984 | ---- | M] () -- C:\Documents and Settings\User\g2mdlhlpx.exe
[2010/02/04 13:18:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/05 13:49:08 | 002,146,082 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NortonSecurityScan.exe
[2010/03/02 15:19:17 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Grasley_Science_311_Developed Draft.doc
[2010/02/27 23:34:01 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Grasley_Science_311_Outline.doc
[2010/02/24 12:32:03 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Copy of Solitaire.lnk
[2010/02/24 08:17:50 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to Internet.lnk
[2010/02/22 19:03:01 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/02/21 00:07:40 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Structural Geology.doc
[2010/02/19 00:26:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 15:33:21 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/15 00:30:54 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mineral.doc
[2010/02/12 16:22:21 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Security Licence Application Form Questions-Curtis Grasley.doc
[2010/02/07 23:22:22 | 000,010,750 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Sites.docx
[2010/02/04 16:30:19 | 000,070,984 | ---- | C] () -- C:\Documents and Settings\User\g2mdlhlpx.exe
[2010/02/04 13:18:58 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/12/28 01:07:32 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/12/28 01:07:32 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/12/28 01:07:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/12/20 00:12:02 | 000,000,240 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/12/04 15:05:18 | 000,240,551 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\adCenterExcelAddinV5.5_External.config
[2009/09/12 13:36:20 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/09/12 13:15:49 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/31 01:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/12/31 00:55:09 | 000,000,072 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2008/10/28 10:00:24 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2008/10/06 20:30:56 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/09/26 19:02:44 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wa.INI
[2008/09/01 00:51:55 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2008/08/23 16:44:37 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/08/08 19:03:05 | 000,137,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/17 00:04:58 | 000,000,048 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/24 20:53:48 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/26 19:54:46 | 000,005,864 | ---- | C] () -- C:\Program Files\install.log
[2008/04/10 11:58:07 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/23 19:55:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/02/23 19:55:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/01/31 21:49:44 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/01/31 11:07:16 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/09/06 15:10:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/08/28 21:38:01 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/08/10 20:58:06 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/08/10 20:53:28 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2007/08/10 20:10:00 | 000,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2007/08/10 20:10:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2007/08/10 20:10:00 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007/08/10 20:09:59 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007/08/10 20:09:59 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007/08/10 20:09:59 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007/08/10 20:09:59 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007/08/10 20:09:59 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007/08/10 20:09:59 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007/08/10 20:09:59 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007/08/10 20:09:59 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007/04/12 08:44:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/12 08:44:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/12 08:44:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/12 08:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 08:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/13 05:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/03/20 12:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/12/30 19:18:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/12/30 19:10:30 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/10/11 10:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
< End of report >

descriptionError message EmptyRe: Error message5th March 2010, 9:25 pm

more_horiz
OTL Extras logfile created on: 05/03/2010 2:16:15 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.39 Gb Free Space | 63.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OKOTOKS-0F1C618
Current User Name: User
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"9275:TCP" = 9275:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"9275:TCP" = 9275:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- File not found
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- ()
"C:\Documents and Settings\User\My Documents\WoW-2.0.0-enUS-Installer-downloader.exe" = C:\Documents and Settings\User\My Documents\WoW-2.0.0-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{124C79C5-59E6-4ADA-AACE-21E9D0547956}" = SymNet
"{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2766C573-EFD3-4f15-83A5-2788B48994F0}" = HP Scanjet 4370
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™️ Red Alert™️ 3
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®️: Knights of the Old Republic (TM)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33471FA2-1DE4-47e9-9FDB-828B341BA4FA}" = hpg4370QFolder
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A8892A3-36BB-411E-85AA-6AEA544D028B}" = Far Cry (Patch 1.4)
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass®️ Client
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EA4D12F-1571-4998-9BD1-D20C4A767D24}" = ASUS Utilities
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92B07938-0550-4937-9447-E0ECC04AB99D}" = ASUS GameFace Library
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C89D7309-4E87-4582-9B45-0282C1A893F4}" = ASUS nVidia Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBA694F-E1A3-4ED4-8364-1A94F4ADE456}" = hpg4370
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster for Battlefield Vietnam
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)
"{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E96BE1AC-D50C-4EE5-808F-95F25364F78B}" = ASUS GamerOSD AP
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™️ Creature Creator Trial Edition
"{ED48E5CA-34D8-4339-8276-5E95C261A94A}" = Ghost Recon Advanced Warfighter Demo
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F989306B-9287-444F-AE73-E30C7E4AF0F5}" = Battlefield Vietnam: WW2 Mod
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"7-Zip" = 7-Zip 4.57
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Mythology 1.0" = Age of Mythology
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"Alexander" = Alexander
"Artisan DVD/DivX Player_is1" = Artisan DVD/DivX Player
"ArtistScope Plugin IE 424.2.0.4" = ArtistScope Plugin IE 42
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Cakewalk Music Creator 3" = Cakewalk Music Creator 3
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Cliprex DVD Player Professional" = Cliprex DVD Player Professional Powered by Advantage
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"ffdshow" = ffdshow (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GAIA3DPUZZLE-H32F-4F2D-AC9J-3T8L1-3GMX_is1" = Gaia 3D Puzzle v1.02 (Trial version)
"GameFace_Messenger" = GameFace Messenger
"Halo" = Microsoft Halo
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{92B07938-0550-4937-9447-E0ECC04AB99D}" = ASUS GameFace Library
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"InstallShield_{E96BE1AC-D50C-4EE5-808F-95F25364F78B}" = ASUS GamerOSD AP
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mind Power(TM) Math - Calculus" = Mind Power(TM) Math - Calculus
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC_Drummer_Trial_500" = PC Drummer Trial Edition 5.11
"Power DVD Player" = Power DVD Player
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"R for Windows_is1" = R for Windows 2.6.2
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 6.0" = RealPlayer
"Red Alert 2" = Command & Conquer Red Alert 2
"ST6UNST #1" = FreeDVD Codec Installer Version 1.0
"Switch" = Switch Sound File Converter
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xvid" = XviD MPEG-4 Video Codec
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2936BA206D985FAE13777719CA18A9A97FD3533C" = Microsoft Advertising Intelligence
"Diablo II" = Diablo II
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/03/2010 3:39:42 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00009bf5.

Error - 03/03/2010 3:41:33 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Error | ID = 1001
Description = Fault bucket 243142393.

Error - 03/03/2010 5:00:05 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00009bf5.

Error - 03/03/2010 5:00:44 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Error | ID = 1001
Description = Fault bucket 243142393.

Error - 03/03/2010 5:14:40 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00009bf5.

Error - 03/03/2010 5:21:18 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Error | ID = 1001
Description = Fault bucket 243142393.

Error - 03/03/2010 5:49:27 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Error | ID = 1000
Description = Faulting application belkinwcui.exe, version 1.0.0.8, faulting module
belkinwcui.exe, version 1.0.0.8, fault address 0x00009bf5.

Error - 03/03/2010 5:49:32 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Error | ID = 1001
Description = Fault bucket 243142393.

Error - 05/03/2010 1:23:42 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Hang | ID = 1002
Description = Hanging application GameFace.exe, version 2.2.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 05/03/2010 1:26:10 PM | Computer Name = OKOTOKS-0F1C618 | Source = Application Hang | ID = 1001
Description = Fault bucket 332071796.

[ System Events ]
Error - 05/03/2010 4:48:51 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/03/2010 4:49:05 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/03/2010 4:49:52 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/03/2010 4:51:08 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/03/2010 4:51:18 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/03/2010 4:51:54 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/03/2010 4:56:44 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/03/2010 5:15:38 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/03/2010 5:16:01 PM | Computer Name = OKOTOKS-0F1C618 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 05/03/2010 5:16:35 PM | Computer Name = OKOTOKS-0F1C618 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
asuskbnt eeCtrl EIO Fips intelppm pavboot SPBBCDrv SRTSPX SYMTDI


< End of report >

descriptionError message EmptyRe: Error message5th March 2010, 11:14 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Error message CF_download_FF

    Error message CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Error message Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Error message Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message6th March 2010, 2:05 am

more_horiz
ComboFix 10-03-05.01 - User 05/03/2010 18:52:23.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1697 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll
c:\windows\system32\SIntf16.dll

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-05 18:31 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-05 18:30 . 2010-03-05 18:30 -------- d-----w- c:\program files\Panda Security
2010-03-03 15:03 . 2010-03-03 15:03 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-03-03 14:55 . 2010-03-06 00:08 -------- d-----w- c:\documents and settings\HelpAssistant
2010-02-23 02:03 . 2010-02-23 02:03 266240 ----a-w- c:\windows\system32\CSHelper.exe
2010-02-23 02:03 . 2010-02-23 02:03 225280 ----a-w- c:\windows\system32\CSInstru.DLL
2010-02-23 02:02 . 2010-02-23 02:02 -------- d-----w- c:\windows\ArtistScope Plugin IE 42
2010-02-19 10:15 . 2010-02-19 10:17 -------- dc-h--w- c:\windows\ie8
2010-02-19 10:11 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-19 10:11 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-19 09:58 . 2010-02-19 09:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-19 07:26 . 2010-02-19 07:26 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-02-19 07:26 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 07:26 . 2010-02-19 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 07:26 . 2010-02-19 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-19 07:26 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 02:25 . 2010-02-27 09:36 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\jlsart
2010-02-16 22:32 . 2010-02-16 22:32 -------- d-----w- c:\program files\iPod
2010-02-16 22:32 . 2010-02-16 22:33 -------- d-----w- c:\program files\iTunes
2010-02-16 22:28 . 2010-02-16 22:29 -------- d-----w- c:\program files\QuickTime
2010-02-16 22:20 . 2010-02-16 22:20 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-04 23:30 . 2010-02-04 23:30 -------- d-----w- c:\program files\Citrix
2010-02-04 23:30 . 2010-02-04 23:30 70984 ----a-w- c:\documents and settings\User\g2mdlhlpx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 01:20 . 2008-02-25 05:08 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2010-03-06 01:17 . 2008-06-25 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-06 00:45 . 2007-08-26 05:11 35712 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 00:20 . 2007-08-11 17:14 -------- d-----w- c:\program files\LucasArts
2010-03-06 00:18 . 2007-08-15 19:59 -------- d-----w- c:\program files\Electronic Arts
2010-03-06 00:03 . 2007-08-11 03:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 23:40 . 2008-02-01 01:04 -------- d-----w- c:\program files\World of Warcraft
2010-03-03 10:08 . 2008-06-25 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-03 00:01 . 2007-08-11 03:10 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-02-18 21:16 . 2009-12-15 05:34 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-16 22:53 . 2009-12-02 05:18 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-16 22:32 . 2008-07-17 03:56 -------- d-----w- c:\program files\Common Files\Apple
2010-02-04 23:30 . 2010-03-03 15:00 70984 ----a-w- c:\documents and settings\HelpAssistant\g2mdlhlpx.exe
2010-02-04 20:18 . 2008-09-20 04:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 18:07 . 2008-04-11 18:34 -------- d-----w- c:\program files\Google
2010-01-26 05:09 . 2009-03-14 20:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 00:26 . 2010-02-04 00:36 52224 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-01-22 00:26 . 2010-02-04 00:36 101376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 06:43 . 2009-12-28 08:07 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-12-29 06:43 . 2009-12-28 08:07 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-12-28 08:06 . 2009-12-28 08:06 16910 ----a-w- c:\windows\DIIUnin.dat
2009-12-28 08:06 . 2009-12-28 08:06 94208 ----a-w- c:\windows\DIIUnin.exe
2009-12-28 08:06 . 2009-12-28 08:06 2829 ----a-w- c:\windows\DIIUnin.pif
2009-12-21 19:14 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2007-08-11 03:36 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2006-02-28 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-01-15 13:25 . 2009-01-15 13:25 227696 ----a-w- c:\program files\mozilla firefox\components\AdVComponent.dll
2009-04-01 04:47 . 2008-08-09 16:38 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-02-18 21:16 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVD1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-04-24 1114112]
"MsnMsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"Power DVD Player"="c:\program files\Power DVD Player\PowerDVDPlayer.exe" [2007-09-06 391168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"GameFace Messenger"="c:\program files\GameFace Messenger\GameFace.exe" [2006-11-01 2154496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"nwiz"="nwiz.exe" [2007-04-12 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Documents and Settings\\User\\My Documents\\WoW-2.0.0-enUS-Installer-downloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"9275:TCP"= 9275:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3246:TCP"= 3246:TCP:Services

R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [10/08/2007 9:32 PM 463872]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [05/03/2010 11:31 AM 28552]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [22/02/2010 7:03 PM 266240]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/03/2009 1:21 PM 54752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 11:07 AM 135664]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 12:37 PM 149352]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/01/2008 7:32 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/09/2009 6:30 PM 102448]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\User\LOCALS~1\Temp\jnv4_mib.sys --> c:\docume~1\User\LOCALS~1\Temp\jnv4_mib.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [21/08/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [21/08/2008 10:49 PM 8320]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21/04/2004 4:51 PM 16384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:07]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:07]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{21A8F16F-6A2F-449D-9C77-AE31BA6FAE30}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\components\AdVComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-AC3Filter - c:\varick\AC3Filter\uninstall.exe
AddRemove-DivX Player_is1 - c:\varick\ArtisanDVDPlayer\unins000.exe
AddRemove-Cliprex DVD Player Professional - c:\varick\Cliprex DVD Player Professional\uninstall.exe
AddRemove-ffdshow - c:\varick\ffdshow\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 19:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A099A78]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> 0x8a099a78
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> 0x89f5d330
PacketIndicateHandler -> NDIS.sys @ 0xf786ea0d
SendHandler -> NDIS.sys @ 0xf7882b40
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-573735546-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c2,4e,07,92,12,f5,ec,82,5c,e7,be,a4,39,c3,e8,05,59,23,e7,8a,8f,46,17,
31,96,c2,be,f8,39,99,f2,c8,8a,01,25,6a,04,b9,68,c5,3b,d6,fd,e8,a2,c8,b8,19,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-776561741-573735546-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:be,44,d6,b1,88,7e,d5,0d,2d,bb,09,95,a7,79,83,aa,08,85,ae,b1,da,
52,d4,83,48,99,c8,d3,d8,fa,07,07,ef,b9,29,aa,f4,14,09,fa,84,8c,b3,8f,8b,39,\
"rkeysecu"=hex:49,fd,88,21,13,b6,54,16,6d,46,0d,f2,07,2a,8c,38
.
Completion time: 2010-03-05 19:03:38
ComboFix-quarantined-files.txt 2010-03-06 02:03

Pre-Run: 187,413,397,504 bytes free
Post-Run: 187,844,673,536 bytes free

- - End Of File - - E039950C3451DDD20C6C2E07AC1EFF12

descriptionError message EmptyRe: Error message6th March 2010, 4:06 pm

more_horiz
Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) 6 Update 13
    LimeWire 5.3.6

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message7th March 2010, 10:19 pm

more_horiz
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a414600
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> 0x88c72330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

descriptionError message EmptyRe: Error message7th March 2010, 10:56 pm

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

cmd

Enter the following in to the command prompt, pressing enter after each line:

Code:

cd desktop

mbr.exe -f

exit


Please post the resulting log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message8th March 2010, 3:38 am

more_horiz
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x868269e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> 0x85d6b330
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
Use "Recovery Console" command "fixmbr" to clear infection !

descriptionError message EmptyRe: Error message8th March 2010, 6:50 pm

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "2479:TCP"=-
    "9275:TCP"=-
    "3389:TCP"=-
    "3246:TCP"=-

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Error message Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message8th March 2010, 8:12 pm

more_horiz
ComboFix 10-03-08.01 - User 08/03/2010 13:00:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1289 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-05 18:30 . 2010-03-06 04:47 -------- d-----w- c:\program files\Panda Security
2010-03-03 15:03 . 2010-03-03 15:03 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-03-03 14:55 . 2010-03-08 03:32 -------- d-----w- c:\documents and settings\HelpAssistant
2010-02-23 02:03 . 2010-02-23 02:03 266240 ----a-w- c:\windows\system32\CSHelper.exe
2010-02-23 02:03 . 2010-02-23 02:03 225280 ----a-w- c:\windows\system32\CSInstru.DLL
2010-02-23 02:02 . 2010-02-23 02:02 -------- d-----w- c:\windows\ArtistScope Plugin IE 42
2010-02-19 10:15 . 2010-02-19 10:17 -------- dc-h--w- c:\windows\ie8
2010-02-19 10:11 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-19 10:11 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-19 09:58 . 2010-02-19 09:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-19 07:26 . 2010-02-19 07:26 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-02-19 07:26 . 2010-02-19 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-19 02:25 . 2010-02-27 09:36 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\jlsart
2010-02-16 22:32 . 2010-02-16 22:32 -------- d-----w- c:\program files\iPod
2010-02-16 22:32 . 2010-02-16 22:33 -------- d-----w- c:\program files\iTunes
2010-02-16 22:28 . 2010-02-16 22:29 -------- d-----w- c:\program files\QuickTime
2010-02-16 22:20 . 2010-02-16 22:20 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 05:08 . 2008-06-25 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-07 22:14 . 2008-02-25 05:08 -------- d-----w- c:\program files\Java
2010-03-06 20:13 . 2008-02-25 05:08 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2010-03-06 20:04 . 2009-03-02 17:51 -------- d-----w- c:\program files\LimeWire
2010-03-06 17:27 . 2007-08-11 03:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 16:16 . 2010-02-04 23:30 -------- d-----w- c:\program files\Citrix
2010-03-06 16:00 . 2007-08-11 04:04 -------- d-----w- c:\program files\GameFace Messenger
2010-03-06 16:00 . 2007-08-11 04:04 -------- d-----w- c:\program files\ASUS
2010-03-06 04:51 . 2009-12-28 08:00 -------- d-----w- c:\program files\Diablo II
2010-03-06 04:50 . 2007-08-12 03:59 -------- d-----w- c:\program files\Ubisoft
2010-03-06 04:49 . 2007-09-27 20:33 -------- d-----w- c:\program files\Microsoft Games
2010-03-06 04:46 . 2007-08-11 17:14 -------- d-----w- c:\program files\LucasArts
2010-03-06 00:45 . 2007-08-26 05:11 35712 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 00:18 . 2007-08-15 19:59 -------- d-----w- c:\program files\Electronic Arts
2010-03-05 23:40 . 2008-02-01 01:04 -------- d-----w- c:\program files\World of Warcraft
2010-03-03 10:08 . 2008-06-25 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-18 21:16 . 2009-12-15 05:34 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-16 22:53 . 2009-12-02 05:18 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-16 22:32 . 2008-07-17 03:56 -------- d-----w- c:\program files\Common Files\Apple
2010-02-04 23:30 . 2010-03-03 15:00 70984 ----a-w- c:\documents and settings\HelpAssistant\g2mdlhlpx.exe
2010-02-04 23:30 . 2010-02-04 23:30 70984 ----a-w- c:\documents and settings\User\g2mdlhlpx.exe
2010-02-04 20:18 . 2008-09-20 04:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 18:07 . 2008-04-11 18:34 -------- d-----w- c:\program files\Google
2010-01-26 05:09 . 2009-03-14 20:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 00:26 . 2010-02-04 00:36 52224 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-01-22 00:26 . 2010-02-04 00:36 101376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 06:43 . 2009-12-28 08:07 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-12-29 06:43 . 2009-12-28 08:07 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-12-21 19:14 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2007-08-11 03:36 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-01-15 13:25 . 2009-01-15 13:25 227696 ----a-w- c:\program files\mozilla firefox\components\AdVComponent.dll
2009-04-01 04:47 . 2008-08-09 16:38 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-06_02.00.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-08 05:08 . 2010-03-08 05:08 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
+ 2006-02-28 12:00 . 2010-03-06 19:21 71612 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2009-12-10 14:38 71612 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2009-10-08 21:56 20480 c:\windows\system32\oleaccrc.dll
+ 2006-02-28 12:00 . 2009-10-08 21:56 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2007-08-11 03:44 . 2010-03-06 09:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-11 03:44 . 2010-02-10 12:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-11 03:44 . 2010-02-10 12:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-11 03:44 . 2010-03-06 09:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-11 03:44 . 2010-02-10 12:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-06 04:30 . 2010-03-06 09:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-06 20:34 . 2010-03-06 20:34 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\ab770fbdb45c8043c6cdf87090146a9e\WindowsLiveWriter.ni.exe
+ 2010-03-06 20:34 . 2010-03-06 20:34 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\94b87dcbda86b9a5a61770ed242b1732\WindowsLive.Writer.Api.ni.dll
+ 2010-03-06 19:32 . 2010-03-06 19:32 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\7a873f47ac1752c41fcb89ad9c8fbad3\UIAutomationProvider.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\87a11190cb0c9ecfd20b607bff6690fb\System.Windows.Presentation.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\6a6a72d2ee8849a5ad7a80af36563ed5\System.Web.DynamicData.Design.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\1c25e1eb925bf9c0b526ead78e3e1abc\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\96443722953c690747a82d31bd1c549f\System.AddIn.Contract.ni.dll
+ 2010-03-06 19:27 . 2010-03-06 19:27 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\cc03ee82d7b7524882920ae7c37c2f9f\PresentationFontCache.ni.exe
+ 2010-03-06 19:32 . 2010-03-06 19:32 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\2ab0f8728d72db601f1b806c5ba9fd8c\PresentationCFFRasterizer.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\6c4bf544cfa75f913df49142acab1b7c\Microsoft.Vsa.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d1ab4db0fd2fe219e6ae14f0b3ea83cb\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bcb1af1778a6c77cd7e77ecc2637438b\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 34816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\797e527b306e9fc5ee13a6e894e9fc09\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 53760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\74d75c4e9c0c33661ded45f08c99fc7c\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0d2b587f0368538a3954d3d8ab7809ee\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2010-03-06 19:31 . 2010-03-06 19:31 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\40575d1feefd37cdfd213fc51f26a194\Microsoft.VisualC.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5754fc85021b2f65836ba422521631eb\Microsoft.Build.Framework.ni.dll
+ 2010-03-06 19:32 . 2010-03-06 19:32 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0cb37ad30660eed74e9f8e28640c019f\Microsoft.Build.Framework.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\36bb2dd711974ad0bce057d2bc9c4592\dfsvc.ni.exe
+ 2010-03-06 19:31 . 2010-03-06 19:31 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\16548a271b624211b7d1bd2956faed85\Accessibility.ni.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-10-09 19:03 . 2009-10-08 21:57 611328 c:\windows\system32\uiautomationcore.dll
+ 2006-02-28 12:00 . 2010-03-06 19:21 441786 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2009-12-10 14:38 441786 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-10-08 21:57 220160 c:\windows\system32\oleacc.dll
+ 2006-02-28 12:00 . 2009-10-08 21:57 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2009-10-27 07:45 . 2009-10-27 07:45 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2009-10-21 00:21 . 2009-10-21 00:21 989000 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-03-06 20:09 . 2010-03-06 20:09 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\76212f0eaf908ddc457b7c09fdc00013\WsatConfig.ni.exe
+ 2010-03-06 20:35 . 2010-03-06 20:35 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\c886f165af7f544b06c4515d11f3efa3\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fcee8806b2409cb927645a4cacb3ad82\WindowsLive.Writer.Passport.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f8d92bf8d611be151c490bd8cc735b81\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f27433f754b82e20c63e442003ef6bf5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c020a611d236b4df21fe3d1cbc65e652\WindowsLive.Writer.Interop.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b74250ea8e891174b407f3ae1516a2e1\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a8023f6ae95ed0fa57ebb4f38ec056fc\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a7839e2c96881e41b613e0cd27b2fcd4\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8dfb640d1a65b1adf81d2526aa2541d6\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\66f57f9161c012fbc32b14d121c48ae0\WindowsLive.Writer.Controls.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\665ffb02861c81bfaf9ae07ef3566158\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5c117d2bd3a81a3af57351ae3015644b\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3fd4c2a54fc9301191058755ae5b918b\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\198d12e14e297d8866620edde0608fe2\WindowsLive.Writer.Localization.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1365090a5a2ecfe86748f19b32a4a3da\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0bd430c6f307a643c0637dc36ec65096\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\c071473985c843c48d9d891ad4a4bf9c\WindowsLive.Client.ni.dll
+ 2010-03-06 19:37 . 2010-03-06 19:37 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\40cba4b973c13c0713f14523d402cf38\WindowsFormsIntegration.ni.dll
+ 2010-03-06 19:32 . 2010-03-06 19:32 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\0bdc62fb9894a13e0202e4d3cdcf5424\UIAutomationTypes.ni.dll
+ 2010-03-06 19:37 . 2010-03-06 19:37 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\41fb928bd2afe2c9e7af374cab99441b\UIAutomationClient.ni.dll
+ 2010-03-07 02:20 . 2010-03-07 02:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\43dff2d60cc1e2d83207d115d6ebd5da\System.Xml.Linq.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bbbbee6aee8efc2a3fe36297df61558c\System.Web.Routing.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\4918daec30cc88a92e9089d6e6ddf65b\System.Web.RegularExpressions.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1abbdbd4a1de53b702bae22e4714b95d\System.Web.Extensions.Design.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\adaa9f715be2debd2b11674077f3afda\System.Web.Entity.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\23a843aedd80a0f43e0baa1986bcd83f\System.Web.Entity.Design.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a68617197d12be5a9a8bb91b4e7873ec\System.Web.DynamicData.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\8ff474534be27f40db5c17fee04a9fe7\System.Web.Abstractions.ni.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9aa6ef5e5d40a8b8fb2850ee4a3e7bb3\System.Transactions.ni.dll
+ 2010-03-06 19:27 . 2010-03-06 19:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b74d61184e254ac814bb3ceae5cc1095\System.ServiceProcess.ni.dll
+ 2010-03-06 19:28 . 2010-03-06 19:28 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3ef9383bddd7283406d0ba7303f38e46\System.Security.ni.dll
+ 2010-03-06 19:28 . 2010-03-06 19:28 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\aab1f5149537a106a50b1508d9b18eb5\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bb055968cb987dffa2f558cc5a2713f7\System.Runtime.Remoting.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\90e7b21b6f94a25cb4470ac854999479\System.Net.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9a237f790e352dca1339e6610d40c160\System.Messaging.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\d7ad7924159136fb7e13cfdf3d01cf21\System.Management.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\7081191709ba39f5b18f2f52f61c6aab\System.Management.Instrumentation.ni.dll
+ 2010-03-06 19:42 . 2010-03-06 19:42 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\c88bdc0770617f2bec70e82b2877712e\System.IO.Log.ni.dll
+ 2010-03-06 20:10 . 2010-03-06 20:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\9830b36108b5acc8bfecd4b523ae6422\System.IdentityModel.Selectors.ni.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34bd8d1c5589efe26dfd69cfef05888c\System.EnterpriseServices.Wrapper.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34bd8d1c5589efe26dfd69cfef05888c\System.EnterpriseServices.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\c27d9b8fc90f4e86f272ec31748a9beb\System.Drawing.Design.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2e171d3863d31c9760be4a76d7a41842\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\26c2dd48768ead8ab6981c502c33a16b\System.DirectoryServices.Protocols.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a157c98a0bd61c92cc324ccb085c0c2f\System.Data.Services.Client.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\43ebb69f9f13b4d50877a718fe7e2fec\System.Data.Services.Design.ni.dll
+ 2010-03-07 02:18 . 2010-03-07 02:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\6f40c0b03a35585ad314a0459ebd3721\System.Data.Entity.Design.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\67b8b52a93087400d9c8efa36d28ba0f\System.Data.DataSetExtensions.ni.dll
+ 2010-03-06 19:27 . 2010-03-06 19:27 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\33f46842f1687b027c3471ca1ba6e929\System.Configuration.ni.dll
+ 2010-03-06 19:28 . 2010-03-06 19:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\d5f4012b6c896418365813c53c5e46ce\System.Configuration.Install.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\338d4c7d84af692ae64bdee6e66bd04a\System.AddIn.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\f0afb5f1e8167b880dfd24ddd2a17af3\sysglobl.ni.dll
+ 2010-03-06 20:09 . 2010-03-06 20:09 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\57b773ae9a151b61e0d669e8bbc64275\SMSvcHost.ni.exe
+ 2010-03-06 20:09 . 2010-03-06 20:09 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\c047fb6624ebfd95bdbc916e0068e6e9\SMDiagnostics.ni.dll
+ 2010-03-06 20:09 . 2010-03-06 20:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\ce9e424d230401a889211771dec6b896\ServiceModelReg.ni.exe
+ 2010-03-06 19:36 . 2010-03-06 19:36 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7d163bfe827d562c116d3de590f36034\PresentationFramework.Royale.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4e517fa6333a094176c3c4afbce79398\PresentationFramework.Luna.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23e1cebd89e1847692bc385d5c6421f0\PresentationFramework.Classic.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\006252e8262786938392d9fb7b197d7e\PresentationFramework.Aero.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\9f2d92e6bde466705c09e3ecf53878a5\MSBuild.ni.exe
+ 2010-03-06 20:35 . 2010-03-06 20:35 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f24cf1e736dc41f9d1aa906fa67d6c95\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f12ee67f8103a7b76243dfb9be4b6293\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 103936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e751d7c7c5e89a6771479616dfb37b36\Microsoft.VisualStudio.Tools.Office.HostAdapter.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 211456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d0564bf0d54c3c3c4b23ce1eabc9f693\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9439f82150d3cf025a161b845be7288f\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 303616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7c781fd933d6899788e1a32e53a19ae0\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\55bd7a3eedcc2c85c7a211a41145928f\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\41f51653431a5a07790c869d6a4d0f7e\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 284672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3d3486861d9bf88a5bb6f2dc4a09c8f5\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 477184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\171392ace58a72abe0af428963d376bc\Microsoft.VisualStudio.Tools.Office.Runtime.v9.0.ni.dll
+ 2010-03-06 20:09 . 2010-03-06 20:09 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\49805534376724ae137ff41cda393d19\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 147968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\8f03f39d8e8b0170ba4e9be2fdad8c01\Microsoft.Office.Tools.v9.0.ni.dll
+ 2010-03-06 19:32 . 2010-03-06 19:32 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\caf2207b404aa5bcb77833e3302fc5b6\Microsoft.Build.Utilities.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\74290c786353b8f4341550847169adb1\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ecad09aa540d7011ff615077bba756c9\Microsoft.Build.Engine.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d326c3841b68b469dc70eab552dc0764\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7966bb0eeae06d6e0a0999f7e57945c3\CustomMarshalers.ni.dll
+ 2010-03-06 20:09 . 2010-03-06 20:09 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\aa863a2ee18166e2c56f9b310352b160\ComSvcConfig.ni.exe
+ 2010-03-06 20:09 . 2010-03-06 20:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\ab21507db0a8b7a8b8bd86f468bed2d4\AspNetMMCExt.ni.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-06 19:22 . 2010-03-06 19:22 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-12-06 02:12 . 2008-12-06 02:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2009-10-27 07:45 . 2009-10-27 07:45 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2009-10-21 00:21 . 2009-10-21 00:21 5812544 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-10-21 00:21 . 2009-10-21 00:21 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d8c61de9fbb3e18af27e6c03b0c2fc20\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9a2cf5745249311bd5a7550aae1eb679\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-03-06 20:34 . 2010-03-06 20:34 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5e35c7fd4452d0144bf93ab86c4f9485\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-03-06 19:31 . 2010-03-06 19:31 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f8a90ee99107973c2520332dd8b8ef9e\WindowsBase.ni.dll
+ 2010-03-06 19:37 . 2010-03-06 19:37 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0a1860ffd2d4f04da447014299c6b28e\UIAutomationClientsideProviders.ni.dll
+ 2010-03-06 19:26 . 2010-03-06 19:26 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37de8af38fc4fd7d868097a40f82c0bb\System.ni.dll
+ 2010-03-06 19:28 . 2010-03-06 19:28 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0090a51bb28fe4c9abb5604048501e57\System.Xml.ni.dll
+ 2010-03-07 02:20 . 2010-03-07 02:20 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ad2b413a977164493c9498e6eea9836a\System.WorkflowServices.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\56f5b5b7fbb513b20a8c42d6ede20716\System.Workflow.Runtime.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4428b243d69bdd25c325fcf5a4d9f1eb\System.Workflow.ComponentModel.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\1133d8b77e7e94edc069d95e93eb0531\System.Workflow.Activities.ni.dll
+ 2010-03-06 19:35 . 2010-03-06 19:35 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\affca324d68452f7827a9be5e355e445\System.Web.Services.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\dec2660e1581be57dacf9c6104e8d252\System.Web.Mobile.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9c987fc21a6763c2bd5b1f7ec5b5b153\System.Web.Extensions.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8597f82ee0c148065f85f41f610d9419\System.Speech.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9195677eb52d4545a918a70636cacaac\System.ServiceModel.Web.ni.dll
+ 2010-03-06 19:43 . 2010-03-06 19:43 2344960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0f1d3fc0f9bd72295c053a66090472e1\System.Runtime.Serialization.ni.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0a5cc73a26c3c1a105dfc9c7f1412857\System.Printing.ni.dll
+ 2010-03-06 19:42 . 2010-03-06 19:42 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3b589e5c7262c5564668e893ed5fa347\System.IdentityModel.ni.dll
+ 2010-03-06 19:28 . 2010-03-06 19:28 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b106b43c1a464a009a72930a81204b35\System.Drawing.ni.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3102dd31a0e81701ab4c3e3627210885\System.DirectoryServices.ni.dll
+ 2010-03-06 19:31 . 2010-03-06 19:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\299b46ce8a9cd708aad0b34a6817c3c9\System.Deployment.ni.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\37ddef291179db404821628bdd037cf0\System.Data.ni.dll
+ 2010-03-06 19:28 . 2010-03-06 19:28 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0f4ca76e1a55a8b10a169e26fb5ae852\System.Data.SqlXml.ni.dll
+ 2010-03-07 02:18 . 2010-03-07 02:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6d3af39f54f52966f62c89d88ea2d106\System.Data.Services.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\d97e96e4d4075c86d51ff133fd0dbd1c\System.Data.OracleClient.ni.dll
+ 2010-03-06 19:37 . 2010-03-06 19:37 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\bd0088ae2ca9506a05b5c6fc5ed2580b\System.Data.Linq.ni.dll
+ 2010-03-07 00:48 . 2010-03-07 00:48 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f0ffa7c1091f11d9b3442926e44f2756\System.Data.Entity.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\4ab24094be8e022a12520ca6cd010b7b\System.Core.ni.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9ba5ab0f501a0df0071be635e0a20432\ReachFramework.ni.dll
+ 2010-03-06 19:34 . 2010-03-06 19:34 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\3d20a75014a565b2ee352a8ceb1f6636\PresentationUI.ni.dll
+ 2010-03-06 19:32 . 2010-03-06 19:32 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d2d645152f9892145d93d19da69cd716\PresentationBuildTasks.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 1298944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3917c0be410903bb5ed9d53993602f50\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\16fc2faef3984a77e7ee02cafd94c5f4\Microsoft.VisualBasic.ni.dll
+ 2010-03-06 20:09 . 2010-03-06 20:09 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\01bf250452829c199bdc583e3e007685\Microsoft.Transactions.Bridge.ni.dll
+ 2010-03-07 02:19 . 2010-03-07 02:19 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\1d4ab5c6748b01243403b915fb76e068\Microsoft.JScript.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e5581e288bb26364dc6d4987251dfdf5\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\19627bc5e3955d69e007b4c4f49489db\Microsoft.Build.Tasks.ni.dll
+ 2010-03-06 20:35 . 2010-03-06 20:35 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e25766aa55cbe4b36e3c6b1a498beb0d\Microsoft.Build.Engine.ni.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-04-27 00:21 . 2009-04-27 00:21 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-03-06 19:22 . 2010-03-06 19:22 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 09:10 . 2009-10-15 09:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-03-06 19:21 . 2010-03-06 19:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-27 21:57 . 2009-10-27 21:57 14009856 c:\windows\Installer\2bb57d.msp
+ 2009-10-28 00:11 . 2009-10-28 00:11 11146240 c:\windows\Installer\2bb56f.msp
+ 2010-03-06 19:30 . 2010-03-06 19:31 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f0c753f83940b5de037a16ba162ebdce\System.Windows.Forms.ni.dll
+ 2010-03-06 19:35 . 2010-03-06 19:35 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3d959bc1e5bef926783107fd981701b6\System.Web.ni.dll
+ 2010-03-06 20:09 . 2010-03-06 20:09 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\737db428238916034602919cb948166c\System.ServiceModel.ni.dll
+ 2010-03-06 19:36 . 2010-03-06 19:36 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\75dc107fbe5daac68eaf32c5050d7108\System.Design.ni.dll
+ 2010-03-06 19:33 . 2010-03-06 19:33 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\45ec5da8d65c84a6eaba0d6ef6da964c\PresentationFramework.ni.dll
+ 2010-03-06 19:32 . 2010-03-06 19:32 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\663d2717d42068c8f6913ea56c4b8ff4\PresentationCore.ni.dll
+ 2010-03-06 19:23 . 2010-03-06 19:23 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4e82a0b51b82ffb8127c48c7d13485d7\mscorlib.ni.dll

descriptionError message EmptyRe: Error message8th March 2010, 8:13 pm

more_horiz
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-02-18 21:16 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVD1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVD1.dll" [2010-02-18 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"Power DVD Player"="c:\program files\Power DVD Player\PowerDVDPlayer.exe" [2007-09-06 391168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"nwiz"="nwiz.exe" [2007-04-12 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\User\\My Documents\\WoW-2.0.0-enUS-Installer-downloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"2766:TCP"= 2766:TCP:Services

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/03/2009 1:21 PM 54752]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 12:37 PM 149352]
R3 BLKWGD;Belkin Wireless G Desktop Card Service;c:\windows\system32\drivers\BLKWGD.sys [10/08/2007 9:32 PM 463872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06/03/2010 2:39 AM 102448]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [22/02/2010 7:03 PM 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 11:07 AM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/01/2008 7:32 PM 23888]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 PM 704864]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\User\LOCALS~1\Temp\jnv4_mib.sys --> c:\docume~1\User\LOCALS~1\Temp\jnv4_mib.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [21/08/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [21/08/2008 10:49 PM 8320]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RkPavproc2;RkPavproc2;\??\c:\windows\system32\drivers\RkPavproc2.sys --> c:\windows\system32\drivers\RkPavproc2.sys [?]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21/04/2004 4:51 PM 16384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:07]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:07]

2010-03-08 c:\windows\Tasks\User_Feed_Synchronization-{21A8F16F-6A2F-449D-9C77-AE31BA6FAE30}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a0ack10a.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\components\AdVComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 13:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-573735546-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c2,4e,07,92,12,f5,ec,82,5c,e7,be,a4,39,c3,e8,05,59,23,e7,8a,8f,46,17,
31,96,c2,be,f8,39,99,f2,c8,8a,01,25,6a,04,b9,68,c5,3b,d6,fd,e8,a2,c8,b8,19,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-776561741-573735546-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:be,44,d6,b1,88,7e,d5,0d,2d,bb,09,95,a7,79,83,aa,08,85,ae,b1,da,
52,d4,83,48,99,c8,d3,d8,fa,07,07,ef,b9,29,aa,f4,14,09,fa,84,8c,b3,8f,8b,39,\
"rkeysecu"=hex:49,fd,88,21,13,b6,54,16,6d,46,0d,f2,07,2a,8c,38
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-08 13:10:22
ComboFix-quarantined-files.txt 2010-03-08 20:10
ComboFix2.txt 2010-03-06 02:03

Pre-Run: 196,673,232,896 bytes free
Post-Run: 196,774,981,632 bytes free

- - End Of File - - D9741D2527E1090F255E366429D84145

descriptionError message EmptyRe: Error message8th March 2010, 8:37 pm

more_horiz
Hello.

lease create a folder on your Desktop called SWReg.

  1. Download SWReg.exe from here.
  2. Save SWReg.exe inside the SWReg folder you just created.

    Do not run SWReg.exe just yet.

    Now open a new Notepad file, and input this into the Notepad file:

    @echo off
    swreg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s >>log.txt
    swreg query "HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters" /s >>log.txt
    start notepad log.txt


  3. Save this as SWReg.bat, save it inside the SWReg folder as well.
  4. Make sure both SWReg.exe and SWReg.bat as located next to each other for this to work.
  5. Now, double click on SWReg.bat to run the script.
  6. Once done, a Notepad log file will open, copy and paste that log back here.


Next,

Now open a new Notepad file, and input this into the Notepad file:

@echo off
net user HelpAssistant>"%userprofile%\desktop\log.txt"
start notepad "%userprofile%\desktop\log.txt"
exit


Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.


Copy and paste the 2 logs back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message8th March 2010, 8:42 pm

more_horiz
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-18
Flags REG_DWORD 12 (0xc)
State REG_DWORD 0 (0x0)
RefCount REG_DWORD 1 (0x1)
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 1892423862 (0x70cc18b6)
ProfileLoadTimeHigh REG_DWORD 30064253 (0x1cabe7d)
RefCount REG_DWORD 3 (0x3)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 9 (0x9)
State REG_DWORD 0 (0x0)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 1874767612 (0x6fbeaefc)
ProfileLoadTimeHigh REG_DWORD 30064253 (0x1cabe7d)
RefCount REG_DWORD 2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-776561741-573735546-682003330-1000
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant
Sid REG_BINARY 0105000000000005150000004d64492e7a823222828ba628e8030000
Flags REG_DWORD 1 (0x1)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD -18313790 (0xfee88dc2)
ProfileLoadTimeHigh REG_DWORD 30064239 (0x1cabe6f)
RefCount REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-776561741-573735546-682003330-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\User
Sid REG_BINARY 0105000000000005150000004d64492e7a823222828ba628eb030000
Flags REG_DWORD 0 (0x0)
State REG_DWORD 256 (0x100)
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 2046955112 (0x7a020e68)
ProfileLoadTimeHigh REG_DWORD 30064253 (0x1cabe7d)
RefCount REG_DWORD 3 (0x3)
RunLogonScriptSync REG_DWORD 0 (0x0)
OptimizedLogonStatus REG_DWORD 11 (0xb)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
Certificate REG_BINARY 01000000010000000100000006005c005253413148000000000200003f000000010001008dbef32d2ada497ce8bb35c4393360df28281839875ff2b37efcaf09c3ec232d55721a92135e3945a3bf51dbb5d7311d1a6968ef8c7256ec2764adb5891483ab0000000000000000080048001e6b87d809e18d61dcefeeb29452564d099e5e613423e0185d08bde256aa4c901289c108aebe5686b302088d5d2af0a4401eba85232772c70a13aa28594424080000000000000000

descriptionError message EmptyRe: Error message8th March 2010, 8:43 pm

more_horiz
User name HelpAssistant
Full Name Remote Desktop Help Assistant Account
Comment Account for Providing Remote Assistance
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 3/7/2010 8:32 PM
Password expires Never
Password changeable 3/7/2010 8:32 PM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 3/7/2010 8:32 PM

Logon hours allowed All

Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.

descriptionError message EmptyRe: Error message8th March 2010, 10:32 pm

more_horiz
Okay, nearly done now.

Now open a new Notepad file, and input this into the Notepad file:

@echo off
net user HelpAssistant /active:no
net localgroup Administrators HelpAssistant /delete
net user HelpAssistant>"%userprofile%\desktop\log.txt"
start notepad "%userprofile%\desktop\log.txt"
exit


Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.
Please post the resulting log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message8th March 2010, 11:35 pm

more_horiz
User name HelpAssistant
Full Name Remote Desktop Help Assistant Account
Comment Account for Providing Remote Assistance
User's comment
Country code 000 (System Default)
Account active No
Account expires Never

Password last set 3/7/2010 8:32 PM
Password expires Never
Password changeable 3/7/2010 8:32 PM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 3/7/2010 8:32 PM

Logon hours allowed All

Local Group Memberships
Global Group memberships *None
The command completed successfully.

descriptionError message EmptyRe: Error message9th March 2010, 3:22 pm

more_horiz
Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Folders to delete:
C:\Documents and Settings\HelpAssistant

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-776561741-573735546-682003330-1000


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message12th March 2010, 7:39 am

more_horiz
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\HelpAssistant" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\profilelist\S-1-5-21-776561741-573735546-682003330-1000" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



(Is it alright that when reading the "Terminate" at the end I said it in a Dalak voice?)

descriptionError message EmptyRe: Error message12th March 2010, 5:12 pm

more_horiz
Hehe.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message14th March 2010, 9:47 am

more_horiz
It's going excellent. Thanks so much.

descriptionError message EmptyRe: Error message14th March 2010, 7:56 pm

more_horiz
Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message15th March 2010, 5:42 pm

more_horiz
This isn't working for me. I check the "Yes", and then click Start. But then I get a message saying "Windows has closed this webpage to help protect your computer".

descriptionError message EmptyRe: Error message15th March 2010, 10:17 pm

more_horiz
Try this instead.

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error message DXwU4
Error message VvYDg

descriptionError message EmptyRe: Error message

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum