Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Windows Police Pro


  • Please log in to reply
15 replies to this topic

#1 socalkellie

socalkellie

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 September 2009 - 10:03 PM

*Edited to say 4 hrs. later the computer seems to be working. It finally came back up and I'm online with it which is a good sign. I'll be reading through the site just in case. I ran MBAM and AdAware and both came back clean except for a couple tracking cookies. Downloading newest AV right now and will add FW tomorrow. Glad it wasn't a total loss.*

Hello,

My desktop computer is infected with the Windows Police Pro virus and I can't use it all. I'm on my laptop posting this because I wasn't able to run Malwarebytes Anti-Malware program, my anti-virus program or Windows System Restore. I therefore started the system recovery using the F10 button after starting back up but it won't finish the process and I'm locked out of the computer. I tried to recover the system several times as well as trying to boot using safe mode. That worked once but a window popped up and I clicked on the X button and it came right back to the same place it keeps getting stuck, the finish page after system recovery. The virus must still be on the computer. I should have followed the removal instructions for Police Pro before trying to recover the system. I'm using Windows XP and out of ideas to fix this.

Thanks,
Kellie

Edited by socalkellie, 21 September 2009 - 02:23 AM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:12 AM

Posted 21 September 2009 - 08:16 PM

You still might want to run these



ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS, may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
    First
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.
------------------------------------------


Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 22 September 2009 - 12:18 AM

Thank you for the reply. I was coming back to post another request for help. I printed off your instructions and will follow them to the tee. I spent the whole day trying to re-install drivers because none of my programs work correctly. After downloading XP Service Pack 2 and then AVG, I found that the computer is still infected (Packed.Monder). A hack tool called Terminator is also listed as an infection. I was able to download the files and programs I needed earlier but after the virus was detected, I kept getting error pages and none would load so I disconnected. I'm posting again on my laptop but hope I'll be able to get the programs you mention on the other computer. I'll report back tomorrow.

TYSM
Kellie

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:12 AM

Posted 22 September 2009 - 06:19 PM

Let me know how it goes
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 22 September 2009 - 11:38 PM

Was at it all day and got the first 2 parts of your instructions completed. The SuperAntiSpyware removed over 650 objects; most looked like Trojans. I have the log file and will post tomorrow. I'm still waiting for the Dr. Web to complete. It's taking incredibly long. I was able to do the express scan fine with no infections found but I've tried the complete scan three times and it's still not done. The first two times it froze up and the program closed. I'm on the third attempt now but it's not even close to being finished. Should I be running a complete scan when there was no virus found during the express scan? I was very happy with the results of the SAS scan. I had two user accounts and was able to scan 'owner' but not able to even open 'administrator'. I don't remember a user account by that name plus I just did a system restore Monday and thought that would have removed any other user accounts. Could more viruses be hiding in that account? Is that a possibility why Dr. Web is taking so long?

Thanks again.
Kellie

#6 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 23 September 2009 - 01:01 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/22/2009 at 03:57 PM

Application Version : 4.29.1002

Core Rules Database Version : 4116
Trace Rules Database Version: 2056

Scan type : Complete Scan
Total Scan Time : 04:04:31

Memory items scanned : 197
Memory threats detected : 0
Registry items scanned : 4112
Registry threats detected : 0
File items scanned : 118074
File threats detected : 663

Trojan.Fake-Alert/Trace
C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Temporary Internet Files\fbk.sts

Trojan.Agent/Gen-Loader
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM178.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM17C.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM17E.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM189.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM18A.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM18B.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM18C.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM18D.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM18E.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM18F.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM190.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM191.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM192.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM193.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM19F.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1A2.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1A3.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1A4.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1A5.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1A6.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1A9.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1AA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1AE.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1AF.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1B0.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1B2.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1B3.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1B5.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1B6.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1B7.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1B9.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1BC.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1BE.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1BF.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1C1.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1C2.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1DC.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1DD.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1DE.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1DF.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1E0.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1E3.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1E5.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1E6.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1E8.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1EA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1EB.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM1ED.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM271.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM285.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM28B.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2A5.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2A8.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2A9.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2AA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2AD.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2AE.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2AF.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2B1.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2B2.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2B9.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2BB.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2BC.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2C2.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2C3.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2C4.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2C8.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2C9.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2D0.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2D1.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM2D3.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM304.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM305.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM306.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM307.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM309.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM30A.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM312.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM328.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM32E.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM32F.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM34F.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM353.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM39E.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM39F.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A0.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A1.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A2.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A3.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A4.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A5.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A6.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A7.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A8.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3A9.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3AA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3AB.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3AC.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3AD.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3AE.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3C5.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3CA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM3DF.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM41C.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4A7.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4A8.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4A9.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4BD.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4BE.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4BF.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C0.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C1.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C2.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C3.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C4.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C5.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C6.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C7.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C8.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4C9.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4CA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4CB.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4CD.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4E1.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4E2.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4E6.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4E8.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4EA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4EC.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4F6.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4F7.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4FA.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM4FB.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM504.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM505.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM506.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM507.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM508.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM509.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM516.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM51A.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM51E.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM523.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM529.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM52A.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM52E.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM54D.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM54E.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM551.TMP
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\TEMP\~TM553.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM178.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM17C.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM17E.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM189.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM18A.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM18B.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM18C.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM18D.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM18E.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM18F.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM190.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM191.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM192.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM193.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM19F.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1A2.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1A3.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1A4.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1A5.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1A6.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1A9.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1AA.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1AE.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1AF.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1B0.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1B2.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1B3.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1B5.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1B6.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1B7.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1B9.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1BC.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1BE.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1BF.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1C1.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1C2.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1DC.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1DD.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1DE.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1DF.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1E0.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1E3.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1E5.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1E6.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1E8.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1EA.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1EB.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM1ED.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM271.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM285.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM28B.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2A5.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2A8.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2A9.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2AA.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2AD.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2AE.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2AF.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2B1.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2B2.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2B9.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2BB.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2BC.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2C2.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2C3.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2C4.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2C8.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2C9.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2D0.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2D1.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM2D3.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM304.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM305.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM306.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM307.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM309.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM30A.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM312.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM328.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM32E.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM32F.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM34F.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM353.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM39E.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM39F.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A0.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A1.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A2.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A3.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A4.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A5.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A6.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A7.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A8.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3A9.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3AA.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3AB.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3AC.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3AD.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3AE.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3C5.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3CA.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM3DF.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM41C.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4A7.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4A8.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4A9.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4BD.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4BE.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4BF.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C0.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C1.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C2.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C3.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C4.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C5.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C6.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C7.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C8.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4C9.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4CA.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4CB.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4CD.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4E1.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4E2.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4E6.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4E8.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4EA.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4EC.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4F6.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4F7.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4FA.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM4FB.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM504.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM505.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM506.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM507.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM508.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM509.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM516.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM51A.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM51E.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM523.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM529.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM52A.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM52E.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM54D.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM54E.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM551.TMP
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\LOCAL SETTINGS\TEMP\~TM553.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\123.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\1C3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\217.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\219.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\21A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\21B.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\21C.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\21E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\21F.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\220.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\221.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\222.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\223.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\224.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\225.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\226.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\227.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\228.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\22A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\22B.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\251.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\278.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\293.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\2A2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\2BD.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\2D9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\2DE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\2E8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\2F8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\308.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\31C.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\320.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\323.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\32B.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\339.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\33B.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\33C.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\33E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\340.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\341.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\342.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\343.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\344.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\345.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\346.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\347.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\348.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\349.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\34A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\34B.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\34C.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\362.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\379.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\38A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3E1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3E5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3E6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3E7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3E8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3E9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3EA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3EB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3EC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3ED.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3EE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3EF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3F0.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3F3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\3FC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\400.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\401.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\402.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\403.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\404.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\405.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\406.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\407.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\408.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\409.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\40A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\40D.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\41A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\41D.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\41E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\41F.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\420.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\421.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\422.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\423.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\424.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\425.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\427.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\428.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\42B.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\42D.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\42E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\430.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\471.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\4E4.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\517.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\540.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\A9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\AA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\AB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\AC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\AE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\AF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B4.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\B9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\BA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\BB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\BC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\BD.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\BE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\BF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C0.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C4.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\C9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\CB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\CD.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\CE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\CF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D0.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D4.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\D9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\DA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\DB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\DC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\DE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\DF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM178.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM17C.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM17E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM189.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM18A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM18B.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM18C.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM18D.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM18E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM18F.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM190.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM191.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM192.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM193.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM19F.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1A2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1A3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1A4.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1A5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1A6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1A9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1AA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1AE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1AF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1B0.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1B2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1B3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1B5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1B6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1B7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1B9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1BC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1BE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1BF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1C1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1C2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1DC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1DD.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1DE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1DF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1E0.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1E3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1E5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1E6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1E8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1EA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1EB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM1ED.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM271.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM285.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM28B.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2A5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2A8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2A9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2AA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2AD.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2AE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2AF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2B1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2B2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2B9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2BB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2BC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2C2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2C3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2C4.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2C8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2C9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2D0.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2D1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM2D3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM304.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM305.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM306.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM307.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM309.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM30A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM312.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM328.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM32E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM32F.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM34F.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM353.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM39E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM39F.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A0.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A4.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3A9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3AA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3AB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3AC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3AD.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3AE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3C5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3CA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM3DF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM41C.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4A7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4A8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4A9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4BD.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4BE.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4BF.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C0.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C3.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C4.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C5.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4C9.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4CA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4CB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4CD.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4E1.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4E2.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4E6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4E8.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4EA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4EC.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4F6.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4F7.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4FA.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM4FB.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM504.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM505.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM506.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM507.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM508.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM509.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM516.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM51A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM51E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM523.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM529.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM52A.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM52E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM54D.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM54E.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM551.TMP
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMP\~TM553.TMP

Trojan.Downloader-SVCHaST
C:\WINDOWS\SVCHAST.EXE

Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a1.interclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ad.associatedcontent[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adopt.specificclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.belointeractive[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.bridgetrack[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.cartoonnetwork[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.cnn[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.imagineeasy[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.lucidmedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.pointroll[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.toonamijetstream[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.undertone[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.x17online[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adserver.adtechus[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adtrafficstats[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@apmebf[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@at.atwola[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@atwola[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bet.burstnet[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bizrate[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cache.trafficmp[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@chitika[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cms.trafficmp[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@collective-media[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@content.yieldmanager[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@content.yieldmanager[3].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@dmtracker[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@dynamic.media.adrevolver[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@imrworldwide[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@insightexpressai[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@interclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@invitemedia[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@media6degrees[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mediamgr.ugo[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@microsoftinternetexplorer.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@msnbc.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@myroitracking[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@network.realmedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@nextag[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@oasn04.247realmedia[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@powerfulvirusremover2008[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@richmedia.yahoo[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@sales.liveperson[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@sales.liveperson[3].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@secure-media-sf2p.facebook[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@securedprotectedclicks[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@server.cpmstar[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@server.iad.liveperson[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@server.iad.liveperson[3].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@serw.clicksor[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@specificclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@specificmedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@stats.adbrite[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@stats.manticoretechnology[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@wmvmedialease[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@worrybanner766[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.burstbeacon[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.googleadservices[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www6.addfreestats[1].txt

Trojan.Agent/Gen-FakeScan[ASC]
C:\WINDOWS\SYSTEM32\DDDESOT.DLL

Rogue.WindowsPolicePro
C:\WINDOWS\SYSTEM32\WISPEX.HTML

#7 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 23 September 2009 - 01:08 AM

Couldn't post Dr. Web Cure It log file, it was too long. Anyway, it had no infections from the express scan. I could not finish a complete scan after 3 attempts and 8 hours; it kept hanging up.

Thanks.
Kellie

#8 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:12 AM

Posted 23 September 2009 - 04:31 PM

Doesn't matter, you still have a rootkit onboard


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Direct Download (Recommended)
  • Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)

  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Riight-click on rootrepeal.exe and rename it to tatertot.scr
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------
Please note: If Rootrepeal fails to run, try this steps:
Click Settings - Options. Set the Disk Access slider to High

Right-click on rootrepeal.exe and rename it tatertot.scr

Select to scan only Drivers
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 23 September 2009 - 09:07 PM

Finished the scan but the computer won't open any web pages. I typed out what the log said.


ROOTREPEAL © AD, 2007-2009
===========================================
Scan Start Time: 2009/09/23 17:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP 2
===========================================

Drivers
---------------------------------------
Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xF8280000 Size: 98304 File visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Pth: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AE4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: tatertot.scr.sys
Image Path: C:\WINDOWS\System32\drivers\tatertot.scr.sys
Address: 0xF87E6000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

#10 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:12 AM

Posted 24 September 2009 - 05:54 PM

the computer won't open any web pages


Try this scan


Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:

DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt

A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 24 September 2009 - 08:24 PM

Nothing was in the log.

#12 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 25 September 2009 - 12:18 PM

I can't open any programs on the computer, because of the virus or because of the system restore I'm not sure. I can get connected online but can't open any pages. Nothing came up in the scan you told me to do. I'm getting a Windows message that says 'system recovered from a serious error' and there's a warning on Zone Alarm asking permission from something called Prevalence Reporter. All our business files were on Quickbooks and even though I had all our files backed up to an external hard drive, I can't get the hard drive to work either so maybe it's been infected too. I'm out of gas it seems and now my 'play' computer is my life boat. Very frustrated.

#13 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:12 AM

Posted 25 September 2009 - 07:07 PM

See if you can get one of these two to work

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
-----------------------------------------------


Please download SREng2 (System Repair Engineer) and save to your desktop.
  • Create a new folder on your hard drive called Sreng2 (C:\Sreng2) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to this link.)
  • Open the folder and double-click on SREngLdr.EXE to launch it. (If you are using Vista, please right-click and select run as administrator)
  • Select Smart Scan from the left pane.
  • Leave all options checked to include Verify the digital signature of process modules (default).
  • Click the Scan button at the bottom right corner.
  • Please be patient as the scan will take a few minutes.
  • When the scan is complete, click on the Save Reports button to save the SREngLOG.log to the SREeng folder (C:\SREng) or your Desktop.
  • Click Close and exit SREng.
  • Copy and paste the contents of SREngLOG.log in your next reply.
Note: The log can be long and you may need several posts to post all of it. If you're using a custom HOSTS file, edit out the HOSTS File section, as it will make the log too long for posting.[/color]
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#14 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 26 September 2009 - 01:16 AM

2009-09-25,23:12:42



System Repair Engineer 2.8.1.1279

Smallfrogs (http://www.KZTechs.com)



Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed



Follow item(s) have been selected:

	All Boot Items (Including Registry, Startup Folders, Services and so on)

	Browser Add-ons

	Running Processes (Including process model information)

	File Associations

	Winsock Provider

	Autorun.Inf

	HOSTS File

	Process Privileges Scan

	Scheduled Tasks

	Windows Security Update Check

	API HOOK

	Hidden Process





Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]

	<load><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

	<hpsysdrv><c:\windows\system\hpsysdrv.exe>  [Hewlett-Packard Company]

	<HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<Share-to-Web Namespace Daemon><c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe>  [Hewlett-Packard]

	<CamMonitor><c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe>  []

	<KBD><C:\HP\KBD\KBD.EXE>  [Hewlett-Packard Company]

	<StorageGuard><"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r>  [VERITAS Software, Inc.]

	<AutoTBar><C:\hp\bin\autotbar.exe>  [File is missing]

	<Recguard><C:\WINDOWS\SMINST\RECGUARD.EXE>  []

	<PS2><C:\WINDOWS\system32\ps2.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe">  [(Verified)Check Point Software Technologies Ltd.]

	<AVG8_TRAY><C:\PROGRA~1\AVG\AVG8\avgtray.exe>  [(Verified)AVG Technologies]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]

	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

	<AppInit_DLLs><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL>  [SuperAdBlocker.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]

	<SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

	<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.dll>  [SUPERAntiSpyware.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

	<WinlogonNotify: avgrsstarter><avgrsstx.dll>  [(Verified)AVG Technologies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Publisher]

	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

	<Windows Media Player><C:\WINDOWS\INF\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

	<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]

	<Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

	<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]

	<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]

[HKEY_CURRENT_USER\Control Panel\Desktop]

	<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<AlcxMonitor><; ALCXMNTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<BlockTracker><; c:\hp\bin\BlockTracker.exe>  [File is missing]

	<NvCplDaemon><; RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<NVIEW><; rundll32.exe nview.dll,nViewLoadHook>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<nwiz><; nwiz.exe /installquiet /keeploaded>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<Weather><; C:\Program Files\AWS\WeatherBug\Weather.exe 1>  [File is missing]

	<Zero Knowledge Freedom><; C:\Program Files\Zero Knowledge\Freedom\Freedom.exe>  [Zero-Knowledge Systems Inc.]



==================================

Startup Folders

N/A



==================================

Services

[Application Management / AppMgmt][Stopped/Manual Start]

  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>

[AVG8 E-mail Scanner / avg8emc][Running/Auto Start]

  <C:\PROGRA~1\AVG\AVG8\avgemc.exe><AVG Technologies CZ, s.r.o.>

[AVG8 WatchDog / avg8wd][Running/Auto Start]

  <C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe><AVG Technologies CZ, s.r.o.>

[Human Interface Device Access / HidServ][Stopped/Disabled]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

[HTTP SSL / HTTPFilter][Stopped/Manual Start]

  <C:\WINDOWS\System32\svchost.exe -k HTTPFilter-->%SystemRoot%\System32\w3ssl.dll><Microsoft Corporation>

[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]

  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>

[SPCSUtilityService / SPCSUtilityService][Running/Auto Start]

  <C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe><Sprint Spectrum, L.L.C>

[TrueVector Internet Monitor / vsmon][Running/Auto Start]

  <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>

[Security Center / wscsvc][Running/Auto Start]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SYSTEMROOT%\system32\wscsvc.dll><Microsoft Corporation>

[Network Provisioning Service / xmlprov][Stopped/Manual Start]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\xmlprov.dll><Microsoft Corporation>



==================================

Drivers

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]

  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>

[AVG AVI Loader Driver x86 / AvgLdx86][Running/System Start]

  <\SystemRoot\System32\Drivers\avgldx86.sys><AVG Technologies CZ, s.r.o.>

[AVG On-access Scanner Minifilter Driver x86 / AvgMfx86][Running/System Start]

  <\SystemRoot\System32\Drivers\avgmfx86.sys><AVG Technologies CZ, s.r.o.>

[AVG8 Network Redirector / AvgTdiX][Running/System Start]

  <\SystemRoot\System32\Drivers\avgtdix.sys><AVG Technologies CZ, s.r.o.>

[drvmcdb / drvmcdb][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\drvmcdb.sys><VERITAS Software, Inc.>

[FltMgr / FltMgr][Running/Boot Start]

  <\SystemRoot\system32\drivers\fltmgr.sys><Microsoft Corporation>

[Freedom Miniport / Freedom][Running/Manual Start]

  <System32\DRIVERS\FREEDOM.SYS><Zero-Knowledge Systems Inc.>

[Freedom Filter / FreeTdi][Running/Auto Start]

  <System32\Drivers\FreeTdi.sys><Zero-Knowledge Systems Inc.>

[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]

  <System32\DRIVERS\HPZid412.sys><HP>

[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]

  <System32\DRIVERS\HPZipr12.sys><HP>

[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]

  <System32\DRIVERS\HPZius12.sys><HP>

[HTTP / HTTP][Running/Manual Start]

  <System32\Drivers\HTTP.sys><Microsoft Corporation>

[ialm / ialm][Stopped/Manual Start]

  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>

[IPv6 Windows Firewall Driver / ip6fw][Stopped/Manual Start]

  <system32\drivers\ip6fw.sys><Microsoft Corporation>

[LT Modem Driver / ltmodem5][Running/Manual Start]

  <System32\DRIVERS\ltmdmnt.sys><LT>

[nv / nv][Running/Manual Start]

  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>

[Padus ASPI Shell / pfc][Running/Manual Start]

  <system32\drivers\pfc.sys><Padus, Inc.>

[Ps2 / Ps2][Running/Manual Start]

  <System32\DRIVERS\PS2.sys><Hewlett-Packard Company>

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[PxHelp20 / PxHelp20][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><VERITAS Software, Inc.>

[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]

  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>

[S3Psddr / S3Psddr][Stopped/Manual Start]

  <System32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>

[SASDIFSV / SASDIFSV][Running/System Start]

  <\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>

[SASENUM / SASENUM][Stopped/Manual Start]

  <\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>

[SASKUTIL / SASKUTIL][Running/System Start]

  <\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>

[Secdrv / Secdrv][Stopped/Manual Start]

  <System32\DRIVERS\secdrv.sys><N/A>

[SiS AGP Filter / SISAGP][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\SISAGP.sys><Silicon Integrated Systems Corporation>

[srescan / srescan][Running/Boot Start]

  <\SystemRoot\System32\ZoneLabs\srescan.sys><Zone Labs, LLC>

[swmsflt / swmsflt][Running/Manual Start]

  <\SystemRoot\System32\drivers\swmsflt.sys><>

[Sierra Wireless USB MUX Driver (#00) / SWMX00][Running/Manual Start]

  <System32\DRIVERS\swmx00.sys><Sierra Wireless Inc.>

[Sierra Wireless MUX NDIS Driver (#00) / SWNC5E00][Running/Manual Start]

  <System32\DRIVERS\SWNC5E00.sys><Sierra Wireless Inc.>

[tatertot.scr / tatertot.scr][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\tatertot.scr.sys><N/A>

[VIA AGP Filter / viaagp1][Running/Boot Start]

  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>

[vsdatant / vsdatant][Running/System Start]

  <System32\vsdatant.sys><Zone Labs, LLC>

[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/System Start]

  <system32\drivers\ialmsbw.sys><Intel Corporation>

[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]

  <system32\drivers\ialmkchw.sys><Intel Corporation>



==================================

Browser Add-ons

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, (Signed) >

[PopKill Class]

  {3C060EA2-E6A9-4E49-A530-D4657B8C449A} <C:\Program Files\Zero Knowledge\Freedom\pkR.dll, Zero-Knowledge Systems Inc.>

[AVG Safe Search]

  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, (Signed) AVG Technologies CZ, s.r.o.>

[ZKBho Class]

  {56071E0D-C61B-11D3-B41C-00E02927A304} <C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll, Zero-Knowledge Systems Inc.>

[]

  {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} <C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL, ZoneAlarm>

[WUWebControl Class]

  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, (Signed) Microsoft Corporation>

[MUWebControl Class]

  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, (Signed) Microsoft Corporation>

[get_atlcom Class]

  {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, (Signed) NOS Microsystems Ltd.>

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, (Signed) >

[]

  {17A27031-71FC-11D4-815C-005004D0F1FA} <, >

[PopKill Class]

  {3C060EA2-E6A9-4E49-A530-D4657B8C449A} <C:\Program Files\Zero Knowledge\Freedom\pkR.dll, Zero-Knowledge Systems Inc.>

[AVG Safe Search]

  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, (Signed) AVG Technologies CZ, s.r.o.>

[ZKBho Class]

  {56071E0D-C61B-11D3-B41C-00E02927A304} <C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll, Zero-Knowledge Systems Inc.>

[hp toolkit]

  {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <C:\HP\EXPLOREBAR\HPTOOLKT.DLL, Hewlett-Packard Company>

[get_atlcom Class]

  {E2883E8F-472F-4fb0-9522-AC9BF37916A7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, (Signed) NOS Microsystems Ltd.>

[]

  {F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} <C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL, ZoneAlarm>

[]

  {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} <, >

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >



==================================

Running Processes

[PID: 980 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1084 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 1108 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\Program Files\SUPERAntiSpyware\SASWINLO.dll]  [SUPERAntiSpyware.com, 1, 0, 0, 1054]

	[C:\WINDOWS\system32\avgrsstx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.317]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 1152 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

[PID: 1172 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

[PID: 1324 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 1372 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 1412 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\System32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[c:\windows\system32\wscsvc.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]

[PID: 1484 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

[PID: 1568 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\System32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 1912 / Owner][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[C:\Program Files\SUPERAntiSpyware\SASSEH.DLL]  [SuperAdBlocker.com, 1, 0, 0, 1012]

	[C:\Program Files\Zero Knowledge\Freedom\Resources\zk_en_US\FreeBHO_Rsrc.dll]  [Zero-Knowledge Systems Inc., 4.0.0.57415]

[PID: 232 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 336 / SYSTEM][C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.380]

	[C:\PROGRA~1\AVG\AVG8\avgwd.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.365]

	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.384]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\PROGRA~1\AVG\AVG8\avgamnot.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\PROGRA~1\AVG\AVG8\avgsched.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\PROGRA~1\AVG\AVG8\avgwdwsc.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.336]

	[C:\PROGRA~1\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.338]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 468 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.3190]

[PID: 540 / SYSTEM][C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe]  [Sprint Spectrum, L.L.C, 3, 4, 0, 4]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

[PID: 604 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\System32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 716 / SYSTEM][C:\WINDOWS\system32\fxssvc.exe]  [(Verified) Microsoft Corporation, 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

[PID: 1004 / SYSTEM][C:\PROGRA~1\AVG\AVG8\avgemc.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.385]

	[C:\PROGRA~1\AVG\AVG8\libsasl.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.380]

	[C:\Program Files\AVG\AVG8\avgapix.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.314]

	[C:\Program Files\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.384]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\Program Files\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.338]

	[C:\Program Files\AVG\AVG8\avgscanx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\Program Files\AVG\AVG8\avgsrmx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.354]

	[C:\Program Files\AVG\AVG8\avgvvx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\Program Files\AVG\AVG8\avgmvflx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\Program Files\AVG\AVG8\avgcclix.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.303]

	[C:\PROGRA~1\AVG\AVG8\saslcrammd5.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\PROGRA~1\AVG\AVG8\sasldigestmd5.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\PROGRA~1\AVG\AVG8\sasllogin.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\PROGRA~1\AVG\AVG8\saslplain.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

[PID: 1040 / SYSTEM][C:\PROGRA~1\AVG\AVG8\avgrsx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.336]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.380]

	[C:\PROGRA~1\AVG\AVG8\avgcclix.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.303]

[PID: 1060 / SYSTEM][C:\PROGRA~1\AVG\AVG8\avgnsx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.316]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.380]

	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.384]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

[PID: 1460 / SYSTEM][C:\Program Files\AVG\AVG8\avgcsrvx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.380]

	[C:\Program Files\AVG\AVG8\avgcorex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.384]

	[C:\Program Files\AVG\AVG8\avgcrlpx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

[PID: 1760 / SYSTEM][C:\Program Files\AVG\AVG8\avgcsrvx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.380]

	[C:\Program Files\AVG\AVG8\avgcorex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.384]

	[C:\Program Files\AVG\AVG8\avgcrlpx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.300]

[PID: 2200 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\System32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 2396 / Owner][C:\windows\system\hpsysdrv.exe]  [Hewlett-Packard Company, 1, 7, 0, 0]

[PID: 2416 / Owner][C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe]  [Hewlett-Packard, 2,3,0,0\ 162]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\Program Files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL]  [Hewlett-Packard, 2, 6, 0, 162]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll]  [N/A, ]

[PID: 2432 / Owner][C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe]  [, 1.1.0.121]

	[C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqUnRes.dll]  [Hewlett-Packard, 1.1.0.121]

	[c:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll]  [, 1.1.0.121]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

[PID: 2444 / Owner][C:\HP\KBD\KBD.EXE]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\HP\KBD\led.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\USB.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\ps2.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\msg.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\osd.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\sct.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\onl.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\aol.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\url.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\cfg.dll]  [Hewlett-Packard Company, 1.0.2.0]

	[C:\HP\KBD\MSIKBDIF.DLL]  [Hewlett-Packard Company, 1.0.2.0]

[PID: 2580 / Owner][C:\PROGRA~1\AVG\AVG8\avgtray.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.354]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.380]

	[C:\Program Files\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.384]

	[C:\Program Files\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.338]

	[C:\Program Files\AVG\AVG8\AVGUIRES.DLL]  [AVG Technologies CZ, s.r.o., 8.5.0.307]

[PID: 2640 / Owner][C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe]  [Sierra Wireless, 3, 5, 0, 4]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\DebugLogDLL.dll]  [Sprint Spectrum, L.L.P., 2, 0, 0, 23]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\GenUtil.dll]  [, 3, 4, 0, 0]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\AutomatedUpdate.dll]  [Sprint PCS, 3, 3, 0, 11]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM_Res001.dll]  [Sierra Wireless, 3, 5, 0, 1]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCMVision.dll]  [Sierra Wireless, 3, 5, 0, 4]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCMVision_Res001.dll]  [Sprint, 3, 5, 0, 1]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCMVision_siXP.dll]  [Sierra Wireless, 3, 5, 0, 0]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\Vision_hiSwiEVDODevice.dll]  [Sprint Spectrum, LLC, 3, 5, 0, 0]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\swi_evdowrappermx.dll]  [Sierra Wireless, Inc., 6.32.0.0]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\swi_evdomx.dll]  [Sierra Wireless, Inc., 3.30.0.0]

	[C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\swmxintf.dll]  [Sierra Wireless Inc., v2.0.16.0 built by: WinDDK]

[PID: 2736 / Owner][c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe]  [, 2, 6, 0, 162]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[c:\Program Files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL]  [Hewlett-Packard, 2, 6, 0, 162]

	[c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll]  [N/A, ]

[PID: 2884 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 3104 / Owner][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.10]

	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]

	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]

	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.5]

	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.3.1]

	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.5]

	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.5]

	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.14]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.75]

[PID: 3996 / Owner][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 2208 / Owner][C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\OTL.exe]  [OldTimer Tools, 3.0.14.0]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

[PID: 4036 / Owner][C:\Sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]

[PID: 4060 / Owner][C:\Sreng2\SRE5211e112.EXE]  [Smallfrogs Studio, 2.8.1.1279]

	[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.080413-2105)]

	[C:\Sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

	[C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]



==================================

File Associations

.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE  OK. ["%1" %*]

.COM  OK. ["%1" %*]

.PIF  OK. ["%1" %*]

.REG  OK. [regedit.exe "%1"]

.BAT  OK. ["%1" %*]

.SCR  OK. ["%1" /S]

.CHM  OK. ["C:\WINDOWS\hh.exe" %1]

.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK  OK. [{00021401-0000-0000-C000-000000000046}]



==================================

Winsock Provider

N/A



==================================

Autorun.Inf

[D:\]

[AUTORUN]

OPEN=Info.exe folder.htt 480 480



==================================

HOSTS File

127.0.0.1	   localhost



==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 540, C:\PROGRAM FILES\SPRINT\SIERRA WIRELESS\SPRINT PCS CONNECTION MANAGER\SPCSUTILITYSERVICE.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2396, C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2416, C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2432, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2444, C:\HP\KBD\KBD.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2640, C:\PROGRAM FILES\SPRINT\SIERRA WIRELESS\SPRINT PCS CONNECTION MANAGER\SPCSCM.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2736, C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2208, C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-6JNHHU0520\DESKTOP\OTL.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 4036, C:\SRENG2\SRENGLDR.EXE]



==================================

Scheduled Tasks

[Enabled] User_Feed_Synchronization-{0055B6F3-8AC4-4A01-B757-7B1E3823BBE5}.job

		C:\WINDOWS\system32\msfeedssync.exe 

[Enabled] hopwdhee.job

		C:\WINDOWS\system32\rundll32.exe 

[Enabled] AppleSoftwareUpdate.job

		C:\Program Files\Apple Software Update\SoftwareUpdate.exe 



==================================

Windows Security Update Check

 Microsoft .NET Framework version 1.1 

KB903235,  Security Update for JView Profiler (KB903235) MS05-037

KB891122,  Update for WMDRM-enabled Media Players (KB891122) 

KB925850,  Windows Media Player 11 

KB950762,  Security Update for Windows XP (KB950762) MS08-036

KB940157,  Windows Search 4.0 for Windows XP (KB940157) 

KB951748,  Security Update for Windows XP (KB951748) MS08-037

KB944338,  Security Update for Windows XP (KB944338) MS08-022

KB951066,  Security Update for Outlook Express for Windows XP (KB951066) MS08-048

KB946648,  Security Update for Windows XP (KB946648) MS08-050

KB952954,  Security Update for Windows XP (KB952954) MS08-046

KB950974,  Security Update for Windows XP (KB950974) MS08-049

KB952287,  Update for Windows XP (KB952287) 

KB958644,  Security Update for Windows XP (KB958644) MS08-067

KB955069,  Security Update for Windows XP (KB955069) MS08-069

KB957097,  Security Update for Windows XP (KB957097) MS08-068

KB923723,  Security Update for Windows (KB923723) MS07-005

KB954600,  Security Update for Windows XP (KB954600) MS08-076

KB956802,  Security Update for Windows XP (KB956802) MS08-071

KB952069,  Security Update for Windows XP Service Pack 2 (KB952069) MS08-076

KB956803,  Security Update for Windows XP (KB956803) MS08-066

KB958687,  Security Update for Windows XP (KB958687) MS09-001

KB960225,  Security Update for Windows XP (KB960225) MS09-007

KB938464,  Security Update for Windows XP (KB938464) MS08-052

KB967715,  Update for Windows XP (KB967715) 

KB909520,  Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) 

KB956572,  Security Update for Windows XP (KB956572) MS09-012

KB952004,  Security Update for Windows XP (KB952004) MS09-012

KB960803,  Security Update for Windows XP (KB960803) MS09-013

KB959426,  Security Update for Windows XP (KB959426) MS09-015

KB928367,  Security Update for Microsoft .NET Framework, Version 1.0 Service Pack 3 (KB928367) MS07-040

KB936929,  Windows XP Service Pack 3 (KB936929) 

KB961501,  Security Update for Windows XP (KB961501) MS09-022

KB968537,  Security Update for Windows XP (KB968537) MS09-025

KB970238,  Security Update for Windows XP (KB970238) MS09-026

KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86 

KB971633,  Security Update for Windows XP (KB971633) MS09-028

KB973346,  Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346) MS09-032

KB968389,  Update for Windows XP (KB968389) 

KB971557,  Security Update for Windows XP (KB971557) MS09-038

KB973869,  Security Update for Windows XP (KB973869) MS09-037

KB958470,  Security Update for Windows XP (KB958470) MS09-044

KB973354,  Security Update for Windows XP (KB973354) MS09-037

KB973507,  Security Update for Windows XP (KB973507) MS09-037

KB960859,  Security Update for Windows XP (KB960859) MS09-042

KB973815,  Security Update for Windows XP (KB973815) MS09-037

KB971657,  Security Update for Windows XP (KB971657) MS09-041

KB970653,  Update for Windows XP (KB970653) 

KB961371,  Security Update for Windows XP (KB961371) MS09-029

KB944036,  Internet Explorer 8 for Windows XP 

KB956844,  Security Update for Windows XP (KB956844) MS09-046

KB971961,  Security Update for Jscript 5.6 for Windows XP (KB971961) MS09-045

KB968816,  Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 2 (KB968816) MS09-047

KB974331,  Microsoft Silverlight (KB974331) 

KB974331,  Windows Live Essentials 

KB931125,  Update for Root Certificates [September 2009] (KB931125) 



==================================

API HOOK

N/A



==================================

Hidden Process

N/A



==================================


#15 socalkellie

socalkellie
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 26 September 2009 - 01:28 AM

OTL logfile created on: 9/25/2009 11:01:01 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 148.99 Mb Available Physical Memory | 29.13% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.27 Gb Total Space | 33.02 Gb Free Space | 47.67% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 0.91 Gb Free Space | 17.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6JNHHU0520
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/11/14 16:05:06 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2004/08/04 00:56:49 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/09/21 20:36:06 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2002/10/01 00:39:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007/08/29 14:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2009/09/21 20:36:11 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/09/21 20:37:43 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/21 20:36:08 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/21 20:36:30 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/21 20:36:30 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2002/04/17 18:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002/06/18 00:11:24 | 00,069,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
PRC - [2001/07/06 22:56:56 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2007/11/14 16:05:06 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/09/21 20:36:19 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/08/29 14:12:12 | 00,233,472 | ---- | M] (Sierra Wireless) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
PRC - [2002/04/17 18:49:16 | 00,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2009/09/10 06:38:41 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/25 22:58:31 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 20:36:11 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/09/21 20:36:06 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/09/03 11:51:46 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2004/08/04 00:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2002/10/01 00:39:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/29 14:14:12 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService [Auto | Running])
SRV - [2007/11/14 16:05:06 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/10/01 10:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2009/09/21 20:37:43 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/09/21 20:37:33 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/12 19:39:58 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2002/10/21 11:21:00 | 00,082,784 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2002/09/05 22:27:12 | 00,028,416 | R--- | M] (Zero-Knowledge Systems Inc.) -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom [On_Demand | Running])
DRV - [2002/09/05 22:27:18 | 00,045,760 | R--- | M] (Zero-Knowledge Systems Inc.) -- C:\WINDOWS\System32\Drivers\FreeTdi.sys -- (FreeTdi [Auto | Running])
DRV - [2008/01/24 14:22:06 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2008/01/24 14:22:07 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2008/01/24 14:22:08 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2002/09/16 20:04:10 | 00,079,323 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2002/10/28 11:59:22 | 00,028,164 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
DRV - [2002/10/01 00:39:00 | 01,001,018 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/10/28 00:01:48 | 00,009,856 | R--- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2001/06/04 15:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002/10/21 10:02:00 | 00,016,416 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2004/08/03 22:29:51 | 00,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Stopped])
DRV - [2009/09/15 11:42:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/09/15 11:42:48 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/09/15 11:42:44 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2002/08/29 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/07/17 20:25:18 | 00,028,160 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP [Boot | Running])
DRV - [2007/10/18 20:18:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2007/08/10 11:08:48 | 00,024,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt [On_Demand | Running])
DRV - [2007/06/27 10:42:32 | 00,073,856 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\System32\DRIVERS\swmx00.sys -- (SWMX00 [On_Demand | Running])
DRV - [2007/06/27 10:41:46 | 00,101,248 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\System32\DRIVERS\SWNC5E00.sys -- (SWNC5E00 [On_Demand | Running])
DRV - [2002/03/04 12:10:00 | 00,027,648 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2007/11/14 16:05:16 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2002/09/16 20:05:26 | 00,091,678 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Stopped])
DRV - [2002/09/16 20:05:36 | 00,071,514 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4069429892-668027140-1197146121-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
IE - HKU\S-1-5-21-4069429892-668027140-1197146121-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
IE - HKU\S-1-5-21-4069429892-668027140-1197146121-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4069429892-668027140-1197146121-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
IE - HKU\S-1-5-21-4069429892-668027140-1197146121-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
IE - HKU\S-1-5-21-4069429892-668027140-1197146121-1003\S-1-5-21-4069429892-668027140-1197146121-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2008/12/08 15:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Extensions
[2008/12/08 15:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/22 11:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Firefox\Profiles\kelmom2five@lasercom.net\extensions
[2007/11/04 18:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Firefox\Profiles\kelmom2five@lasercom.net\extensions\{075538f3-a7a9-498a-8e0d-12f2e2ff862a}
[2009/09/02 18:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Firefox\Profiles\kelmom2five@lasercom.net\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/17 17:42:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Firefox\Profiles\kelmom2five@lasercom.net\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2008/12/08 17:03:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Firefox\Profiles\kelmom2five@lasercom.net\extensions\{646f1212-bb24-11db-8314-0800200c9a66}
[2008/09/27 08:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Firefox\Profiles\kelmom2five@lasercom.net\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}
[2008/04/29 21:23:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Firefox\Profiles\kelmom2five@lasercom.net\extensions\moveplayer@movenetworks.com
[2009/03/16 10:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\mozilla\Firefox\Profiles\kelmom2five@lasercom.net\extensions\plugin@yontoo.com
[2006/06/03 14:00:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 06:38:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/10 06:38:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 06:38:40 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/10 06:38:48 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/12/20 20:40:23 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/08/16 16:48:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/16 16:48:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/16 16:48:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/16 16:48:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/16 16:48:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/16 16:48:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/16 16:48:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/12/20 20:40:41 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/12/20 20:40:18 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/09/03 11:52:20 | 00,030,912 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2008/12/08 15:28:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/08 15:28:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/08 15:28:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/08 15:28:20 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/08 15:28:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/08 15:28:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll (Zero-Knowledge Systems Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZKBho Class) - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll (Zero-Knowledge Systems Inc.)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-21-4069429892-668027140-1197146121-1003\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [AutoTBar] C:\hp\bin\autotbar.exe File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4069429892-668027140-1197146121-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1253564186453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1253564507953 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/28 10:36:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/09/25 22:59:07 | 00,868,323 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\sreng2.zip
[2009/09/25 22:58:29 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\OTL.exe
[2009/09/25 22:57:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/09/23 18:09:31 | 53,640,3968 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/23 17:30:19 | 00,005,924 | ---- | C] () -- C:\WINDOWS\freedom.backup.dat
[2009/09/23 17:15:44 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/09/23 16:43:42 | 01,193,414 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/09/23 16:43:38 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/09/23 16:37:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Freedom
[2009/09/22 11:25:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/22 11:25:30 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/22 11:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\SUPERAntiSpyware.com
[2009/09/22 11:24:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/09/21 20:37:42 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/09/21 18:32:34 | 00,001,434 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Hoyle Board Games.lnk
[2009/09/21 17:38:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/21 16:43:30 | 00,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2009/09/21 16:43:30 | 00,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/21 16:42:41 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009/09/21 16:42:41 | 00,023,024 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/09/21 13:28:24 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/09/21 13:28:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/09/21 13:25:57 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp.dll
[2009/09/21 13:25:57 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/09/21 12:18:46 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/09/21 12:18:32 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/09/21 12:11:30 | 00,017,920 | ---- | C] (Sierra Wireless America, Inc.) -- C:\WINDOWS\System32\apintfnt.dll
[2009/09/21 12:10:45 | 00,001,081 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sprint Mobile Broadband (Sierra).lnk
[2009/09/21 11:33:38 | 00,001,647 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Mozilla Firefox (Safe Mode).lnk
[2009/09/21 11:31:46 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Ad-Aware SE Personal.lnk
[2009/09/21 11:31:27 | 00,001,625 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Mozilla Firefox.lnk
[2009/09/21 01:05:03 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/21 01:01:00 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB
[2009/09/21 00:58:53 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2009/09/21 00:58:33 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/09/21 00:58:33 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2009/09/21 00:58:31 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2009/09/21 00:58:31 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/09/21 00:58:23 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2009/09/21 00:58:22 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2009/09/21 00:58:22 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2009/09/21 00:58:21 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2009/09/21 00:58:21 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/09/21 00:58:20 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2009/09/21 00:58:20 | 00,353,366 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/09/21 00:57:46 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2009/09/21 00:57:46 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2009/09/21 00:57:46 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2009/09/21 00:50:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\Unzipped
[2009/09/21 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\WinZip
[2009/09/21 00:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/21 00:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/09/21 00:42:21 | 00,001,905 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2009/09/21 00:42:21 | 00,001,905 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/09/21 00:41:28 | 00,000,000 | ---D | C] -- C:\swsetup
[2009/09/21 00:40:55 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Windows Media Player.lnk
[2009/09/21 00:37:04 | 00,000,064 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\dm.ini
[2009/09/21 00:34:27 | 04,194,441 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\sdi.db
[2009/09/21 00:29:58 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/21 00:29:58 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\fusioncache.dat
[2009/09/21 00:29:57 | 00,037,032 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/21 00:29:42 | 01,992,106 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\IconCache.db
[2009/09/21 00:01:21 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\WW.rtf
[2009/09/21 00:01:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\ArcSoft
[2009/09/21 00:01:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Apple Computer
[2009/09/21 00:01:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\AdobeUM
[2009/09/21 00:01:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\AdobeAUM
[2009/09/21 00:01:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Adobe
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Leadertech
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Lavasoft
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Isotope 244
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Intuit
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\InterVideo
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\InterTrust
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\InstallShield
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Identities
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\HPAppData
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\HP
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\HotSync
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Help
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Express
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Download Manager
[2009/09/21 00:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\AVG8
[2009/09/21 00:00:50 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Microsoft
[2009/09/21 00:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Move Networks
[2009/09/21 00:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Motive
[2009/09/21 00:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Malwarebytes
[2009/09/21 00:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Macromedia
[2009/09/21 00:00:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Nova Development
[2009/09/21 00:00:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\NCH Swift Sound
[2009/09/21 00:00:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Mozilla
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Apple
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Adobe
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\ACDPhotoEditor
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Unused Desktop Shortcuts
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Yahoo!
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\VERITAS
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Thunderbird
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Sun
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Stamps.com Internet Postage
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Snapfish
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Sierra Wireless
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Share-to-Web Upload Folder
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\SampleView
[2009/09/21 00:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Real
[2009/09/21 00:00:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Help
[2009/09/21 00:00:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Google
[2009/09/21 00:00:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Broderbund Software
[2009/09/21 00:00:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\ApplicationHistory
[2009/09/21 00:00:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Apple Computer
[2009/09/21 00:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\IsolatedStorage
[2009/09/21 00:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Intuit
[2009/09/21 00:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Identities
[2009/09/21 00:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\HP
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\WMTools Downloaded Files
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\The Weather Channel
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Seven Zip
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\RobloxVersions
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\RobloxDownloads
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Roblox
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\PCHealth
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Paint.NET
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Mozilla
[2009/09/21 00:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\Microsoft
[2009/09/21 00:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\My eBooks
[2009/09/21 00:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\My Backups
[2009/09/21 00:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\My Applications
[2009/09/21 00:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\My Albums
[2009/09/21 00:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\Clip Art Graphics
[2009/09/21 00:00:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\My Music
[2009/09/21 00:00:32 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\My Videos
[2009/09/21 00:00:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\My Pictures
[2009/09/21 00:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\Word Pad Files
[2009/09/21 00:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\Whirlwind Pressure Wash
[2009/09/21 00:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\TurboTax
[2009/09/21 00:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\School
[2009/09/21 00:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\My Documents\My Scans
[2009/09/20 23:18:37 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2009/09/20 23:18:36 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2009/09/20 22:38:10 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2009/09/20 19:40:46 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/09/20 19:40:45 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/09/20 19:40:38 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/09/20 19:40:37 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/09/20 19:40:35 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2009/09/20 19:40:34 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/09/20 19:40:32 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/09/20 19:40:31 | 00,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/09/20 19:40:29 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/09/20 19:40:27 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/09/20 19:40:26 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2009/09/20 19:40:25 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2009/09/20 19:40:23 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2009/09/20 19:40:08 | 00,061,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ohci1394.sys
[2009/09/20 19:40:08 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2009/09/20 19:39:49 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/09/20 19:39:49 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2009/09/20 19:39:49 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/09/20 19:39:49 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2009/09/20 19:39:49 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/09/20 19:39:49 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2009/09/20 19:39:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/09/20 19:39:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2009/09/20 18:30:28 | 16,121,856 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2009/09/20 18:30:28 | 02,279,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2009/09/20 17:44:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/09/20 15:05:55 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/09/20 15:05:52 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/09/20 15:05:52 | 00,000,002 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/09/20 15:05:48 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/09/20 15:05:46 | 00,000,088 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/09/20 14:59:24 | 00,000,068 | ---- | C] () -- C:\WINDOWS\System32\gasfkymdbymbfp.dat
[2009/09/20 14:43:18 | 00,003,385 | ---- | C] () -- C:\WINDOWS\System32\gasfkynrowkilt.dat
[2009/09/09 10:20:23 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/07 13:04:22 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NewMoon.ini
[2009/06/07 13:04:11 | 00,000,056 | ---- | C] () -- C:\WINDOWS\EwardScreenSaver.ini
[2009/05/23 13:42:27 | 00,000,206 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/26 13:17:12 | 01,299,082 | -HS- | C] () -- C:\WINDOWS\System32\djkwegwv.ini
[2008/12/26 13:14:51 | 00,736,084 | -HS- | C] () -- C:\WINDOWS\System32\ELmSrBeg.ini2
[2008/12/26 13:14:51 | 00,736,084 | -HS- | C] () -- C:\WINDOWS\System32\ELmSrBeg.ini
[2008/03/01 20:55:20 | 00,000,256 | ---- | C] () -- C:\WINDOWS\PROVW.INI
[2008/03/01 20:55:18 | 00,000,673 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI
[2007/08/10 11:08:48 | 00,024,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/07/02 12:36:01 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2007/07/02 12:36:01 | 00,047,272 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2007/07/02 12:07:41 | 00,000,076 | ---- | C] () -- C:\WINDOWS\mbjr.ini
[2007/05/02 10:59:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/12/26 23:42:33 | 00,005,113 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/28 15:56:33 | 00,000,053 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/10/30 20:12:10 | 00,000,476 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/09/17 19:08:18 | 00,000,397 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/08/16 19:20:26 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/01 10:03:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/07/21 10:27:24 | 00,000,089 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/06/07 09:48:12 | 00,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/03/20 22:49:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/01/31 16:28:51 | 00,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2006/01/31 16:28:51 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2006/01/31 16:28:50 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2006/01/31 16:25:35 | 00,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/01/31 16:25:20 | 00,001,145 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/01/31 16:25:03 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2006/01/31 12:36:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2002/11/13 10:03:49 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/10/28 15:48:32 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/28 12:31:35 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2002/10/28 12:29:39 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/10/28 12:29:38 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2002/10/28 12:18:04 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/10/28 12:17:57 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/10/28 12:12:23 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/10/28 11:42:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/28 11:34:32 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/10/28 11:31:05 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2002/10/28 11:23:47 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/10/28 11:23:47 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/10/28 11:23:25 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/10/28 10:40:15 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/28 09:23:12 | 00,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/28 09:23:04 | 00,000,503 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/10/28 09:23:01 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/10/24 00:01:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/06 02:24:08 | 00,659,456 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/08/31 23:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/14 19:47:08 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll
[2001/03/28 13:37:14 | 00,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[2000/09/08 18:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/09/25 23:22:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0055B6F3-8AC4-4A01-B757-7B1E3823BBE5}.job
[2009/09/25 23:00:00 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\hopwdhee.job
[2009/09/25 22:59:14 | 00,868,323 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\sreng2.zip
[2009/09/25 22:58:31 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\OTL.exe
[2009/09/25 22:53:46 | 00,353,366 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/09/25 22:53:46 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/09/25 22:53:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/25 22:53:19 | 53,640,3968 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/25 22:53:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/24 19:15:36 | 00,005,924 | ---- | M] () -- C:\WINDOWS\freedom.backup.dat
[2009/09/24 19:09:09 | 00,000,503 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/24 19:09:09 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/24 19:09:09 | 00,000,199 | RHS- | M] () -- C:\boot.ini
[2009/09/23 07:27:14 | 00,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/23 07:21:01 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/21 20:37:43 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/21 20:37:42 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/09/21 20:37:41 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/21 20:37:33 | 41,622,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/21 20:37:33 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/21 20:36:50 | 00,112,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/21 20:36:47 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/21 18:32:40 | 00,000,397 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2009/09/21 18:32:34 | 00,001,434 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Hoyle Board Games.lnk
[2009/09/21 17:57:55 | 00,037,032 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/21 17:57:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/21 17:43:18 | 00,416,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/21 17:43:18 | 00,365,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/21 17:43:18 | 00,046,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/21 17:40:29 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/09/21 17:13:28 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/09/21 17:13:27 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2009/09/21 13:01:16 | 03,083,264 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/09/21 13:01:16 | 02,248,704 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/09/21 12:10:45 | 00,001,081 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sprint Mobile Broadband (Sierra).lnk
[2009/09/21 11:33:38 | 00,001,647 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Mozilla Firefox (Safe Mode).lnk
[2009/09/21 11:31:46 | 00,000,864 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Ad-Aware SE Personal.lnk
[2009/09/21 11:31:27 | 00,001,625 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Mozilla Firefox.lnk
[2009/09/21 01:05:03 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/21 01:00:59 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/09/21 00:57:20 | 00,006,144 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/21 00:56:46 | 00,001,905 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/09/21 00:56:46 | 00,001,905 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2009/09/21 00:41:00 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop\Windows Media Player.lnk
[2009/09/21 00:40:58 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/09/21 00:40:49 | 00,004,080 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DA192A-ABA 734N_YC_Pavi_QMX3063_E31NAheBLU4_4_IKM266-8235_S_V_BAM37308_T021216_WXH1_L409_M512_J80_7AMD_8Athlon XP 2400+_92_111C15811_N10EC8139_P_Z11C1044E_K_A11063059_U11063038_G10DE0172.MRK
[2009/09/20 23:56:42 | 00,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/09/20 17:49:01 | 00,000,058 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/09/20 17:49:01 | 00,000,002 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/09/20 17:47:30 | 00,003,385 | ---- | M] () -- C:\WINDOWS\System32\gasfkynrowkilt.dat
[2009/09/20 15:05:55 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/09/20 15:05:48 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/09/20 15:05:46 | 00,000,088 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/09/20 14:59:24 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\gasfkymdbymbfp.dat
[2009/09/14 23:37:45 | 00,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2009/09/14 23:37:14 | 00,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2009/09/13 08:38:37 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/09 10:20:23 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/28 14:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


OTL Extras logfile created on: 9/25/2009 11:01:01 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 148.99 Mb Available Physical Memory | 29.13% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.27 Gb Total Space | 33.02 Gb Free Space | 47.67% Space Free | Partition Type: NTFS
Drive D: | 5.27 Gb Total Space | 0.91 Gb Free Space | 17.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-6JNHHU0520
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4069429892-668027140-1197146121-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07295ABF-1245-415A-BE06-863271753443}" = ShowBiz
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = RecordNow Update Manager
"{1EEE2A9F-6471-42fa-8923-E8879168CE26}" = HP Photo and Imaging 1.1 - Photosmart Cameras
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}" = Blasterball Wild
"{2B5DDB2C-0807-47FD-9C11-80EA761902C0}" = easy Internet sign-up
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357ECB62-CD36-4B63-B57E-769D0CA174F4}" = Blasterball 2
"{3EA6838C-5C34-4F9C-A8DA-434D65DD1356}" = Men in Black II CROSSFIRE Trial Version
"{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
"{4F0AE1FB-4082-4A27-8363-05D292D92FB0}" = Virtual Warfare
"{5415BC25-6D6C-46C4-B34C-EA8470FE56D5}" = Blackhawk Striker
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra)
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753FE96B-D926-4B6C-BCFB-CC59153D004A}" = Snowboard Extreme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 82845G Graphics Driver Software
"{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" =
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9FA01E11-9015-4140-B10A-5C6AA949B2FC}" = Space Rocks
"{A27EAF80-CBFC-4F56-94E1-929A401D7515}" = Betty Bad
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84}" = PigPen
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E62C706B-1352-4DCA-B4D4-81C24750B70F}" = Detto IntelliMover Demo
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcSoft Software Suite" = ArcSoft Software Suite
"AVG8Uninstall" = AVG 8.5
"BackWeb-137903 Uninstaller" = hp center
"Hoyle Board Games" = Hoyle Board Games
"hp instant support" = HP Instant Support
"HPTOOLKIT" = hp toolkit
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"Indeo® Software" = Indeo® Software
"InstallShield_{A0C4079C-097C-45BA-8D85-08C9FAF290FA}" = Freedom Security & Privacy
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"Sierra Utilities" = Sierra Utilities
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WeatherBug" = WeatherBug
"WildTangentDDC" = WildTangent Channel Manager
"Windows XP Service Pack" = Windows XP Service Pack 2
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2009 9:51:34 PM | Computer Name = YOUR-6JNHHU0520 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.

Error - 9/24/2009 9:05:10 PM | Computer Name = YOUR-6JNHHU0520 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.

Error - 9/24/2009 9:20:59 PM | Computer Name = YOUR-6JNHHU0520 | Source = Application Error | ID = 1000
Description = Faulting application nwiz.exe, version 6.13.10.3190, faulting module
nview.dll, version 6.13.10.3190, fault address 0x00002429.

Error - 9/24/2009 9:21:15 PM | Computer Name = YOUR-6JNHHU0520 | Source = Application Hang | ID = 1002
Description = Hanging application Weather.exe, version 4.1.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/24/2009 10:14:01 PM | Computer Name = YOUR-6JNHHU0520 | Source = MsiInstaller | ID = 11304
Description = Product: QuickBooks -- Error 1304.Error writing to file "Intuit.QuickBooks.FCS.exe".


Note the error number and type this in a Web browser: www.quickbooks.com/support/install.html

Error - 9/24/2009 10:14:03 PM | Computer Name = YOUR-6JNHHU0520 | Source = MsiInstaller | ID = 10005
Description = Product: QuickBooks -- Error 2350.FDI server error

Error - 9/24/2009 10:14:04 PM | Computer Name = YOUR-6JNHHU0520 | Source = MsiInstaller | ID = 11334
Description = Product: QuickBooks -- Error 1334.The file 'intuit.quickbooks.fcs.exe1'
cannot be installed. Insert the QuickBooks CD and retry or note the error and type
this in a Web browser: www.quickbooks.com/support/update.html

Error - 9/25/2009 5:39:48 PM | Computer Name = YOUR-6JNHHU0520 | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 9/25/2009 11:58:27 PM | Computer Name = YOUR-6JNHHU0520 | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

Error - 9/26/2009 1:53:31 AM | Computer Name = YOUR-6JNHHU0520 | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: 31. This error code indicates the cause of the error.

[ System Events ]
Error - 9/23/2009 7:22:40 PM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 9/23/2009 7:22:40 PM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7001
Description = The TrueVector Internet Monitor service depends on the vsdatant service
which failed to start because of the following error: %%31

Error - 9/23/2009 7:22:40 PM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 9/23/2009 7:22:40 PM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
Tcpip
vsdatant

Error - 9/23/2009 7:23:02 PM | Computer Name = YOUR-6JNHHU0520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/23/2009 7:23:07 PM | Computer Name = YOUR-6JNHHU0520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/23/2009 7:33:55 PM | Computer Name = YOUR-6JNHHU0520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/23/2009 7:34:02 PM | Computer Name = YOUR-6JNHHU0520 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/23/2009 7:35:33 PM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 9/23/2009 8:19:09 PM | Computer Name = YOUR-6JNHHU0520 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users