Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS.txt & Attach.txt


  • This topic is locked This topic is locked
14 replies to this topic

#1 Kristina78

Kristina78

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 03 April 2010 - 06:05 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/299603/help-with-sas/ ~ OB

DDS.txt About the Attach.txt do I just copy and paste? It said I had to zip the Attach.txt I don't know how to.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 19:10:47.01 on Sat 04/03/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.625 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-explorer: LegacyDrive = 0e1cc19830c3e80f4555ffa43a9df39f054716182e4cc50d8eb148b25671f90854b7a9b172513f038062a25b3357dab46d1c7178be8f20952b35a7d42f2bfd660060a9c0130270a9e2363092c9ed0c0c25ffb2c920b2e7786435b356494d56f0359a7e8b6d1cbdc22bf53971f071a6d21b4371e6bb113e17a234951bbab9d81b9cab79155f94697fae41d42d1ec60b74bec2c190efe47b4376eaae42bfcf799bc6c4bab9103f83f0ed5d4d6d2bc3f4253a35030b8e64328645082d220a2f978539d54fa543b4f239545da16d348804da6ba98eb5a9c403476581389dc3831a80bbf6f2a77867b6e72cfed9c53d1015fd145141ec29a9b460a6ea09581bb4720b73954f2c2675006db132f742438711e7ba3226a4cd56de4f8b1ec71304a3a571461009848b032689b037df9ee96024cab4577fa63e0b77eadbde47e4f4c059c454e0724c833cea81451156ba649665f8afe90875434ad6800987ae8780b79e76bd2b033fafa2f2baa8bcd7b019b25c329d438d303af23946e36e9bd941523963aab20e0d0b9325e379ba9a02e847a40e7d9da92dd7ab6a69e7707b5502bef7f4343e71d6d8b42e846584911e8b75d6437fb60331921e1c2e09b89726297f0f9591663ca7cd9c239e270d8a75c0bc2cafc3e0f03ae18b1c6f4f55c4a854760d03e5213458c812d26ef9665e6e4db0f3975549533485e72ccb96729b982813ef39ac8dafab81d0de755dcb7d23ef8352f6c362e8da65d1d798c908c7454dea25ad1bb27cdf1e1a2f49a292fe7493a360d134d3d2b614c96fa43eb1c1cbb1e2d7d010be97cd9ada56995b5fa64ba4b16ff9ba4e42c5cbf8e91b26164334aa584edf7f9a8680050b6ec3590a8e6c084060d951eefb591ee53b68c4b6c036882293b562d20cf00048f39e0e16e5f7b54ef9c66239a4c0c84cda1428577643d000dc32e170dd7d564cda0f42e72df059b6c45db2040f1eb6cbe61d14ce720212132c7bede5c1d5d789f80ae87ce52dfefd5f09c7cbb5051c309d4b913e6d2a4a598eb810f52dbba3a133ca524578afcaa833102c35b54e62fe58aeb201b2b793aa0edac0c89a1c598ca7e76175240879fb621920b2766db2973dfe8ca09ea770970f942b275bf67537a2fb1878a1fd553a33f983841844f963f6792e829db61ffb8f08f16dc023d84f9a57378444bf092fbd24bc7fc8a3a1ea6f30b0dc8187468a6a335275ba510b4a7a98e306c096b65d813c485da79dee4f63f38bdec5e3be7a8a025aff3497179260a287cc551e4b1bd9848665489092eee747f27b75df3988b7030408d70619ad7aabc32bd36a64e409de025eded403f58fa135cdfcb9120b097e414544565f36c80000b76128f1eaf139c0b912727f7ffc3cc404a9bbf4af38a3c2f78f4df21b4509c36313bfb64cc69991c67d474b8b98fc5efd7fcaa06adc0b198e08011259c2b96ef327353efddec98f1a94c686afa856b0e627a793f9fa4c89ad5ee0ce1c95ecd7b8db0ae58d9c4bdbc6e4d74cd87317d3d98ae288ba2b71c19a28e374a8c4fba5ebbb1888d58367e61cd257c1c5604d3b81ee99b43d87a933f5067d07c9d85bae5203c4f53667a661fa44d3ce18fdb256521c357445950b6941a04f16df58e01fcdb598c99a2fc2c3851e2642446ed2afebf21b9c10fadefd2d270b95457e65aecbbc830dbfe91b251a307f8b6cee68aac409f3b8d083e9e8454f43e28163ee706f0ecb7aac8cdbfa34e8d758968ec1460ca740ad70fb093e357a60ffe5db2e03cd835478f6a83fe758b6bcb84bf20ef53e5d3e4fabdbb3664a940245869b072c2dcd35936bfc2a6bf94d87a792dffefba7aeacd8e453b6aae8915bdf1fad0818f2f8175a23c0f1760d7f76df2e539fb9e2ae6132714fd5154c71979c94426b86dc96276a30ddcd4b5652f76c5376786631bd40770087801d1b510fe4ac2d0c7cc9736fc50ec3aad8d0cddb98d820e3b32d713b112498e3ffeadc9b8c5d705633203decbbeee20f5c2efa8023c89d829738298f9de0424b99a317b6d6afe7a5289ac473d0b198f49f8d65aa5ee695d13c6eace123ac5405a79770550ab5831a033213906dcb00ea41ea1397c213dac4f77eb4225e0628e9df417b1cfff1810f569bb327437582e2de85eb172e084c7e9c117672a87203f6dbdfe9f2f7fd5150d087a9a1135b96e087b3b83b6d5806e308146d1a5c69b98d3583b9e56b6c9e99657fa506dc1ff6c1e1a8cb2c22a6d4476946dac96509a370adc0179502b4a003d425d70908f65cce96f9a605e5bd823c21a919a2ab17f1f85166784021433d1f37276086d3214791aed693b08fc6530419d1770ce7f98780db69957db2b66fe3dc661afb8baf7c5e0a80591251c581f5d6e7475fa595933403b3bdfd1670e4b3b39b973a7f5a38fc898a00de73544373d701f670e40f6e6148846a9a5382546f591cc4a85868462fdad55d0c1dbfc893724103dce34b117418f479527b118e0d9b06d5f44bcedc607d1b949fca57bbda488d3f1872a38104d73babf10fd8441bf34201300d2bdf0f4e126ecfff687003faf2a23c1a6edad0f07952dab8b044828b16b77fd5b598d90a880cf4959905c5ca11671378bc8a7dfc299a913d354c384b3bdecde98cb63049194616167332a3b7f6b53ad340409410e8650f216df449ff6d64ee761874cee4e311333d817b71530fa4be558fd8449597a375958e4af09f25886ec02f62389b34d1b40b72a7bb9825c5fb48068f9ab7129d1c6a8cb3876145f4c5eb1b5249bec049f547bccd3c3fb681847fef29ce150f629897249002b7e819311842d1f1609f10b49e8f24db448f8ca9050c1745bb85144edfa45dcaa9cb955f79efadc576a9ad7b758ab1b91caf31a6479686ccaa30aac9b8384047c4c2d42e6717631721c01e0443e16b4f0cc92de112c6ab45a4e33e583bedfbd3f09bc72deec1396cb03aceebb9cf3b5a865b0206c12d445bb7aed6a70c449620ad7600290750fcd17609fa9d01e3418744538446ad62b7d0ec53201ea486b12f679c95f54fe1dc099953d56dbb43459bf9723a77740f77c7ad2a1946456b7bf3060456af27e42d07cc2ee84fcde9bef0b8f95902194e351ef95b4a6da4caea05af6eec763a790a9f73ef88c75b5a16e8f7cdbff84ebcd26461bc662cbfc4279c8f328ba6110f063c79957dfefdeefe152d3fae5f83e503cc3bfe3308642cec5a389545cba92ff48c3c3ac2921a0d3d836416add5c81d493452c8aa2584b9647feaa8e283a56520acbf916aa58b46417f27385ba3a345ea0c664e21b3cd46f54a1488212c7a6e6c95a01f2e0e33a8112cca4f157a1223d7b428d8123646d266b3a280582a93eb9a16f68f958de5d06905ac34514c19688a69a94398a21bd9513f245a3791643805339988889013abb0a5672de70868eda12a537f35d94aceeb09040656d3c2b1e4be851fb33e7e0ca67ac67db9524feb91b5a11aa357bfab6dc74abb6c84272c45afc34283b79f0f3a730b2feb6e31b6a881566779a85d26fd0e8db0556a938a3d8ecb377c3dbbae7f3ee00b41aeae856d9ad2a0c7cdbaa4c8e7574d88afc422c4e1ab5dced2ed9b44212f82c34523d0a482049c2f5671de0b147b32f9cffdd9c2792b016e4c6e46b7696f78bdc0729ffc2fe63c7aee3ad2452af2a51cf0f9c26d4d393f7fb469c4f19f26d14a6379462373bc693beb56d09d385273391fb44de4aba5fba06ad0851ed80b7c811c3a4565f270b420e958dc47ced4267468e3a14765c899ab95696b5b56f597a44fc9176c6295f073dbba06cbd9eef734e160459cf484ff3ce96946c28352a4a23b66ef6540a97144bd2b45f55a7f04c5056fa1e7f2ee920ce04e31339fb461c3cfc874d7eab14cd98440c152d26b43006afec129498dc930d91aadf066b5637422e7dd2014716070d65382f6c44a99fc0e97736b0b0248ebd11fec4c02d04925e80b0dbbc5dda02464af59acf4c8f17716143868352406421675750db0f54dbc3dc3c00c91fe3758afab222daa8a575bfb416ab3804eb7b11428a6aefb172e578048985edc21866f5ad23366b92dfcbfd2b7204e7affc430aa2e3a01dde0824fba32114ff31cd2cf6d026b6ca185c105429fc6be6f20ef516b4c51b7d57db2fa1eb222b7fb192b235f306250a72a3bad159422cc8038c7694a42b9a791a1369caab04110cb16f68207ea1b6c801bf7c8d81067d3e88b2e11b5d38d919f12139672dcfcb7a625b124f6afe554475d3e601b34fd975b0fe1cd539448f5fe6698f2849cddab0173b35e883f673667a8591fad12a5d9ea5d024b36cfe91b754efa7bd8d39d46a71be54b3f9fb9e8cf56c735db875b4e560a3ab551c24efe247ebf0255786782af22870c9423b823939c249a3daff54135420ec38700f9cf3ba12176296c42d50efa1df3e03c70ec5fbf2550ed2fcac69f1a41f594a8f7b9a48667dc1f9eba4add8db54761d893b05e7349341e920fc024bc1b3b1121b074c42d5759c55d6c69e452dd6b1d232f61bff8c2b8cdd555c1a5b3cc65dfd531137859fafe300e8a863085dff9f3f06b18695815b018255d0bb48fadb6252959847f0832d63427571a880a4f9246a25557b271f39dbeeed338812bd15fe4b554b19fbcdf756474e32659bad82fccfb8bf32252ba1011f0dee8e50fc148510b4c6fbe5adb895ff4dd58b5e0884758edc3b5f4a342919279f327194899391400b652b59aaf571a4e2b5fd005bcc49611c17a631c8ba0aa5ebe55dc13facd2e2dbba49d467e729530d8269f7eb09d796fa0be8347757310e0281a1136582e2c29f8230e7f45910129fc95c1c7c9748b6d028278a8954309bc40cf0330007b7d8dcbb5376281302d8b20416cb338892518a0d500bc8e6642b2c70ca5d2d1f12ae8e00d3ac74ee1a31ee0aef3494be6246df7e07fc302cfba3488f5642722148297ac267b684c4d31fbaf0d710096b98d8b922b476a0bb8f1b68763d3a92951cdaf95787d3dc062ad23ec81a583389c9a0ba871eaf69db20930614dbfbb01f091515bcd7c4b779beac11bdddef3996672e8ec1d835403feabbf5d616fe4d67fba58c1328a6c36fcea53ad4b2088cca2fb276a7e1d602945f784e6d14bdd16d1dcb628092f0f67a58f9621cd53d3097964a3da87f9e73d0aa57dede6946f199a116b095c4c74056b5bd673a17e5f3f47a7cc802e3a8258fb117f1bc3ecc38fb4d826c345e2121f0e3168939051532cf2dfce8ca39c679841c04270ba9060a4b13321a423c208794a9ebfb3c1065ba3e9e9e0ca8cf80890c10040391077f416d6540cf8ea24b7ea805baa67204ee81c2aee0ce66d846ba5d4a06414c3669e064dece3eea6e332a5db7a0f68c07f1e202ac7f0e75fd11dc7cba693c5f5032d1eb0ba87d09656115cb2fe63cb7d9bd1ef0c3d3eeb87bb35e9f5dd9a355bb6314dc4a90ae9b9b08aec64d9d5ff973eec280f36189efbcd8cdcb87246f4dff0362681a0a2b1b1dcc9e943b6c78ad4eab84c0a1220b71d198a3997f27076588a5bdfdcfb4b86c2c102593083b39bac8a6b486468071d325b53ff751ac5e163ce6ce8a05e23cd10ef0a83eaab371b0fc2a8e499af7cd6b6bd6331b7c9546164497e25938d80f0f945dc8f3f44a90d588489d413ce69db14ec4a3269282d05b821d2a759def47a7ce6cb60c556d5733a32d6f65ff91d8b9f7c0aa6eeefcd41ad4170d2cea9187a3881887f6d58e6fc6a43c2d7ce7354f43f0d05a80a353171096c952ce4ca1d83e6ed72841fce6c00ac64334f1469ab957ebc4744210322e2fb944c0dc69661bc286361c72a31bbaaebf2ab859578c66891ddd3cef722dd674916861b607a9e4ba662f55a86de6de06c21da536d4343ef55956b59ab14af8f48c157c55e9abdfcb9cab2d6441d1da9ceb6e5d20e04124ce5f22f80e45ef25f0ecd1eafdf5da9a28cfa1aad8dd536975912dbd171c12c059f10eef1bc80bf327640d435eca58f84b94fa064223e987060949e84f79c63da430c577354871eb9fb663d6225b81a9768872356dc5d4d152c07c0a8ed99d0642eb23085500262cd1709726e0221e42ad895beebb984f5db6b223be10e5a70f212ed1b01eb8df875b7f2b0da212ae7d785317b6054c10b2cbb6bb76a7fe727b02ba9cf346eb4713ebfb3e3dd424612d9ef9a47eaf13ca9274c2f03c1c33b9bc8f1f989542fd66d75a52c832ae39bfdabd4b23ba9f1569cd6b46895a850a2005a9fc2b6345ceb5f0d9248890e54f2f8b8af143d29dd4c8a9bbb55c52d7de4dbe6a1cf57f721743340ed59eef6169810de44525ec84f169baeff245ce81ab2507673df689523e83b90179ea8d9cb18bd5854a5d703a4040baf0ad8c526f856af790941d5984218061f988d7d73b33ac00ef290c917af106436c4c4bdd8a64ed1c98cb0af5d87db199e88cda320e45867e3a725fb7a2bf8a06dea36bcdd91a48b66557111498a7753cb72bec6d8534208ecccf6ce3368081def7467be1b0e83eb4e7f534fe1cbd59d2e548572dfeee8f783a4246bf13cf666f0b37b5fa9db46715b48b05f516d6fd512036bf1d7aacc0142d3588f4cddfc9a7f7ea827666560f8431e909cff35a1a8679ec943945427e8ab410f9567c75ea32d341ba3c6de0185a00996c9124281879c95ee4a710034203228b5f2fd4b0612a676501344f8f7ddf0167900c90098493b04bb93810292e06920f9a958be1f718dace7a0aa9b8e8f9a70d28ee0ca22c3100d1ccd4f7e81b58f14fad3db800aefea6b40a6f4ffb10fc4a8a59f0e1c914a049946eb246d67e654bc200c307e15bfa3c79956b44b21c2a321f87235c734754c67e8dfbaac589b6d57e8f96c5159c9d6c4291fbf8b96d3ef556231d1fbd4f28b10ff6b6fba460592c120edbae6190d7e76193aa81fe9afde01f3ba82084ab5d67aea3864cc408d9dbaed64c096c7c8fde1dd2052da184b9dd7d05df94d0531649cb0afb685974d1bd569d5c6440a69e49c2cc5cf1e1fc58521ea2758fc9a91e626dad64c9cc4759783f7627b0fea0a48a37f91193adc5e4f0576d93e556e957325bc21e7646ffac0e9ef8b1cece9ddafdc5a040b99f6f61ee3cb9dfc12222ade08a6ad6b65c8e237f9614e8a7f998b628808e0bbb51c150d29bb86173e2975db772ba5eab66d24e1b02168e8349de99d2a34f73e29d672e3340a1c59b22933f8715a9431eac12667c7f47600a2af9fbb10c86d44de65c2059a6c3840553b075ba89a297af5edbd53efaeaa3e5d1b848c1a2cb31a61c8d226ed4738556189dc6f45881d32a892a2f89263c7034cec4b60b9524811e93a696aec4457bce4d574315e1accf7e34a48a1c92b25ca4fd7a5fbe9c005ced9f2ae54ff98afb5f2c26b164f658fc052fca3487ea34db24672a7931cc56b493411100157084b2a87b3d729e6c0714fd41d270858c6d355c1dae37c8df55bfd89ba1cc93aaf66af7c4e9c17695847f27c6d5ef1f6dac4f581b213c71420fc980a16fb9e6ec69bf025daec999b66c0ee62006acf6b2288297ccf20bfde7aef2b5623fd1f57c375f176eab4571ea7a06e85a83b02dfa27709d1f34c702886091bcbf8e827eef9e47289f4cfa75d09f29fd045bb087fb33f516cdc3560ad0d02167050dce33c9a2f917946406433c210651b8983fbcf51c1bb5b85dd81fff5b4c032cc1916e8c32f241195159c62b3c99b5738463a791ff05f95dcb432d9ed4866ad6a29f5aab2d1bf443f5ebd9f7142e4e98d3c4ded058794e5fa517d90ff6ede85204eb9c7222da8990d897e94e8d92bf6c47ce03dfbf074f5ba4406cebdd0e5f15a23ac94fbc13db1cc82fea1a350df646b04e04751e4c15935267515bab0d442992290183a166aa485a6a66df52fbc58ef5550c95348640b5045cdf27c5fe3bf247f7d43e0aa1d486b82672cb210d8cf2b95c0b4af68ad4052ec1f32e53d5266223a7ad276af03bc64271d2a2402789b91c74cf442ba9dbdf6b2bd8d352512c334851977f9cfabb0c16080d89f0bf16d656a02f8c7719f43be4926c72b5baf2664bdaa665514672a6227bfb157e3f802b614bce8a989b53c3a735962c60f0816af855469520f9f06395decba9138ef34de676609edcfacfa0add8c7a7429536b0e5329295731a1c99c2d8e95a26ce8180d4d23106aade081641cc48875b8c065ace8f0d1ae4dc492faf55d4e72d23a9d176b136115d2055affd6f0f55b791d6561a425f5001a0e9d22abb6d331aa75a3daa1fe0211428660d655a1297c35a1897c13acb83d28a858e8c82600c6e7dce255dd55ab9b66e7abbaede636c50a174ad2496771502ddde99b74ce03ce9d50c9d8a8f0e3d31da8bc904f0be077e2c3a88e8b3d1ad7f717a30bdfaf0b86945aed7257c3db6e523c6c000c047aef3ac58dedd861967979eee104dcff4553bf269d24f8b77c14c1ce1dc05493992bb8bc5d5fda54da58dfbb7e1db9efe430f8094828e3ec0a3d9dc8d8a2449084d25b96ce1b48b9eb717db086649e9e0450e6e70cd4c7414785d00e64e3d4e9608b497f04afeea0afc4b095557acfb5c8f13d33362a463af3bb763c79c8b886ad2ebb19d464019ab52639bb3632a8f723c22ffc859032f0f5984957f920393791f6227a0cf9f99320da39653a24d660137a73ed8420d40c9bbd963bee601e9a2fc0cf4e01c880230a532d754a34ec50ab957923d6d9f0f9e153eb0aeac2415f2a8a959dfea0db7c909b177bb40d68d2101346a9802b0887b846a90d2b1ecbe42ccafcf4549039d723fab08dea2cca71e874696bb3236e68d99c7f07c8aaac0795eb177e3c167aea772450a6c9de4e62af1ff66bd336692c828c7cf560870dfc5bae97a2dd0d05f746dbc47f995a1c3675ffc0d348d3a44abf190e948031f0b21cbc75f03f01da672a8f7fcfc564243e51accefb2931507cce06c77be3d08efa32c15ed7f0cbbaa0420d8aa8ff92055bb83ad5cef6f8769ac23ee0eb6bb665d48333dce62be7ff0090d61268b68ac51b75095c62c0040da6d32d51aa85b29b7f25ad597ec928fc99a25a6d70e771b62c278effabde12bddd4718266e7242e8a596b91a8ca86f73512da8baec4cb87d02270e06096b718bad268aa573daa3039dcfae604dadfb89b2ed4980a5cdc013470ec2fa05c03167d647eb8bb603e35b562f7794120afefd2335a0ec165d6a0b7c19a15ce416577b06713d234164b8f448253774170bc3532df3d7f3f5e2732785eb6cf03b8a54063683f4c45b2edf7ff64046b6555998251437ed999d2aa502f0c84ccaa0e1c1651eb5982a3a65bc61e7a8599d3fbff94bc7abec8cf39dee40edae046392d0a79dbd052414c9cf4385b451e727933a31755ff4f0b858fc360554a69fdae0193f4cd59bd9622c0f52bc14bb6578414f975586236e19a6c1de3168a30498e93d16f9363e9b181a14d76e35ae8a134e85dae2eadd8dd71ebb487bbba16d430425073ef6e830b10f86e047a211b1bec263e5e061b3a9b5b9679bf7eb298bc6e73d7e9d8b12f9850f177c88a0cf4c694b2875921d09104e892ac238092885f308d9ab1c00dce21f7de075ef84b09807f377443fd85d1299c00d0ec3285dc5e434319f94a39c702c03494941211a946bc40e604b9b68f9cc730ebca8ad2f292ef0283a431ba9f3a87e133b7a4925eaff44d823dc9fc187e431cf53db79b1c67cee8fb650c06a6d90195506f2a3e31ac34bdc9d36453402fc513da6143c1b6be5a978a38a117a316d09f2ea17c4d74146d8f2244045da2168b323cd0ffbd3668cdfe915b78f40323cb2ffbc8751e30ce29c2def36eaa59d2c50dfeb9173bdc1ff9a35cdba085579d888841ba5490a6c45ecd33c9bdc6f646ade5efbbae88bcd7e371608739c56394b171f770ba6b940deb25f503f1bbdab162438b7bd10186cdf2a8a132eabf44d59de86583882118e4a701d2e627d355f9da28672975ba968df4cbcb4a82ab741c1d9fdb7c7d232fa98c84df40c8bee95e02cf1c118f3624387b52cf481dcb88e3b5884a6c58ac3b08fb102172ba50b8d54c70aa03038ee8fd249125b03331d21420826a609ea1c34527b66a55a94c6bda53a83bd42cec73450834619c1152017e25eb909280b4fa7654ddf3b1c094384248e21e06dd61db5db094c0f5543eb8b189751735254222aec87c6cba7c1190d6a1a646ada758c802c068ab737121b24cef6b9ad4c6bc96e7008165c6cfd087e28384eeb662ca685efce4e2784e9b50fb4df82d9ff3fd8ae3b9ad9b9379369da9f36349f1f8bf270cb6ae909bf90b42d02f34499b053243759120195a4456995380bd366dc1de0b3dca7a7e01aaf5798dfd8b342e20aafd6ce8f7f8894eaaa9218bc603329e40df8b7ea2e3a409e63e88cfcc6869a537c76daa689779c53e96bc9f2dc5dd18081c2e4bda6ff65d2df2c9c37d518abd4e1d58dc367dad597252a7c11a4285844f8a2c7a31cb8387094f1ed765188fefbd507a2f19717aa6ca9974e5998eb2c6c94978e5ad10cec492cc1b184128642749e153dcb01ebfe032756680797ceb3e2309c889f72a24923d8e278032d4278ecfc7634e6bb6cfcda44e78f528469798177579f83545818e504fe3e68d9a805027da78c26299ff24517306b9539d693112b0e01c166bb203bb7c73a9d6af00dd68ede7744847b637648644c11b88da6c49b3309d9e112920a2cd9869590db399297072f85891a8030ea1381ab43e7a0b62577904d6cbfa77dc15084776200f4e226e01676bb6ebec7a8330c185ebfb18e0ebadfeb85e9d5c0220105060669c8066e42517640a5dfe5e32b375854b35236775f5361aae0bba6a0f4e0576d2c9b36ddf342950accd6bc2edb7d8bb5a73260971ebb3be4ead9db21a0a2cabed234e24dd8419bbdfdbab90c4d4ac4f7a823b9d616feffc25a5d9cf8ca14a9825e0703140600
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Monopoly by pogo - hxxp://game3.pogo.com/v/9.2.4.18/applet/monopoly/monopoly-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game3.pogo.com/v/9.2.4.6/applet/peaks/peaks-en_US.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\0l59nctg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.ufsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\0l59nctg.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\opera\program\plugins\NPEvery.dll
FF - plugin: c:\program files\opera\program\plugins\NPExpFTP.dll
FF - plugin: c:\program files\opera\program\plugins\npjava11.dll
FF - plugin: c:\program files\opera\program\plugins\npjava12.dll
FF - plugin: c:\program files\opera\program\plugins\npjava13.dll
FF - plugin: c:\program files\opera\program\plugins\npjava14.dll
FF - plugin: c:\program files\opera\program\plugins\npjava32.dll
FF - plugin: c:\program files\opera\program\plugins\npjpi160_07.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\opera\program\plugins\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.ufsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-25 11608]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-25 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-25 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 60936]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\owner\desktop\sabkutil.sys --> c:\documents and settings\owner\desktop\SABKUTIL.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SUNPLUS;Micro Webcam Mobile;c:\windows\system32\drivers\sp508hp.sys --> c:\windows\system32\drivers\SP508hp.SYS [?]

=============== Created Last 30 ================

2010-04-03 03:46:30 54156 ---ha-w- c:\windows\QTFont.qfn
2010-04-03 03:46:30 1409 ----a-w- c:\windows\QTFont.for
2010-03-30 22:58:01 230824 ----a-r- c:\windows\system32\cpnprt2.cid
2010-03-30 22:57:56 0 d-----w- c:\program files\Coupons
2010-03-25 15:39:35 0 d-----w- c:\windows\system32\NtmsData
2010-03-25 07:28:17 0 d-----w- c:\docume~1\owner\applic~1\Avira
2010-03-25 07:26:27 0 d-----w- c:\program files\Avira
2010-03-25 07:26:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-03-16 15:34:12 0 d-----w- C:\_OTM
2010-03-10 16:01:04 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 04:33:38 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll
2010-03-06 20:04:09 0 d-----w- c:\documents and settings\owner\DoctorWeb

==================== Find3M ====================

2010-04-03 21:39:07 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-04-03 21:39:07 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-04-03 21:39:07 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-04-03 21:39:07 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-04-03 21:39:07 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-04-03 21:39:07 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-04-03 21:39:07 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-04-03 21:39:07 232566 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-19 19:51:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 17:24:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

============= FINISH: 19:11:40.71 ===============

Edited by Orange Blossom, 03 April 2010 - 10:21 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:03 PM

Posted 08 April 2010 - 11:03 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 Kristina78

Kristina78
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 09 April 2010 - 03:17 AM

Thank you for helping.

Log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-09 04:27:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 261 GB (87%) free of 301 GB
Total RAM: 959 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:45 AM, on 4/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.2.4.18/applet/mo...opoly-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.2.4.6/applet/peaks/peaks-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} (SABMachineInfo Class) - http://www.superadblocker.com/activex/sabminf.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 10167 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-19 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-12 4112384]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-12 81920]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-04 131072]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-10-18 135168]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2009-07-30 177392]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2009-02-03 14088]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2009-04-29 1193200]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2009-04-29 173296]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2009-04-29 259312]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-22 98304]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-12-22 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\BigFix.exe [2002-07-31 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"DriveConfiguration"=C6142D477C3E07F5FE5919D366618159D63F935B6DEF714373DEDB9DD79648DADC9C354D0F99BD7A7CB96A9021514B34A3C4468040A7B04C05231BAC419B6FB9398F3C951DC14FA93B968431C673BEDAFBEB17CD6B03CFE0C38CC979A13443F1C945B5EC2590FCE60AA3B70FBD43F259361601CF249FAF28306F999C869AD4F69269D6EB074E93AA261DE6B43D7833EE6E8B4AF4B1FA8FB11CC018582C625A97A59B0BB9E14341CEC2840FE91AB8FCCAC129B4BAE61CFEB7A20FEED1D33E5CD4276C942777DF4FF457ADE389EB36B6FFFBF2F8194A6D926E248F59CB372188D3A38D6DE854E5E2624F9027FF8ECCC08E19C44EBF2ECBAA9DFE5F26C10D0013C6DB4287FCC4225C6125967CCDC0675C6C6243C771C20EDD09AD7A5B8E60D71DFE352CE0AB83864D34BF9033B3E764153820A1E4F5779DBE0DBDC49EB6288C6445182A8823E1EC2ABFC265A7D51BCA6BF0DA9C062D37878143A18AF2C0F8594E95FC007FD506C8B6BAF55E03E96C3222F73B1E982B1A48FF869D499F00648F3E159D92FF388081DFD247B4F4CBF70EE7343141ED826588A7E2DE9947CCFFD5F5DBCCC371DCABBCF9246CE86D278868B147A6D553EA64EA6ECF537DCEA243B454CEC2759C92DF1EDE573377124123BFE458045FE096F9AEA66370EE312448566774BEFF91CA83A30F5511A44A2B3E50E9A3126348FFD6CD264F6DB69D91E7C0581D548C0041D67FF728FAC649004997E05B19BAF7D6A949D0F96EB4B7AA5FA707ED173770A949B4FB3E1DBCA15CD888812F48C36DD3639CA80E2B1AEE3ED4AFB5902911B3732C45A04DFDFC3D6CFD23953F32B683C6EDD57447AB196E433A2851A81D875E4830B0F5A28A8F65A35FB5435B78E19A04B6BE7C34E342143C9FD739649DB943770F9F1E835E9D9CDA1F49105C421D18F98D1CBA7149B8B35E3CF40B75D7C6ED09AFBFB6D031ED4CEA9201B11F06ADD869973250B7B2E3D59DDE00D8C60CBD0B2C1912D9A1666C491BDCA2244F2D2A5A815C8DA29A7F18617BC3D5CD91B2B952A9B11F3406CD7577B1B736FC110C18ECBBDA86598B605023F416A21994EDA732610CD8BE1A0E8BB63FB78335CF2046362B30EC05BFB4DEF3E4B1DE4E05F8489101FC97D7D1E12A966BD54889E6A363EEDE8599F21A3A806A6C5923C3D9E5483CFA21F552A2A6327CC1B20FC31989C3E9A7CF65EA35B348CF1B8395EEE8DD82779C1424FA18D58529D20BF7DFCDFFA862C9C476E5B6D204526FF10D46A559F85C1917ADAE0FB2A899FF0F4BC18D927955BB8660945EBF9691AACE7D6833E2946E7F1CCA631A208134096B9657BC41885E4BE7DDCCFF13C12714A1F14FBD87D70D690BF6EF45338954027E67C3D8D12A81CBB490622DBE21DF644E1369ED7C6AFDA15063F937CD31132E0BA04C361D26C0075D8A69C9264828E5083FAC5FCAAA9565AF51D928F90067EAAC390B589426921B89D12EAAF2971B6288DA83D85CF7A06E1C782024928ACDB16DB16DD244BAE7E3D8DAF1A8AC9A95457D6D89627DAC4CD23F6F2BFF960AB68DABD7703A4C36CA0987D1539F782529ED5F3DB30FF5C192740130D440266A6BEEFF71DE3A6D703F3E30FD5DDBB59B3A5A2F83C053E9A495AFCEDBE8DAA97BB99339D5C36434DEFCFFCF06E278230C04B2D516C417F6015B8D28F61EA5033EFF15B7575668F247E2F404300A0D40256978A63C8A22C0E4F012CA795A9D151644D9ADABB195533A4F280524D7FD82FBA7D17415C85C48793B6A28FB8D242AA9AC91C766F95D8ED59ED819792241411A3A458E6AE3C3F1E8ADD2B6055A05B485A7EDC7296AE0808BDDF91A493A60B06588CC95AEECB44685D6E32FA42E0784A372B061C13D25C49023B494EFDD46E239A6366EBCE4646D6D0B8589D9BFBD2A5F386FF49DEB53902867CAB0807D6F4D43A3EF33A09A1AC00F4F3AE93FFFA37D95509F8BAE437B1CCDAF1DC855B570DD2B352559244256FFC8D46AAA56BD38E207DF6FAD979B35A7028C0E558B7600B70379F41C488B603A0C24237ED83BB0A150726F7CB88E601DB729021A5B95AB73255E76D8E1A861FFF41468435E77A1B109DE7268A1180246A575EDC1BFCC3C1251C39499504AAD7D55690693F13CD881413B4823C3BFE02D68C24012EBE7112560BA3BFE1038582084929568D8E02EC66872EF5A658BB6115E8E298ABE46B312F47DCBD3D1CA7A4831AA17F4DDD25554B0C48012F9A1047B213E2F338E793828C6CE7FC4D8251667F7EE81146970BA6A9F5E78D7A6ACB19508BEA05EA4472C7E39E57B5D76DCCA169CBC79572F436264F17F695F103354C69F7CDD3D43B4068E2F97ADEE52A46081CEC67221AD344F5BCF960CBB2769434A27A41D54799CB06FF0258CB895BEFA9060E75F0268F504DFA8EE2D701683101E458A7E872CAFC6D22966D73F4523A402BACECD51B2717BBC52348BBDF78CF090C0AF52444C4BFB12C577F4EF1DEA6B5D976B58868A88608B61958BFA1AE7AAD03EC17E687C3CB6031B4A0DC6C3C679174A00A64ACA75A27DF7DEDAC0AF6D4579D353DF07568559A693C00F93E4CA3A7070FB67E944FD2798A5D00926A511C5B4F57BBA79FAAE959BAC232F65A479B1943D7893967F1DA9807A403F0074245B92474D43F704913FE3DC72A0F641AB01EE4809CD1B527C0113EB6E34A6F253D415FA82B27EF143C19BFF291AACB1A244B257CCB395DEAA8A8E49B3D7B5E5E85B03B4973CD0388837BB2ADDEFA66E3E85014733684CC8D16FD78B9925CDA49D6370D8E425A60B1096B5F83E6D4B252E7CC115A486A0BF0E52653F66FD81CC5A94A495EAABE23BE0D387376DEA4A11B7CAB10B8472CEB8ACA85BBECEE209DB4367162650B21E98A01733CAF1A82F000D5A4967FC64E79B78E8B36CA1D5F1E2F20C107E74C27FC33125C1F5EC42C421950F266F5DE5437A51091682F71F075D9EC191AB35BCA2ADC67D455A41C67EB07BA5754976A7D72EE3497AEFE5AF40F418993D0ED2921C51A96ABE2635E7259C16B891FF39AAE8AC581E5B23C095BB475E57605961DD5DF61372E2DA4C59B7FF2FFB2EC0BA2F573E9BB87203460FAAE54463002DCEDF85F99A2BCCDFF5359FD31231F14BA2DE14A0A40C2CB87F5BE4E24E455F017B5F71ED8FDB9510164852056BECC0E77ADED04AD86F5B34C3F62BD0062304671D90E58B9A998B96C76E37538D66B1FA94978D62ACA3AD726CD407D8186CA8FEC836F93AC76142453A8E6CEF02280B11E3F49B99C2E5E90ACEFA417763E2D03A0E4C9524E63E8F0807B6D17A4391D9D613AD1E84D44BE87B30B76404DA2AF8C17EEFD4EDF7C5CAE5C3855FE8B504221BEA3B3CD0FEA5490780E96635A3B98B459536FA1BDDD625BAE262ED5F3EAF22AAE17DD57705AABDB3B7A6D96E93275732CF1EB5947AE9260806CA37FA0598B21A30B4C2F7AD3F59CF928ACFA5A5CECB95651E67654F998F5C5AE4AA57C495D77D1910774CE34F254244A0141233F301DF5B121E59B6E14F2A5DE498909F03D64B508AAEB96374C440BBE92DEC3F0526592DDB06D4B0BA71BDB4AECF2FF94AFCE366A54152A1A3841ADC7695BBA3F164A602B2CABE1E7A61681108C06FD18E22B10F046A195FC264CD9A4E4EA8807397EAA293E62E7F3D5E9DEE022062BC85125D95D2DF1C28F13F0786BA79DACBEA26590177373E41213A95771B4AD88E3807A3693E770E33F454BD9AA7C7003BCC819A5AE607C6D7AB4D7C5D6287F0DD8F3C5B3BD29CFF460D1365EEC51EEAB1CB5E79571BEA9ADF04EAACB989626E36074BC53C19E8B9953EB957C06BA8663F260FA94EB766C9BB40951F52F259825C80EA5D66D4DB0444014148547A17480781E18B9EE2904C32E0A615F7709A8FC1A57E99C86CDF97A879ED0DAC81DB6C4BAA892BF3953F611A06A97EF4229B1433A68C0C28726AEE4AED8D04CF4DE9BC7913894FB3D438A0DC3F8167E35CDB8E14121DDB31EC38D0C51C24D0B5C11B821865067A48CA341739E652A70A2C98D2DA0D954035DDBF3C4DAF3D2897E88F7EF5F04B0954145C9C8CDA020387921A3AA62EA0DD605472E02CB05680A28F3F79DDAACC7A233F12D6C8679B7C4FA3AE29D3B8D1DCA5BD8D8A3772711439D359957601EDF04130F1744B9387BAA5476471CD211FAA254C4098A4349A95CCA3DC66DC2A62C046C3510B63B4E26566B7FEEA8E570C33A09D061C95ECD3CB902AD1EE1320B0437124875E87F521A795A7E698A2D53F267336E037A1C527C31A4814DA7782AB8182AB9ABCF51D1CEC85501D5B1F089F1672CD5CFBAD9CAD128ADCAA208B93937A83DA6E18598EF2EA0949A46FEB914083384F5A78CA95824569233434CBB1AD9F4550E8E9C211433FC43A7AC3FB8ED6EA16CEA222D97FDFB970EE38FA037238998AF1BB50E3A5A3CB2120CCC2278E4164763BB0FC44541BCFCEF2D143EF549D47F06C953DEEA29E155DAAC425E81D7539784D875F30E2D29E502C37E559B7E1427120CB540A288303BF072D6E7E02CA25EC40BB9905DA80D00331C65E8284A190E1C216EAEB9CDCD4B7DF6390CC0116956F89F9DD45C454E71AB286A622077E1BEF5E7D53E6DA2732F00EDA6F711A40E07E1720F84AB67A8DE223D2DF1B30CCD7C8AFF98C301FF10BBF8CA258FBB0E7B0BA5E5C11922071FC921FBE7A952F44965D819DDFC8B00221F2A8F8DC2615D51F0E8B255632044D64BC906EF27E488D063684F0D7104ECBDF6C161B33E2A6D310835936B6628884795346D815F34D5142E93770886BF2C15503956EBE4D9398F0E1968C5723AA060CD84B1A25CFE226D972FE04E49BE1842DA93E19A7D241D275BAD08C514510662EAA2C761CCA52BA6DBFFD5216B77AEC5703A57F9F6BF43CAAC5B8C1ECC59F959132177CC187AB4BF354516F88CC853F12878CC1086DC0B5BED627D694EF4B5C6D6046C5632C1DD5B8D84FDC10CFAD37DE056B191DDB788B40420BB26B247E51E3FF608EC3D3C6F9F23FE1CA9551E7D66A3918C93624AF3B7FAA3797D5B0510785DC598C604B464EBE87D230C3B3DBA8E1090ACE9E87B2B398E4FBF3C6C93F8E003EB4F3C2624C5E2D60D9644E9E75CCA33721A1DBACAC85DE95D6D6480D20B6BACBF259BD3C70AC9E4C659CA5F47A7BEAB8ACA66B75FD655C596912BE331B7E33EDE1901156DE2FB5257E62193BAFB6A9294FE053F2E0A4DE1283F67CBF245EA26EF2A1179995129D4BC09475EBAEA6EEB2FD071982DCBF33B3100EC9AB39A21FAF570CD3F88C75BE0A238D1B41D2C5EBAD3CBE971FBA01D8845BF0D47229FC8901AF196FDCB86F599858539D4431757441EF955BA453150E5CF9FC135FFA189C64417E00BDEAA369389D67CC431B521F53161DC68646744E86B9FA5DB16B8EE97816CCA9054BD7C921C256E254EEBD294ED5CEE6851F5F29206D5DB814EC11DC4B8D29A2FC8F27DCF9DDAE2F7C1AE7FBFD2E260AA5EB075E07F0BC2E0BCEA52B2A6A2107E1A2A5385F340BFA81DB2C9301BAB0DAEAFE25FA50C04F743D28BF63EED8A7044088ED7565ED7EBD95DBE0E50D9FBC1C459E08A2BA6C56CD37386A6241009F63A00187281A72D2B18271713BF23EFA1154A74FA527C37ADF7FE3DCB54EC687FCE30CE87EB0EDA94C502BD555C8453E380EEE1C57C795BDF62D5526C6E111A9581BD549F316BE403BF630F1565D1A1E4E397B5BB6DF25C3915EC0E96F0D1311D9677FA1EF19CCD2505828AB3A786D30F2BBA3D76767C63B121BC9142062DA67D389E895FA26AE630BB01A4341CAD04BE3F4668F487514348F420B778F2108F0110E28183DDEFE0A5322E3869C4E8D3B9F1BE346972910F625E9D7D243BA26DD7952ED1853603049126F5BFBA20ED7C695CC2EDAD0ADCB839467CF26E21633E427056780EF22F46DA8B05F2CA93C51D472D2F6F23670A39496BBBBA1B0F1D36C581F1488A594E1DDB095BAFB985261AFCA193BD47FCAF86C858B76EF4395BDE3E3F72E22AD439071A7E82A4873D1CD848E530AC428B3A21433E93EC9BAA360AB748D9A5A99D0FDEAF4D8D5D1395B93039A970B5B95DBE03D10483C79A7D9C47345A1CB81F154C595EB0995FF1CF83E8E26FA1D85C6C3FD6BBC2B2CED5160ECCF837EBB286260D8CFBAB50211F25683A534D66DE1CE5B242DD9AD1CB9188DE46B2248641BC48C6203A1794B711BFB31BF775810853B0555950DDBBEA10895D5CA7F9ACB220C6E1DFD4991606D895F9050C635A68DDBD5689AF30C85424291E1A5F3312E806129BCAE89D492EFBF86BDE9A1B7E86C4A642DFAC7B22B87CFD4597DAE3099039583BD117FABB036597D5729023845473639AFFB7E7216D7F81726E45A9ADF3635DAF2C377976E74342A9B7DA67326EA72127F7B2CDA80B21E824F2A459E852A9DCE907A9E365576072E1A60DA953AA4FBA83C9C550EE837E4807916D445A26BA0C3C85EE0FD6EAF615AF19C7BA875059F601FCE302C848594A662458A638EDABE302E259A9B28C260B6DAE976170C92002323DDB48C97B0EA1995A7A2F3A64B18AC6B6AAD53814DD899A153C8F82FE7934678B0908B3807011060AEF6B816BF6D93FCE2BEB1B5C33734A5C403A9F9EE5099E82EB05A38BEC02B03E10880BBD3239B6C00205C419574275A4A9360327C0A101FFA0505CC92A235668BA6A2F49E6F81EB422A9AFD2C46F2331729A83BC1211D03369D5786509DA8E67F678ABCC67CCEAC06CAF63C7F23DFE694EEA26BCE1DBD6B24955E6E337A9660D6678B897F3BE053054147FAC041F2359C494A186BADE439804DB112791675A65CCC7A67E60685581F7A096F327A9B3D7CBFA6D0E36660D96938FC0A002E21C2A0349CEC982E9551242139781C3933063FAF7D68947AFF77E44E6DA91F71C984FCCB2A59E03DBB2E013406FCCB7E731B825C0BFA2AD88213A459751E1974F0859B0533190A7FB60335806AFD42A942C250ACF295C25AA6F61B5FB0D7C5C0B0AA0CE975D944330426B8092CECE34A61A8E3EFC6B92AEE8C64775E7B1B04DBCEFF012C44A34223741335C5611516AB4EAE66A8D4E899AC31D30EE9E3CA453475F7954DAD9A197BA2788561B1466BFE2D195B33C3FB08765E3E4BCA470F6BEF914E9BD6B49DC45778B8852615047804986AB8328865A02BCA5AD592C229866ABB01F28589782B3F6CDB1A6B38C2C4958EB3E8CB4B3F3A381FB92E774FA056A31E7A3504427351D79948894D1963A9D505473C9E672FA158BAF2623BE72AC04B739593DAF6BB514ECFD26C2516DEE135D21C0D396CA1C389643F9D299543A88F05D1D6C27B87AA9F1A47D329AA4BF1916C5BFA04A244DDC852856687484B62EB5AA0036AEFDF8664C26B126BE4A0E4E1000AA9C9E3D52BD73C8530C9A0E79FFAD148E5353FE497C7CF95A159D8DCFEFEFB7B46F0030409D318CECC650B3900A9E7F23144C9728027F1C8536E18994B88046576995B0BC71CB590C3CDF41C7CC6D845C3E8CE909A7C0935E81AD42370CA2744046A780295F650D30AD02F2D50453FF6536798EDA219DF389FC825B483560C8AA2572C03F080B59DC55C555DDD415C68A3831ECDAFE798A68D5B575FC0E4965506D7A6A3DE4C933848D0052DCC5A6456BD95804018BFEBEF7A8709787EE201AFB1F9ECA201D34234CF1B9208452477A1EA2AC7C773DB0D2CDC153A4FB8F297A1C602FEE6C4D74ADF88C70C264CED7F594A71BF7A88093596F6C056A5B6F6958DB2BBA9753C95F24CDB8BD3A426EB2F5CD59E1ACF23FF534B76ED0FC5421FF9CB2BB876B96A1C2D307101C7C4D2C9F3F55D0FAE618880C13714EC8BEFEE9C003954E7F23338008FDEE9122C95D3F08F403238C4B4DC73B25AE2B819BA3C71D515BF746DA44970EA213F8BE5883949E41FFBB0E7B4A7AA3D2632AA9C261592713F45D4751464D881EA399EA3665EA57197380B9D362CF5CA2D9510319E57E01A1987B3BD25CBED3A6EF2B56C734BAACCDDB0D19210C3D21E0178659747D407D274F3F175A5504A5C58419C3B7EC18585D172AF8D68E201EB890E1722BE25F07F2B8EE7441E2B95E506E8E0D454EC4F5799F5E6B844CC1C21260BF7101B2CD205ECE55D7D74B8E52402C5D647FFE47E88D1F013D5FE65F89B952E3C36CAB863ACE04B6A9C4C9A057117992BDB848ED480F36B0295EE055BFED5019BE473768B614F2205BC2A13ED13330C09E77A2A13DBA7C70DB9EC9FD5B63831F9F7AE68CC54557BBA5B1112D898D2AABF130B3A9B1B65177F42B515FBA92CEFF17ECEE9A4C29526B312503791841BB5B963B776FC4D1B23A968A533AFF75E1A012B7FBD3F3B352A92B6A286D7182446019CD9A2B85263474671E84DB4EE5D68304E0562B2B834C9E04E59E42EBD3BEC4913839579B6D17B3BB64215EA6E0B2F80440215A58C44486B64817E3BDC9BE90F5B70BCE23DF3EC65C18233F423735BC805F1B96E1306F778E7F817722AD9B517FD5A8DC597E03C2F2FDA4B521C516995AA3BC0F8A59127CC58315B2F7160A0286DF879FC0B0ABFF600C7F164ECA1CBE28DAD1ADB324CCE4C730A51CB20C617C8771376149ADFB99F3F527086AAF9094DD824A568FE8D2401313A82F59567A467209E18F9DA5B5EF5C15699FEB9746E3432F56809A9EF9B5072FB8897B42E41B7B54BCDA95836CE9CE3AC614406324674194B41EFA6EEC07B2737BD38115DE63011E4FC2F951479D58E95A975E974CCCAF08B4277FF66E442CDA94FA10C12DCDBFABBD26B3399DBA5C949B59C960C2A42D10F42D1E0F1B76A6D7FA9FCBCC293683C3B7EE35C6D759B9F9C389DF3D534F63E2EB3183B4F9551808431AF96EF266BD51E1A4F2B5218C8A3800F9A41A7D7D32D606FFD14B78998CC3948C7374E484A69CADFAC0DBEA2BE04942B43505B1AED315F5A898DFDA57695B54B5BA6812F196D651295FF4F48143D0802779C92B6A76C486277BD4BB4AED22520C2D2AC2FE3C1291A3BAFBA97752FF5F37C0BCE618536BB914F021585A993C2A1359411016D28E50EE3241654CD7B148EC0F9CE03BC9535D21669C1B518A0A3B5602D099D9ED438E96C91C62B262409ADFCCDCF5845554FD4164D60F1149AE94686329917AE20D87C5ACEFDC0B683C108642BF335CF576E0BBC84499221A04DBC3BCA95AC49DB59EFE80021319FABF18B6CEF60CF2D48CA79BD2D95E260E9B9B761A67FAAF9CB8867738812CA8EAE774F23C5F6CA0758B658339408952211ED0F7BF0D8FBF026B5276617293056671C95F5730D754B8DA924F2B51766C8A244443D53405D07F695E61709D8EFCBBF7DE865A5EF63BC85E01B318ADE36E5A628C72931BF9737D3C0251FA3F0EB039099E38700954A84B8A8A4FCFC12009553F7657DBC5C950DF14E4E79277E8AA64193621644CE24B10BEEA7C63B51DB4D7A5DA46FDC1EE9479E30E7EB17E0CCA6EB8E81888255C721B9EE8589D7D260A3C29F8DA372BDE3CEA741358195D712DE756B4A9D412ADFA421F682EBF5B6C7CA8D9387C7236782AC297249DD454F5CE99B278F5F4A25B2E3392A708113C178409055DBFBF7A1B56CE069108A3F6805159E89246FAA5A16ADF195BD81EEEAE02CEB367064D0250A9E4A7CF35DE27608578908F8D37469B0552AD2177DDB82FC2DF3064CEAEFB789856F8477FA8DF219986E60DB62169011B68163A02CEFE4FBC17F885235FFB49505B103805FAD34BB8111EB2F9C9AFF266480DA2CC156D317C731B745E80CA925686B2DF9123F7FDA2A0A29FCA243D43390FC5FB6E0C22E2346C5C5C47738951199FB1576F8781556FACA4F4FF1552540C07F7236886639A91162C4CE8D68826A8080A9E47F791F9F37DB9B86B01D07E9D31829872BBC83ECE80278FD2921AFD17B05BDC29CFDFEC485B4C3F6A862B37777436B7B2548689EB0C30D27771F0C8A7108107ED656ECDB2D496C8BC6BE8CEF93B1E87E390074B067726D1A67F790DAF33289354934AE7F818BED3B1F7B0384E58BEFABEA43A722F0350999F33A1466FEFE582A42BFE9ABB269511E1B28662F3A140C413AB6774987E101C9EB436F02F73B7665A5EA7D4C3B8DA5E7730A0779D8C83CC473C423C1A7E2DE955A801EC15551A199EE69F8F7E4948E308AECE64728AB24C6619E3DCF794A99D5552CD2D0B948E987DA4CE6B815732715E1A9F78C03F062CB00024804D838B1EDF1AA600B5298AB3111098A430FB1ED40E218538013F9983A8AE80E484638D02F511C535AF2F40C3EA6276B7C234B668F191C1F274AE10BF377E598B7262B149FA15ECAD242076E4BEE02BBE4E0335AB4A875069B73D3EE1B8CFB5A6A23EF92C54DFEFB064DF38479128C40EC002E5405F4EED614D8825369B980B3764FC9FB7BEA3B1AF9170220177119AC44BA0DA31E2A05289206FFC845755CF4338F9FB596B8729B0A2CE9F6EEDA0B490D768FFC7ECAE351C84D72994AF627A8DB522DE986ADD5FA67776D8BDED35DF14DE4490CA03D8D973BFED3643040E5E9B6B4BFFCD686E9DB6888046F3E8CA2D29F115B0EF7231C28CC7CC35DF4EFE9AB0607FF930EEB9D1D8584161E80E250B69C27DCD31C69F71F9EEE8943E34D1FAB74801B3A7A94A298C9A5B5CE1E0A9D10A5CD8DD9BF5E833D01886F7B80A397D34C0C3A973AD27383E7B26151F9468589A8796B977D3E8D1F5A817495BBC35E20083B92AA3E5A2F28067D93D1CA369A6164C613BF32E171DE6DB0C3E1B61CE782F24AFAB458621287C895304D5F5E70FB480883D1D5705F3ECE0C35FE082CA4853A802CA00DDBE55A7236CC711C38F82F19DE74B1E9A6B47174EA75BF12B372FEF088E610B6844C0F67AB693E887E8C3F84CD15864FCD340D4A6AF34967DF775D8D83828E3EE63DF8771C357FD759A30804BEF0E84A7378B19C86F68EBB43B3C12A22D45E8F7F5A3608516DA21C52F0C4F161590FC024C00987F1354FFEEF57DACB78228200
"NoDriveAutoRun"=67108863
"NoDrives"=0
"LegacyDrive"=0E1CC19830C3E80F4555FFA43A9DF39F054716182E4CC50D8EB148B25671F90854B7A9B172513F038062A25B3357DAB46D1C7178BE8F20952B35A7D42F2BFD660060A9C0130270A9E2363092C9ED0C0C25FFB2C920B2E7786435B356494D56F0359A7E8B6D1CBDC22BF53971F071A6D21B4371E6BB113E17A234951BBAB9D81B9CAB79155F94697FAE41D42D1EC60B74BEC2C190EFE47B4376EAAE42BFCF799BC6C4BAB9103F83F0ED5D4D6D2BC3F4253A35030B8E64328645082D220A2F978539D54FA543B4F239545DA16D348804DA6BA98EB5A9C403476581389DC3831A80BBF6F2A77867B6E72CFED9C53D1015FD145141EC29A9B460A6EA09581BB4720B73954F2C2675006DB132F742438711E7BA3226A4CD56DE4F8B1EC71304A3A571461009848B032689B037DF9EE96024CAB4577FA63E0B77EADBDE47E4F4C059C454E0724C833CEA81451156BA649665F8AFE90875434AD6800987AE8780B79E76BD2B033FAFA2F2BAA8BCD7B019B25C329D438D303AF23946E36E9BD941523963AAB20E0D0B9325E379BA9A02E847A40E7D9DA92DD7AB6A69E7707B5502BEF7F4343E71D6D8B42E846584911E8B75D6437FB60331921E1C2E09B89726297F0F9591663CA7CD9C239E270D8A75C0BC2CAFC3E0F03AE18B1C6F4F55C4A854760D03E5213458C812D26EF9665E6E4DB0F3975549533485E72CCB96729B982813EF39AC8DAFAB81D0DE755DCB7D23EF8352F6C362E8DA65D1D798C908C7454DEA25AD1BB27CDF1E1A2F49A292FE7493A360D134D3D2B614C96FA43EB1C1CBB1E2D7D010BE97CD9ADA56995B5FA64BA4B16FF9BA4E42C5CBF8E91B26164334AA584EDF7F9A8680050B6EC3590A8E6C084060D951EEFB591EE53B68C4B6C036882293B562D20CF00048F39E0E16E5F7B54EF9C66239A4C0C84CDA1428577643D000DC32E170DD7D564CDA0F42E72DF059B6C45DB2040F1EB6CBE61D14CE720212132C7BEDE5C1D5D789F80AE87CE52DFEFD5F09C7CBB5051C309D4B913E6D2A4A598EB810F52DBBA3A133CA524578AFCAA833102C35B54E62FE58AEB201B2B793AA0EDAC0C89A1C598CA7E76175240879FB621920B2766DB2973DFE8CA09EA770970F942B275BF67537A2FB1878A1FD553A33F983841844F963F6792E829DB61FFB8F08F16DC023D84F9A57378444BF092FBD24BC7FC8A3A1EA6F30B0DC8187468A6A335275BA510B4A7A98E306C096B65D813C485DA79DEE4F63F38BDEC5E3BE7A8A025AFF3497179260A287CC551E4B1BD9848665489092EEE747F27B75DF3988B7030408D70619AD7AABC32BD36A64E409DE025EDED403F58FA135CDFCB9120B097E414544565F36C80000B76128F1EAF139C0B912727F7FFC3CC404A9BBF4AF38A3C2F78F4DF21B4509C36313BFB64CC69991C67D474B8B98FC5EFD7FCAA06ADC0B198E08011259C2B96EF327353EFDDEC98F1A94C686AFA856B0E627A793F9FA4C89AD5EE0CE1C95ECD7B8DB0AE58D9C4BDBC6E4D74CD87317D3D98AE288BA2B71C19A28E374A8C4FBA5EBBB1888D58367E61CD257C1C5604D3B81EE99B43D87A933F5067D07C9D85BAE5203C4F53667A661FA44D3CE18FDB256521C357445950B6941A04F16DF58E01FCDB598C99A2FC2C3851E2642446ED2AFEBF21B9C10FADEFD2D270B95457E65AECBBC830DBFE91B251A307F8B6CEE68AAC409F3B8D083E9E8454F43E28163EE706F0ECB7AAC8CDBFA34E8D758968EC1460CA740AD70FB093E357A60FFE5DB2E03CD835478F6A83FE758B6BCB84BF20EF53E5D3E4FABDBB3664A940245869B072C2DCD35936BFC2A6BF94D87A792DFFEFBA7AEACD8E453B6AAE8915BDF1FAD0818F2F8175A23C0F1760D7F76DF2E539FB9E2AE6132714FD5154C71979C94426B86DC96276A30DDCD4B5652F76C5376786631BD40770087801D1B510FE4AC2D0C7CC9736FC50EC3AAD8D0CDDB98D820E3B32D713B112498E3FFEADC9B8C5D705633203DECBBEEE20F5C2EFA8023C89D829738298F9DE0424B99A317B6D6AFE7A5289AC473D0B198F49F8D65AA5EE695D13C6EACE123AC5405A79770550AB5831A033213906DCB00EA41EA1397C213DAC4F77EB4225E0628E9DF417B1CFFF1810F569BB327437582E2DE85EB172E084C7E9C117672A87203F6DBDFE9F2F7FD5150D087A9A1135B96E087B3B83B6D5806E308146D1A5C69B98D3583B9E56B6C9E99657FA506DC1FF6C1E1A8CB2C22A6D4476946DAC96509A370ADC0179502B4A003D425D70908F65CCE96F9A605E5BD823C21A919A2AB17F1F85166784021433D1F37276086D3214791AED693B08FC6530419D1770CE7F98780DB69957DB2B66FE3DC661AFB8BAF7C5E0A80591251C581F5D6E7475FA595933403B3BDFD1670E4B3B39B973A7F5A38FC898A00DE73544373D701F670E40F6E6148846A9A5382546F591CC4A85868462FDAD55D0C1DBFC893724103DCE34B117418F479527B118E0D9B06D5F44BCEDC607D1B949FCA57BBDA488D3F1872A38104D73BABF10FD8441BF34201300D2BDF0F4E126ECFFF687003FAF2A23C1A6EDAD0F07952DAB8B044828B16B77FD5B598D90A880CF4959905C5CA11671378BC8A7DFC299A913D354C384B3BDECDE98CB63049194616167332A3B7F6B53AD340409410E8650F216DF449FF6D64EE761874CEE4E311333D817B71530FA4BE558FD8449597A375958E4AF09F25886EC02F62389B34D1B40B72A7BB9825C5FB48068F9AB7129D1C6A8CB3876145F4C5EB1B5249BEC049F547BCCD3C3FB681847FEF29CE150F629897249002B7E819311842D1F1609F10B49E8F24DB448F8CA9050C1745BB85144EDFA45DCAA9CB955F79EFADC576A9AD7B758AB1B91CAF31A6479686CCAA30AAC9B8384047C4C2D42E6717631721C01E0443E16B4F0CC92DE112C6AB45A4E33E583BEDFBD3F09BC72DEEC1396CB03ACEEBB9CF3B5A865B0206C12D445BB7AED6A70C449620AD7600290750FCD17609FA9D01E3418744538446AD62B7D0EC53201EA486B12F679C95F54FE1DC099953D56DBB43459BF9723A77740F77C7AD2A1946456B7BF3060456AF27E42D07CC2EE84FCDE9BEF0B8F95902194E351EF95B4A6DA4CAEA05AF6EEC763A790A9F73EF88C75B5A16E8F7CDBFF84EBCD26461BC662CBFC4279C8F328BA6110F063C79957DFEFDEEFE152D3FAE5F83E503CC3BFE3308642CEC5A389545CBA92FF48C3C3AC2921A0D3D836416ADD5C81D493452C8AA2584B9647FEAA8E283A56520ACBF916AA58B46417F27385BA3A345EA0C664E21B3CD46F54A1488212C7A6E6C95A01F2E0E33A8112CCA4F157A1223D7B428D8123646D266B3A280582A93EB9A16F68F958DE5D06905AC34514C19688A69A94398A21BD9513F245A3791643805339988889013ABB0A5672DE70868EDA12A537F35D94ACEEB09040656D3C2B1E4BE851FB33E7E0CA67AC67DB9524FEB91B5A11AA357BFAB6DC74ABB6C84272C45AFC34283B79F0F3A730B2FEB6E31B6A881566779A85D26FD0E8DB0556A938A3D8ECB377C3DBBAE7F3EE00B41AEAE856D9AD2A0C7CDBAA4C8E7574D88AFC422C4E1AB5DCED2ED9B44212F82C34523D0A482049C2F5671DE0B147B32F9CFFDD9C2792B016E4C6E46B7696F78BDC0729FFC2FE63C7AEE3AD2452AF2A51CF0F9C26D4D393F7FB469C4F19F26D14A6379462373BC693BEB56D09D385273391FB44DE4ABA5FBA06AD0851ED80B7C811C3A4565F270B420E958DC47CED4267468E3A14765C899AB95696B5B56F597A44FC9176C6295F073DBBA06CBD9EEF734E160459CF484FF3CE96946C28352A4A23B66EF6540A97144BD2B45F55A7F04C5056FA1E7F2EE920CE04E31339FB461C3CFC874D7EAB14CD98440C152D26B43006AFEC129498DC930D91AADF066B5637422E7DD2014716070D65382F6C44A99FC0E97736B0B0248EBD11FEC4C02D04925E80B0DBBC5DDA02464AF59ACF4C8F17716143868352406421675750DB0F54DBC3DC3C00C91FE3758AFAB222DAA8A575BFB416AB3804EB7B11428A6AEFB172E578048985EDC21866F5AD23366B92DFCBFD2B7204E7AFFC430AA2E3A01DDE0824FBA32114FF31CD2CF6D026B6CA185C105429FC6BE6F20EF516B4C51B7D57DB2FA1EB222B7FB192B235F306250A72A3BAD159422CC8038C7694A42B9A791A1369CAAB04110CB16F68207EA1B6C801BF7C8D81067D3E88B2E11B5D38D919F12139672DCFCB7A625B124F6AFE554475D3E601B34FD975B0FE1CD539448F5FE6698F2849CDDAB0173B35E883F673667A8591FAD12A5D9EA5D024B36CFE91B754EFA7BD8D39D46A71BE54B3F9FB9E8CF56C735DB875B4E560A3AB551C24EFE247EBF0255786782AF22870C9423B823939C249A3DAFF54135420EC38700F9CF3BA12176296C42D50EFA1DF3E03C70EC5FBF2550ED2FCAC69F1A41F594A8F7B9A48667DC1F9EBA4ADD8DB54761D893B05E7349341E920FC024BC1B3B1121B074C42D5759C55D6C69E452DD6B1D232F61BFF8C2B8CDD555C1A5B3CC65DFD531137859FAFE300E8A863085DFF9F3F06B18695815B018255D0BB48FADB6252959847F0832D63427571A880A4F9246A25557B271F39DBEEED338812BD15FE4B554B19FBCDF756474E32659BAD82FCCFB8BF32252BA1011F0DEE8E50FC148510B4C6FBE5ADB895FF4DD58B5E0884758EDC3B5F4A342919279F327194899391400B652B59AAF571A4E2B5FD005BCC49611C17A631C8BA0AA5EBE55DC13FACD2E2DBBA49D467E729530D8269F7EB09D796FA0BE8347757310E0281A1136582E2C29F8230E7F45910129FC95C1C7C9748B6D028278A8954309BC40CF0330007B7D8DCBB5376281302D8B20416CB338892518A0D500BC8E6642B2C70CA5D2D1F12AE8E00D3AC74EE1A31EE0AEF3494BE6246DF7E07FC302CFBA3488F5642722148297AC267B684C4D31FBAF0D710096B98D8B922B476A0BB8F1B68763D3A92951CDAF95787D3DC062AD23EC81A583389C9A0BA871EAF69DB20930614DBFBB01F091515BCD7C4B779BEAC11BDDDEF3996672E8EC1D835403FEABBF5D616FE4D67FBA58C1328A6C36FCEA53AD4B2088CCA2FB276A7E1D602945F784E6D14BDD16D1DCB628092F0F67A58F9621CD53D3097964A3DA87F9E73D0AA57DEDE6946F199A116B095C4C74056B5BD673A17E5F3F47A7CC802E3A8258FB117F1BC3ECC38FB4D826C345E2121F0E3168939051532CF2DFCE8CA39C679841C04270BA9060A4B13321A423C208794A9EBFB3C1065BA3E9E9E0CA8CF80890C10040391077F416D6540CF8EA24B7EA805BAA67204EE81C2AEE0CE66D846BA5D4A06414C3669E064DECE3EEA6E332A5DB7A0F68C07F1E202AC7F0E75FD11DC7CBA693C5F5032D1EB0BA87D09656115CB2FE63CB7D9BD1EF0C3D3EEB87BB35E9F5DD9A355BB6314DC4A90AE9B9B08AEC64D9D5FF973EEC280F36189EFBCD8CDCB87246F4DFF0362681A0A2B1B1DCC9E943B6C78AD4EAB84C0A1220B71D198A3997F27076588A5BDFDCFB4B86C2C102593083B39BAC8A6B486468071D325B53FF751AC5E163CE6CE8A05E23CD10EF0A83EAAB371B0FC2A8E499AF7CD6B6BD6331B7C9546164497E25938D80F0F945DC8F3F44A90D588489D413CE69DB14EC4A3269282D05B821D2A759DEF47A7CE6CB60C556D5733A32D6F65FF91D8B9F7C0AA6EEEFCD41AD4170D2CEA9187A3881887F6D58E6FC6A43C2D7CE7354F43F0D05A80A353171096C952CE4CA1D83E6ED72841FCE6C00AC64334F1469AB957EBC4744210322E2FB944C0DC69661BC286361C72A31BBAAEBF2AB859578C66891DDD3CEF722DD674916861B607A9E4BA662F55A86DE6DE06C21DA536D4343EF55956B59AB14AF8F48C157C55E9ABDFCB9CAB2D6441D1DA9CEB6E5D20E04124CE5F22F80E45EF25F0ECD1EAFDF5DA9A28CFA1AAD8DD536975912DBD171C12C059F10EEF1BC80BF327640D435ECA58F84B94FA064223E987060949E84F79C63DA430C577354871EB9FB663D6225B81A9768872356DC5D4D152C07C0A8ED99D0642EB23085500262CD1709726E0221E42AD895BEEBB984F5DB6B223BE10E5A70F212ED1B01EB8DF875B7F2B0DA212AE7D785317B6054C10B2CBB6BB76A7FE727B02BA9CF346EB4713EBFB3E3DD424612D9EF9A47EAF13CA9274C2F03C1C33B9BC8F1F989542FD66D75A52C832AE39BFDABD4B23BA9F1569CD6B46895A850A2005A9FC2B6345CEB5F0D9248890E54F2F8B8AF143D29DD4C8A9BBB55C52D7DE4DBE6A1CF57F721743340ED59EEF6169810DE44525EC84F169BAEFF245CE81AB2507673DF689523E83B90179EA8D9CB18BD5854A5D703A4040BAF0AD8C526F856AF790941D5984218061F988D7D73B33AC00EF290C917AF106436C4C4BDD8A64ED1C98CB0AF5D87DB199E88CDA320E45867E3A725FB7A2BF8A06DEA36BCDD91A48B66557111498A7753CB72BEC6D8534208ECCCF6CE3368081DEF7467BE1B0E83EB4E7F534FE1CBD59D2E548572DFEEE8F783A4246BF13CF666F0B37B5FA9DB46715B48B05F516D6FD512036BF1D7AACC0142D3588F4CDDFC9A7F7EA827666560F8431E909CFF35A1A8679EC943945427E8AB410F9567C75EA32D341BA3C6DE0185A00996C9124281879C95EE4A710034203228B5F2FD4B0612A676501344F8F7DDF0167900C90098493B04BB93810292E06920F9A958BE1F718DACE7A0AA9B8E8F9A70D28EE0CA22C3100D1CCD4F7E81B58F14FAD3DB800AEFEA6B40A6F4FFB10FC4A8A59F0E1C914A049946EB246D67E654BC200C307E15BFA3C79956B44B21C2A321F87235C734754C67E8DFBAAC589B6D57E8F96C5159C9D6C4291FBF8B96D3EF556231D1FBD4F28B10FF6B6FBA460592C120EDBAE6190D7E76193AA81FE9AFDE01F3BA82084AB5D67AEA3864CC408D9DBAED64C096C7C8FDE1DD2052DA184B9DD7D05DF94D0531649CB0AFB685974D1BD569D5C6440A69E49C2CC5CF1E1FC58521EA2758FC9A91E626DAD64C9CC4759783F7627B0FEA0A48A37F91193ADC5E4F0576D93E556E957325BC21E7646FFAC0E9EF8B1CECE9DDAFDC5A040B99F6F61EE3CB9DFC12222ADE08A6AD6B65C8E237F9614E8A7F998B628808E0BBB51C150D29BB86173E2975DB772BA5EAB66D24E1B02168E8349DE99D2A34F73E29D672E3340A1C59B22933F8715A9431EAC12667C7F47600A2AF9FBB10C86D44DE65C2059A6C3840553B075BA89A297AF5EDBD53EFAEAA3E5D1B848C1A2CB31A61C8D226ED4738556189DC6F45881D32A892A2F89263C7034CEC4B60B9524811E93A696AEC4457BCE4D574315E1ACCF7E34A48A1C92B25CA4FD7A5FBE9C005CED9F2AE54FF98AFB5F2C26B164F658FC052FCA3487EA34DB24672A7931CC56B493411100157084B2A87B3D729E6C0714FD41D270858C6D355C1DAE37C8DF55BFD89BA1CC93AAF66AF7C4E9C17695847F27C6D5EF1F6DAC4F581B213C71420FC980A16FB9E6EC69BF025DAEC999B66C0EE62006ACF6B2288297CCF20BFDE7AEF2B5623FD1F57C375F176EAB4571EA7A06E85A83B02DFA27709D1F34C702886091BCBF8E827EEF9E47289F4CFA75D09F29FD045BB087FB33F516CDC3560AD0D02167050DCE33C9A2F917946406433C210651B8983FBCF51C1BB5B85DD81FFF5B4C032CC1916E8C32F241195159C62B3C99B5738463A791FF05F95DCB432D9ED4866AD6A29F5AAB2D1BF443F5EBD9F7142E4E98D3C4DED058794E5FA517D90FF6EDE85204EB9C7222DA8990D897E94E8D92BF6C47CE03DFBF074F5BA4406CEBDD0E5F15A23AC94FBC13DB1CC82FEA1A350DF646B04E04751E4C15935267515BAB0D442992290183A166AA485A6A66DF52FBC58EF5550C95348640B5045CDF27C5FE3BF247F7D43E0AA1D486B82672CB210D8CF2B95C0B4AF68AD4052EC1F32E53D5266223A7AD276AF03BC64271D2A2402789B91C74CF442BA9DBDF6B2BD8D352512C334851977F9CFABB0C16080D89F0BF16D656A02F8C7719F43BE4926C72B5BAF2664BDAA665514672A6227BFB157E3F802B614BCE8A989B53C3A735962C60F0816AF855469520F9F06395DECBA9138EF34DE676609EDCFACFA0ADD8C7A7429536B0E5329295731A1C99C2D8E95A26CE8180D4D23106AADE081641CC48875B8C065ACE8F0D1AE4DC492FAF55D4E72D23A9D176B136115D2055AFFD6F0F55B791D6561A425F5001A0E9D22ABB6D331AA75A3DAA1FE0211428660D655A1297C35A1897C13ACB83D28A858E8C82600C6E7DCE255DD55AB9B66E7ABBAEDE636C50A174AD2496771502DDDE99B74CE03CE9D50C9D8A8F0E3D31DA8BC904F0BE077E2C3A88E8B3D1AD7F717A30BDFAF0B86945AED7257C3DB6E523C6C000C047AEF3AC58DEDD861967979EEE104DCFF4553BF269D24F8B77C14C1CE1DC05493992BB8BC5D5FDA54DA58DFBB7E1DB9EFE430F8094828E3EC0A3D9DC8D8A2449084D25B96CE1B48B9EB717DB086649E9E0450E6E70CD4C7414785D00E64E3D4E9608B497F04AFEEA0AFC4B095557ACFB5C8F13D33362A463AF3BB763C79C8B886AD2EBB19D464019AB52639BB3632A8F723C22FFC859032F0F5984957F920393791F6227A0CF9F99320DA39653A24D660137A73ED8420D40C9BBD963BEE601E9A2FC0CF4E01C880230A532D754A34EC50AB957923D6D9F0F9E153EB0AEAC2415F2A8A959DFEA0DB7C909B177BB40D68D2101346A9802B0887B846A90D2B1ECBE42CCAFCF4549039D723FAB08DEA2CCA71E874696BB3236E68D99C7F07C8AAAC0795EB177E3C167AEA772450A6C9DE4E62AF1FF66BD336692C828C7CF560870DFC5BAE97A2DD0D05F746DBC47F995A1C3675FFC0D348D3A44ABF190E948031F0B21CBC75F03F01DA672A8F7FCFC564243E51ACCEFB2931507CCE06C77BE3D08EFA32C15ED7F0CBBAA0420D8AA8FF92055BB83AD5CEF6F8769AC23EE0EB6BB665D48333DCE62BE7FF0090D61268B68AC51B75095C62C0040DA6D32D51AA85B29B7F25AD597EC928FC99A25A6D70E771B62C278EFFABDE12BDDD4718266E7242E8A596B91A8CA86F73512DA8BAEC4CB87D02270E06096B718BAD268AA573DAA3039DCFAE604DADFB89B2ED4980A5CDC013470EC2FA05C03167D647EB8BB603E35B562F7794120AFEFD2335A0EC165D6A0B7C19A15CE416577B06713D234164B8F448253774170BC3532DF3D7F3F5E2732785EB6CF03B8A54063683F4C45B2EDF7FF64046B6555998251437ED999D2AA502F0C84CCAA0E1C1651EB5982A3A65BC61E7A8599D3FBFF94BC7ABEC8CF39DEE40EDAE046392D0A79DBD052414C9CF4385B451E727933A31755FF4F0B858FC360554A69FDAE0193F4CD59BD9622C0F52BC14BB6578414F975586236E19A6C1DE3168A30498E93D16F9363E9B181A14D76E35AE8A134E85DAE2EADD8DD71EBB487BBBA16D430425073EF6E830B10F86E047A211B1BEC263E5E061B3A9B5B9679BF7EB298BC6E73D7E9D8B12F9850F177C88A0CF4C694B2875921D09104E892AC238092885F308D9AB1C00DCE21F7DE075EF84B09807F377443FD85D1299C00D0EC3285DC5E434319F94A39C702C03494941211A946BC40E604B9B68F9CC730EBCA8AD2F292EF0283A431BA9F3A87E133B7A4925EAFF44D823DC9FC187E431CF53DB79B1C67CEE8FB650C06A6D90195506F2A3E31AC34BDC9D36453402FC513DA6143C1B6BE5A978A38A117A316D09F2EA17C4D74146D8F2244045DA2168B323CD0FFBD3668CDFE915B78F40323CB2FFBC8751E30CE29C2DEF36EAA59D2C50DFEB9173BDC1FF9A35CDBA085579D888841BA5490A6C45ECD33C9BDC6F646ADE5EFBBAE88BCD7E371608739C56394B171F770BA6B940DEB25F503F1BBDAB162438B7BD10186CDF2A8A132EABF44D59DE86583882118E4A701D2E627D355F9DA28672975BA968DF4CBCB4A82AB741C1D9FDB7C7D232FA98C84DF40C8BEE95E02CF1C118F3624387B52CF481DCB88E3B5884A6C58AC3B08FB102172BA50B8D54C70AA03038EE8FD249125B03331D21420826A609EA1C34527B66A55A94C6BDA53A83BD42CEC73450834619C1152017E25EB909280B4FA7654DDF3B1C094384248E21E06DD61DB5DB094C0F5543EB8B189751735254222AEC87C6CBA7C1190D6A1A646ADA758C802C068AB737121B24CEF6B9AD4C6BC96E7008165C6CFD087E28384EEB662CA685EFCE4E2784E9B50FB4DF82D9FF3FD8AE3B9AD9B9379369DA9F36349F1F8BF270CB6AE909BF90B42D02F34499B053243759120195A4456995380BD366DC1DE0B3DCA7A7E01AAF5798DFD8B342E20AAFD6CE8F7F8894EAAA9218BC603329E40DF8B7EA2E3A409E63E88CFCC6869A537C76DAA689779C53E96BC9F2DC5DD18081C2E4BDA6FF65D2DF2C9C37D518ABD4E1D58DC367DAD597252A7C11A4285844F8A2C7A31CB8387094F1ED765188FEFBD507A2F19717AA6CA9974E5998EB2C6C94978E5AD10CEC492CC1B184128642749E153DCB01EBFE032756680797CEB3E2309C889F72A24923D8E278032D4278ECFC7634E6BB6CFCDA44E78F528469798177579F83545818E504FE3E68D9A805027DA78C26299FF24517306B9539D693112B0E01C166BB203BB7C73A9D6AF00DD68EDE7744847B637648644C11B88DA6C49B3309D9E112920A2CD9869590DB399297072F85891A8030EA1381AB43E7A0B62577904D6CBFA77DC15084776200F4E226E01676BB6EBEC7A8330C185EBFB18E0EBADFEB85E9D5C0220105060669C8066E42517640A5DFE5E32B375854B35236775F5361AAE0BBA6A0F4E0576D2C9B36DDF342950ACCD6BC2EDB7D8BB5A73260971EBB3BE4EAD9DB21A0A2CABED234E24DD8419BBDFDBAB90C4D4AC4F7A823B9D616FEFFC25A5D9CF8CA14A9825E0703140600

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-04-09 04:27:19 ----D---- C:\rsit
2010-04-03 16:04:49 ----A---- C:\mbam-error.txt
2010-03-31 02:38:13 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-30 18:57:56 ----D---- C:\Program Files\Coupons
2010-03-25 11:39:35 ----D---- C:\WINDOWS\system32\NtmsData
2010-03-25 03:28:17 ----D---- C:\Documents and Settings\Owner\Application Data\Avira
2010-03-25 03:26:27 ----D---- C:\Program Files\Avira
2010-03-25 03:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-03-25 03:21:43 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2010-03-25 03:21:43 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2010-03-25 03:21:43 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2010-03-25 03:21:42 ----A---- C:\WINDOWS\system32\msir3jp.dll
2010-03-25 03:21:34 ----A---- C:\WINDOWS\system32\kbd101a.dll
2010-03-25 03:21:30 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2010-03-25 03:21:30 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2010-03-25 03:21:30 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2010-03-25 03:21:21 ----A---- C:\WINDOWS\system32\c_is2022.dll
2010-03-25 03:21:13 ----A---- C:\WINDOWS\system32\kbdkor.dll
2010-03-25 03:21:12 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2010-03-25 03:21:12 ----A---- C:\WINDOWS\system32\kbd103.dll
2010-03-25 03:21:12 ----A---- C:\WINDOWS\system32\kbd101c.dll
2010-03-25 03:21:09 ----A---- C:\WINDOWS\system32\kbd106.dll
2010-03-25 03:21:09 ----A---- C:\WINDOWS\system32\kbd101b.dll
2010-03-16 11:34:12 ----D---- C:\_OTM
2010-03-10 18:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-09 04:27:45 ----D---- C:\Program Files\Trend Micro
2010-04-09 04:27:30 ----D---- C:\WINDOWS\Prefetch
2010-04-09 04:25:37 ----D---- C:\WINDOWS
2010-04-09 04:23:12 ----D---- C:\Program Files\Mozilla Firefox
2010-04-09 03:37:31 ----D---- C:\WINDOWS\system32
2010-04-09 03:32:37 ----SD---- C:\WINDOWS\TEMP
2010-04-09 03:32:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-09 03:30:55 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-04-08 00:46:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-04 17:37:28 ----SHD---- C:\System Volume Information
2010-04-04 17:28:45 ----D---- C:\WINDOWS\Registration
2010-04-03 18:44:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-03 17:39:35 ----D---- C:\WINDOWS\system32\drivers
2010-04-03 17:39:35 ----D---- C:\WINDOWS\BDOSCAN8
2010-04-03 16:04:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-01 11:12:51 ----D---- C:\Program Files\CCleaner
2010-03-31 02:38:22 ----HD---- C:\WINDOWS\inf
2010-03-31 02:38:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 01:52:39 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-30 18:57:56 ----D---- C:\Program Files
2010-03-27 12:30:13 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-25 03:25:32 ----SHD---- C:\WINDOWS\Installer
2010-03-25 03:25:32 ----D---- C:\Config.Msi
2010-03-25 03:25:30 ----D---- C:\WINDOWS\WinSxS
2010-03-25 03:21:38 ----RSD---- C:\WINDOWS\Fonts
2010-03-25 03:21:36 ----D---- C:\WINDOWS\Help
2010-03-16 14:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-03-14 11:17:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-11 03:30:11 ----D---- C:\WINDOWS\Debug
2010-03-10 18:09:41 ----D---- C:\Program Files\Movie Maker
2010-03-10 00:33:41 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-03-10 00:33:38 ----A---- C:\WINDOWS\system32\browseui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-12-22 8552]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-12 2459968]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-25 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S1 SABKUTIL;SABKUTIL; \??\C:\Documents and Settings\Owner\Desktop\SABKUTIL.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;Dual Camera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-18 647493]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 SUNPLUS;Micro Webcam Mobile; C:\WINDOWS\System32\Drivers\SP508hp.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-19 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-12 114755]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-12-22 172032]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-07-30 214256]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-12-11 382320]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt
info.txt logfile of random's system information tool 1.06 2010-04-09 04:27:48

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.2.3.81-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Diner Dash Family Style-->C:\Program Files\Diner Dash Family Style\Uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lottso! Deluxe-->"C:\Program Files\Oberon Media\Lottso! Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Lottso! Deluxe\install.log"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Mahjong Garden Deluxe-->"C:\Program Files\Oberon Media\Mahjong Garden Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Mahjong Garden Deluxe\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero DVD/MP3Pro/ACC Plugin-->"C:\Program Files\Ahead\Nero\uninstall.exe"
Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\setup.exe" -uninstall
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Opera 9.60-->MsiExec.exe /X{054514A0-E410-4312-A296-FCD81AE1B5DA}
Operation Mania-->C:\Program Files\Operation Mania\Uninstall.exe
Photo Viewer 2.3-->"C:\Program Files\Photo Viewer\uninstall.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PICTUREKA! MUSEUM MAYHEM-->"C:\Program Files\Oberon Media\PICTUREKA! MUSEUM MAYHEM\Uninstall.exe" "C:\Program Files\Oberon Media\PICTUREKA! MUSEUM MAYHEM\install.log"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PurePlay Poker-->MsiExec.exe /X{60EB76E2-DF31-477B-A28C-2303ADE6629D}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Poppit! Show-->C:\Program Files\The Poppit! Show\Uninstall.exe
Tri Peaks 2 Quest For The Ruby Ring-->C:\Program Files\Tri Peaks 2 Quest For The Ruby Ring\Uninstall.exe
TWC User Controls-->MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Way To Go! Bowling-->"C:\Program Files\Oberon Media\Way To Go! Bowling\Uninstall.exe" "C:\Program Files\Oberon Media\Way To Go! Bowling\install.log"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winmx Community 1-->C:\Program Files\Winmx\Remove1.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wondershare DVD Slideshow Builder 4.0.3-->"C:\Program Files\Wondershare\DVD Slideshow Builder\unins000.exe"
Wondershare Flash SlideShow Builder (4.5.0)-->"C:\Program Files\Wondershare\Flash SlideShow Builder\unins000.exe"
Wondershare Photo Collage Studio 4.2.12.13-->"C:\Program Files\Wondershare\Photo Collage Studio\unins000.exe"
Word Riot Deluxe-->"C:\Program Files\Oberon Media\Word Riot Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Word Riot Deluxe\install.log"
Word Whomp( TM) Underground-->"C:\Program Files\Oberon Media\Word Whomp Underground\Uninstall.exe" "C:\Program Files\Oberon Media\Word Whomp Underground\install.log"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: AntiVir Desktop
FW: CA Personal Firewall (disabled)

======System event log======

Computer Name: YOUR-747044A405
Event Code: 19
Message: Could not set the keyboard typematic rate and delay.

Record Number: 102352
Source Name: i8042prt
Time Written: 20100314171404.000000-240
Event Type: warning
User:

Computer Name: YOUR-747044A405
Event Code: 20
Message: Could not set the keyboard indicator lights.

Record Number: 102328
Source Name: i8042prt
Time Written: 20100314111522.000000-240
Event Type: warning
User:

Computer Name: YOUR-747044A405
Event Code: 19
Message: Could not set the keyboard typematic rate and delay.

Record Number: 102327
Source Name: i8042prt
Time Written: 20100314111522.000000-240
Event Type: warning
User:

Computer Name: YOUR-747044A405
Event Code: 20
Message: Could not set the keyboard indicator lights.

Record Number: 102296
Source Name: i8042prt
Time Written: 20100313235205.000000-240
Event Type: warning
User:

Computer Name: YOUR-747044A405
Event Code: 19
Message: Could not set the keyboard typematic rate and delay.

Record Number: 102295
Source Name: i8042prt
Time Written: 20100313235205.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: YOUR-747044A405
Event Code: 108
Message: Cannot open mailslot of Ask User client. Product 0x1, Session 0, Error 0x2.

Record Number: 48918
Source Name: UmxAgent
Time Written: 20100303010153.000000-300
Event Type: error
User:

Computer Name: YOUR-747044A405
Event Code: 88
Message: Sync client C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe registered successfully


Record Number: 48916
Source Name: UmxAgent
Time Written: 20100303003108.000000-300
Event Type:
User:

Computer Name: YOUR-747044A405
Event Code: 88
Message: explorer.exe started

Record Number: 48915
Source Name: UmxAgent
Time Written: 20100303003107.000000-300
Event Type:
User:

Computer Name: YOUR-747044A405
Event Code: 88
Message: Shell is started at session 0

Record Number: 48914
Source Name: UmxAgent
Time Written: 20100303003106.000000-300
Event Type:
User:

Computer Name: YOUR-747044A405
Event Code: 88
Message: explorer.exe started

Record Number: 48913
Source Name: UmxAgent
Time Written: 20100303003106.000000-300
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\DivX Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------



#4 Kristina78

Kristina78
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 09 April 2010 - 03:32 AM

GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-09 04:42:05
Windows 5.1.2600 Service Pack 3
Running: hk9vbesz.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pfayqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xF387D6EA]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwCreateSection [0xF4CFCFD2]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xF387E40B]
SSDT F7AA6BEC ZwCreateThread
SSDT F7AA6BFB ZwDeleteKey
SSDT F7AA6C05 ZwDeleteValueKey
SSDT F7AA6C0A ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xF387E75C]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xF387D64E]
SSDT F7AA6BD8 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xF387E130]
SSDT F7AA6BDD ZwOpenThread
SSDT F7AA6C14 ZwReplaceKey
SSDT F7AA6C0F ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xF4CFC662]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xF387E538]
SSDT F7AA6C00 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs kmxagent.sys (HIPS Agent Driver/CA)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Modem \Device\00000092 kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)

AttachedDevice \FileSystem\Fastfat \Fat KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:03 PM

Posted 09 April 2010 - 10:40 AM

Hi Kristina78,

Can you tell me what problems you are currently having, are you still getting the same files showing up in SAS?


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either CA Internet Security Suite or Avira.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.



Then please run a quick scan with Malwarebytes, I noticed in your other thread you had an outdated version
of MBAM, so please make sure you update it until it says you have the latest database, it may take a couple
of updates.


Then please post back here with the following logs:
  • mbr.log
  • MBAM log

Thanks

unite.jpg


#6 Kristina78

Kristina78
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 09 April 2010 - 12:16 PM

Hi, yes I scanned SAS and got the same 4 files come back up, As for the two anti-viruses I only use Avira for anti-virus the CA the only thing that is installed is the firewall I didn't install the anti-virus, can I still use it?
I will post what you told me to do later on I gotta take my dog to the vets I'll be back soon. Again thank you for the help

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:03 PM

Posted 09 April 2010 - 01:18 PM

QUOTE
I only use Avira for anti-virus the CA the only thing that is installed is the firewall I didn't install the anti-virus, can I still use it?


Ah that's fine then, I wasn't aware that with CA you can choose which component to install.

unite.jpg


#8 Kristina78

Kristina78
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 10 April 2010 - 01:23 AM

Yea CA they had 3 different things you could install Anti-Virus, Firewall, Spam & something else lol

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Malwarebtyes log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3973

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/10/2010 2:25:40 AM
mbam-log-2010-04-10 (02-25-40).txt

Scan type: Quick scan
Objects scanned: 120075
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:03 PM

Posted 10 April 2010 - 11:34 AM

I have had a look around about the files SAS is detecting, and it appears they may be false positives related to the gaming
site pogo.com, just to be sure we will have a look with another tool.

Can you tell me how the computer is running?


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Edited by syler, 10 April 2010 - 11:35 AM.

unite.jpg


#10 Kristina78

Kristina78
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 10 April 2010 - 12:17 PM

Hi, sometimes the computer seems to run slow but must of the time it's fine.

ComboFix 10-04-09.06 - Owner 04/10/2010 13:18:30.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.630 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-09 08:27 . 2010-04-09 08:27 -------- d-----w- C:\rsit
2010-03-30 22:57 . 2010-03-30 22:57 -------- d-----w- c:\program files\Coupons
2010-03-25 15:39 . 2010-04-04 22:38 -------- d-----w- c:\windows\system32\NtmsData
2010-03-25 07:28 . 2010-03-25 07:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-03-25 07:26 . 2010-03-01 13:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-25 07:26 . 2010-03-25 07:26 -------- d-----w- c:\program files\Avira
2010-03-25 07:26 . 2010-03-25 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-25 07:26 . 2009-05-11 15:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-25 07:26 . 2009-05-11 15:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-16 15:34 . 2010-03-16 15:34 -------- d-----w- C:\_OTM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 08:47 . 2009-04-30 04:39 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-04-10 08:47 . 2009-04-30 04:39 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-04-10 08:47 . 2009-04-30 04:39 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-04-10 08:47 . 2009-04-30 04:39 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-04-10 08:47 . 2009-04-30 04:39 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-04-10 08:47 . 2009-04-30 04:39 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-04-10 08:47 . 2009-04-30 04:39 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-04-10 08:47 . 2009-04-30 04:39 232566 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-04-09 08:27 . 2008-12-14 07:36 -------- d-----w- c:\program files\Trend Micro
2010-04-08 17:35 . 2010-02-28 18:17 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-08 04:46 . 2009-07-15 05:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-03 20:04 . 2010-03-03 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 20:04 . 2010-03-03 22:31 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-01 15:12 . 2010-02-28 17:56 -------- d-----w- c:\program files\CCleaner
2010-03-30 16:52 . 2007-12-24 21:54 64440 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-30 04:46 . 2010-03-03 22:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-03-03 22:31 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 18:17 . 2010-02-28 18:17 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-28 18:16 . 2010-02-28 18:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-28 18:16 . 2008-06-05 03:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-02-28 18:16 . 2010-02-28 18:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-26 05:43 . 2004-08-26 16:12 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-26 16:11 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-23 22:36 . 2010-02-23 22:36 16384 ----a-w- c:\windows\system32\msdrve.dll
2010-02-23 22:36 . 2010-02-23 22:36 10816 ----a-w- c:\windows\vmoptver.dll
2010-02-19 22:02 . 2010-02-19 22:02 -------- d-----w- c:\program files\ESET
2010-02-19 19:51 . 2008-12-15 04:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-19 19:51 . 2010-02-19 19:51 -------- d-----w- c:\program files\Java
2010-02-16 17:24 . 2009-04-29 17:05 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-15 05:50 . 2010-02-15 05:50 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-03 22:59 . 2009-07-11 19:19 117760 ----a-w- c:\documents and settings\Jane\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-03 22:56 . 2009-12-19 16:06 52224 ----a-w- c:\documents and settings\Jane\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-30 06:22 . 2010-01-30 06:22 348160 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c907983-n\msvcr71.dll
2010-01-30 06:22 . 2010-01-30 06:22 503808 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c907983-n\msvcp71.dll
2010-01-30 06:22 . 2010-01-30 06:22 61440 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-35d93e0e-n\decora-sse.dll
2010-01-30 06:22 . 2010-01-30 06:22 499712 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c907983-n\jmc.dll
2010-01-30 06:22 . 2010-01-30 06:22 12800 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-35d93e0e-n\decora-d3d.dll
2010-01-26 04:01 . 2010-01-26 04:01 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f874f6a-n\msvcp71.dll
2010-01-26 04:01 . 2010-01-26 04:01 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f874f6a-n\jmc.dll
2010-01-26 04:01 . 2010-01-26 04:01 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f874f6a-n\msvcr71.dll
2010-01-26 04:01 . 2010-01-26 04:01 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37dbef54-n\decora-sse.dll
2010-01-26 04:01 . 2010-01-26 04:01 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37dbef54-n\decora-d3d.dll
2010-01-20 17:33 . 2010-01-20 17:33 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-59e0d555-n\msvcp71.dll
2010-01-20 17:33 . 2010-01-20 17:33 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-59e0d555-n\msvcr71.dll
2010-01-20 17:33 . 2010-01-20 17:33 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-59e0d555-n\decora-sse.dll
2010-01-20 17:33 . 2010-01-20 17:33 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-59e0d555-n\jmc.dll
2010-01-20 17:33 . 2010-01-20 17:33 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-59e0d555-n\decora-d3d.dll
2010-01-20 17:33 . 2010-01-20 17:33 315392 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-4194b76d-n\jogl.dll
2010-01-20 17:33 . 2010-01-20 17:33 20480 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-4194b76d-n\jogl_awt.dll
2010-01-20 17:33 . 2010-01-20 17:33 20480 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-2372d193-n\gluegen-rt.dll
2010-01-20 17:33 . 2010-01-20 17:33 114688 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-4194b76d-n\jogl_cg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2004-07-12 843776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-02-03 14088]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-04-30 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-04-30 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-04-30 259312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-22 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= 0e1cc19830c3e80f4555ffa43a9df39f054716182e4cc50d8eb148b25671f90854b7a9b172513f038062a25b3357dab46d1c7178be8f20952b35a7d42f2bfd660060a9c0130270a9e2363092c9ed0c0c25ffb2c920b2e7786435b356494d56f0359a7e8b6d1cbdc22bf53971f071a6d21b4371e6bb113e17a234951bbab9d81b9cab79155f94697fae41d42d1ec60b74bec2c190efe47b4376eaae42bfcf799bc6c4bab9103f83f0ed5d4d6d2bc3f4253a35030b8e64328645082d220a2f978539d54fa543b4f239545da16d348804da6ba98eb5a9c403476581389dc3831a80bbf6f2a77867b6e72cfed9c53d1015fd145141ec29a9b460a6ea09581bb4720b73954f2c2675006db132f742438711e7ba3226a4cd56de4f8b1ec71304a3a571461009848b032689b037df9ee96024cab4577fa63e0b77eadbde47e4f4c059c454e0724c833cea81451156ba649665f8afe90875434ad6800987ae8780b79e76bd2b033fafa2f2baa8bcd7b019b25c329d438d303af23946e36e9bd941523963aab20e0d0b9325e379ba9a02e847a40e7d9da92dd7ab6a69e7707b5502bef7f4343e71d6d8b42e846584911e8b75d6437fb60331921e1c2e09b89726297f0f9591663ca7cd9c239e270d8a75c0bc2cafc3e0f03ae18b1c6f4f55c4a854760d03e5213458c812d26ef9665e6e4db0f3975549533485e72ccb96729b982813ef39ac8dafab81d0de755dcb7d23ef8352f6c362e8da65d1d798c908c7454dea25ad1bb27cdf1e1a2f49a292fe7493a360d134d3d2b614c96fa43eb1c1cbb1e2d7d010be97cd9ada56995b5fa64ba4b16ff9ba4e42c5cbf8e91b26164334aa584edf7f9a8680050b6ec3590a8e6c084060d951eefb591ee53b68c4b6c036882293b562d20cf00048f39e0e16e5f7b54ef9c66239a4c0c84cda1428577643d000dc32e170dd7d564cda0f42e72df059b6c45db2040f1eb6cbe61d14ce720212132c7bede5c1d5d789f80ae87ce52dfefd5f09c7cbb5051c309d4b913e6d2a4a598eb810f52dbba3a133ca524578afcaa833102c35b54e62fe58aeb201b2b793aa0edac0c89a1c598ca7e76175240879fb621920b2766db2973dfe8ca09ea770970f942b275bf67537a2fb1878a1fd553a33f983841844f963f6792e829db61ffb8f08f16dc023d84f9a57378444bf092fbd24bc7fc8a3a1ea6f30b0dc8187468a6a335275ba510b4a7a98e306c096b65d813c485da79dee4f63f38bdec5e3be7a8a025aff3497179260a287cc551e4b1bd9848665489092eee747f27b75df3988b7030408d70619ad7aabc32bd36a64e409de025eded403f58fa135cdfcb9120b097e414544565f36c80000b76128f1eaf139c0b912727f7ffc3cc404a9bbf4af38a3c2f78f4df21b4509c36313bfb64cc69991c67d474b8b98fc5efd7fcaa06adc0b198e08011259c2b96ef327353efddec98f1a94c686afa856b0e627a793f9fa4c89ad5ee0ce1c95ecd7b8db0ae58d9c4bdbc6e4d74cd87317d3d98ae288ba2b71c19a28e374a8c4fba5ebbb1888d58367e61cd257c1c5604d3b81ee99b43d87a933f5067d07c9d85bae5203c4f53667a661fa44d3ce18fdb256521c357445950b6941a04f16df58e01fcdb598c99a2fc2c3851e2642446ed2afebf21b9c10fadefd2d270b95457e65aecbbc830dbfe91b251a307f8b6cee68aac409f3b8d083e9e8454f43e28163ee706f0ecb7aac8cdbfa34e8d758968ec1460ca740ad70fb093e357a60ffe5db2e03cd835478f6a83fe758b6bcb84bf20ef53e5d3e4fabdbb3664a940245869b072c2dcd35936bfc2a6bf94d87a792dffefba7aeacd8e453b6aae8915bdf1fad0818f2f8175a23c0f1760d7f76df2e539fb9e2ae6132714fd5154c71979c94426b86dc96276a30ddcd4b5652f76c5376786631bd40770087801d1b510fe4ac2d0c7cc9736fc50ec3aad8d0cddb98d820e3b32d713b112498e3ffeadc9b8c5d705633203decbbeee20f5c2efa8023c89d829738298f9de0424b99a317b6d6afe7a5289ac473d0b198f49f8d65aa5ee695d13c6eace123ac5405a79770550ab5831a033213906dcb00ea41ea1397c213dac4f77eb4225e0628e9df417b1cfff1810f569bb327437582e2de85eb172e084c7e9c117672a87203f6dbdfe9f2f7fd5150d087a9a1135b96e087b3b83b6d5806e308146d1a5c69b98d3583b9e56b6c9e99657fa506dc1ff6c1e1a8cb2c22a6d4476946dac96509a370adc0179502b4a003d425d70908f65cce96f9a605e5bd823c21a919a2ab17f1f85166784021433d1f37276086d3214791aed693b08fc6530419d1770ce7f98780db69957db2b66fe3dc661afb8baf7c5e0a80591251c581f5d6e7475fa595933403b3bdfd1670e4b3b39b973a7f5a38fc898a00de73544373d701f670e40f6e6148846a9a5382546f591cc4a85868462fdad55d0c1dbfc893724103dce34b117418f479527b118e0d9b06d5f44bcedc607d1b949fca57bbda488d3f1872a38104d73babf10fd8441bf34201300d2bdf0f4e126ecfff687003faf2a23c1a6edad0f07952dab8b044828b16b77fd5b598d90a880cf4959905c5ca11671378bc8a7dfc299a913d354c384b3bdecde98cb63049194616167332a3b7f6b53ad340409410e8650f216df449ff6d64ee761874cee4e311333d817b71530fa4be558fd8449597a375958e4af09f25886ec02f62389b34d1b40b72a7bb9825c5fb48068f9ab7129d1c6a8cb3876145f4c5eb1b5249bec049f547bccd3c3fb681847fef29ce150f629897249002b7e819311842d1f1609f10b49e8f24db448f8ca9050c1745bb85144edfa45dcaa9cb955f79efadc576a9ad7b758ab1b91caf31a6479686ccaa30aac9b8384047c4c2d42e6717631721c01e0443e16b4f0cc92de112c6ab45a4e33e583bedfbd3f09bc72deec1396cb03aceebb9cf3b5a865b0206c12d445bb7aed6a70c449620ad7600290750fcd17609fa9d01e3418744538446ad62b7d0ec53201ea486b12f679c95f54fe1dc099953d56dbb43459bf9723a77740f77c7ad2a1946456b7bf3060456af27e42d07cc2ee84fcde9bef0b8f95902194e351ef95b4a6da4caea05af6eec763a790a9f73ef88c75b5a16e8f7cdbff84ebcd26461bc662cbfc4279c8f328ba6110f063c79957dfefdeefe152d3fae5f83e503cc3bfe3308642cec5a389545cba92ff48c3c3ac2921a0d3d836416add5c81d493452c8aa2584b9647feaa8e283a56520acbf916aa58b46417f27385ba3a345ea0c664e21b3cd46f54a1488212c7a6e6c95a01f2e0e33a8112cca4f157a1223d7b428d8123646d266b3a280582a93eb9a16f68f958de5d06905ac34514c19688a69a94398a21bd9513f245a3791643805339988889013abb0a5672de70868eda12a537f35d94aceeb09040656d3c2b1e4be851fb33e7e0ca67ac67db9524feb91b5a11aa357bfab6dc74abb6c84272c45afc34283b79f0f3a730b2feb6e31b6a881566779a85d26fd0e8db0556a938a3d8ecb377c3dbbae7f3ee00b41aeae856d9ad2a0c7cdbaa4c8e7574d88afc422c4e1ab5dced2ed9b44212f82c34523d0a482049c2f5671de0b147b32f9cffdd9c2792b016e4c6e46b7696f78bdc0729ffc2fe63c7aee3ad2452af2a51cf0f9c26d4d393f7fb469c4f19f26d14a6379462373bc693beb56d09d385273391fb44de4aba5fba06ad0851ed80b7c811c3a4565f270b420e958dc47ced4267468e3a14765c899ab95696b5b56f597a44fc9176c6295f073dbba06cbd9eef734e160459cf484ff3ce96946c28352a4a23b66ef6540a97144bd2b45f55a7f04c5056fa1e7f2ee920ce04e31339fb461c3cfc874d7eab14cd98440c152d26b43006afec129498dc930d91aadf066b5637422e7dd2014716070d65382f6c44a99fc0e97736b0b0248ebd11fec4c02d04925e80b0dbbc5dda02464af59acf4c8f17716143868352406421675750db0f54dbc3dc3c00c91fe3758afab222daa8a575bfb416ab3804eb7b11428a6aefb172e578048985edc21866f5ad23366b92dfcbfd2b7204e7affc430aa2e3a01dde0824fba32114ff31cd2cf6d026b6ca185c105429fc6be6f20ef516b4c51b7d57db2fa1eb222b7fb192b235f306250a72a3bad159422cc8038c7694a42b9a791a1369caab04110cb16f68207ea1b6c801bf7c8d81067d3e88b2e11b5d38d919f12139672dcfcb7a625b124f6afe554475d3e601b34fd975b0fe1cd539448f5fe6698f2849cddab0173b35e883f673667a8591fad12a5d9ea5d024b36cfe91b754efa7bd8d39d46a71be54b3f9fb9e8cf56c735db875b4e560a3ab551c24efe247ebf0255786782af22870c9423b823939c249a3daff54135420ec38700f9cf3ba12176296c42d50efa1df3e03c70ec5fbf2550ed2fcac69f1a41f594a8f7b9a48667dc1f9eba4add8db54761d893b05e7349341e920fc024bc1b3b1121b074c42d5759c55d6c69e452dd6b1d232f61bff8c2b8cdd555c1a5b3cc65dfd531137859fafe300e8a863085dff9f3f06b18695815b018255d0bb48fadb6252959847f0832d63427571a880a4f9246a25557b271f39dbeeed338812bd15fe4b554b19fbcdf756474e32659bad82fccfb8bf32252ba1011f0dee8e50fc148510b4c6fbe5adb895ff4dd58b5e0884758edc3b5f4a342919279f327194899391400b652b59aaf571a4e2b5fd005bcc49611c17a631c8ba0aa5ebe55dc13facd2e2dbba49d467e729530d8269f7eb09d796fa0be8347757310e0281a1136582e2c29f8230e7f45910129fc95c1c7c9748b6d028278a8954309bc40cf0330007b7d8dcbb5376281302d8b20416cb338892518a0d500bc8e6642b2c70ca5d2d1f12ae8e00d3ac74ee1a31ee0aef3494be6246df7e07fc302cfba3488f5642722148297ac267b684c4d31fbaf0d710096b98d8b922b476a0bb8f1b68763d3a92951cdaf95787d3dc062ad23ec81a583389c9a0ba871eaf69db20930614dbfbb01f091515bcd7c4b779beac11bdddef3996672e8ec1d835403feabbf5d616fe4d67fba58c1328a6c36fcea53ad4b2088cca2fb276a7e1d602945f784e6d14bdd16d1dcb628092f0f67a58f9621cd53d3097964a3da87f9e73d0aa57dede6946f199a116b095c4c74056b5bd673a17e5f3f47a7cc802e3a8258fb117f1bc3ecc38fb4d826c345e2121f0e3168939051532cf2dfce8ca39c679841c04270ba9060a4b13321a423c208794a9ebfb3c1065ba3e9e9e0ca8cf80890c10040391077f416d6540cf8ea24b7ea805baa67204ee81c2aee0ce66d846ba5d4a06414c3669e064dece3eea6e332a5db7a0f68c07f1e202ac7f0e75fd11dc7cba693c5f5032d1eb0ba87d09656115cb2fe63cb7d9bd1ef0c3d3eeb87bb35e9f5dd9a355bb6314dc4a90ae9b9b08aec64d9d5ff973eec280f36189efbcd8cdcb87246f4dff0362681a0a2b1b1dcc9e943b6c78ad4eab84c0a1220b71d198a3997f27076588a5bdfdcfb4b86c2c102593083b39bac8a6b486468071d325b53ff751ac5e163ce6ce8a05e23cd10ef0a83eaab371b0fc2a8e499af7cd6b6bd6331b7c9546164497e25938d80f0f945dc8f3f44a90d588489d413ce69db14ec4a3269282d05b821d2a759def47a7ce6cb60c556d5733a32d6f65ff91d8b9f7c0aa6eeefcd41ad4170d2cea9187a3881887f6d58e6fc6a43c2d7ce7354f43f0d05a80a353171096c952ce4ca1d83e6ed72841fce6c00ac64334f1469ab957ebc4744210322e2fb944c0dc69661bc286361c72a31bbaaebf2ab859578c66891ddd3cef722dd674916861b607a9e4ba662f55a86de6de06c21da536d4343ef55956b59ab14af8f48c157c55e9abdfcb9cab2d6441d1da9ceb6e5d20e04124ce5f22f80e45ef25f0ecd1eafdf5da9a28cfa1aad8dd536975912dbd171c12c059f10eef1bc80bf327640d435eca58f84b94fa064223e987060949e84f79c63da430c577354871eb9fb663d6225b81a9768872356dc5d4d152c07c0a8ed99d0642eb23085500262cd1709726e0221e42ad895beebb984f5db6b223be10e5a70f212ed1b01eb8df875b7f2b0da212ae7d785317b6054c10b2cbb6bb76a7fe727b02ba9cf346eb4713ebfb3e3dd424612d9ef9a47eaf13ca9274c2f03c1c33b9bc8f1f989542fd66d75a52c832ae39bfdabd4b23ba9f1569cd6b46895a850a2005a9fc2b6345ceb5f0d9248890e54f2f8b8af143d29dd4c8a9bbb55c52d7de4dbe6a1cf57f721743340ed59eef6169810de44525ec84f169baeff245ce81ab2507673df689523e83b90179ea8d9cb18bd5854a5d703a4040baf0ad8c526f856af790941d5984218061f988d7d73b33ac00ef290c917af106436c4c4bdd8a64ed1c98cb0af5d87db199e88cda320e45867e3a725fb7a2bf8a06dea36bcdd91a48b66557111498a7753cb72bec6d8534208ecccf6ce3368081def7467be1b0e83eb4e7f534fe1cbd59d2e548572dfeee8f783a4246bf13cf666f0b37b5fa9db46715b48b05f516d6fd512036bf1d7aacc0142d3588f4cddfc9a7f7ea827666560f8431e909cff35a1a8679ec943945427e8ab410f9567c75ea32d341ba3c6de0185a00996c9124281879c95ee4a710034203228b5f2fd4b0612a676501344f8f7ddf0167900c90098493b04bb93810292e06920f9a958be1f718dace7a0aa9b8e8f9a70d28ee0ca22c3100d1ccd4f7e81b58f14fad3db800aefea6b40a6f4ffb10fc4a8a59f0e1c914a049946eb246d67e654bc200c307e15bfa3c79956b44b21c2a321f87235c734754c67e8dfbaac589b6d57e8f96c5159c9d6c4291fbf8b96d3ef556231d1fbd4f28b10ff6b6fba460592c120edbae6190d7e76193aa81fe9afde01f3ba82084ab5d67aea3864cc408d9dbaed64c096c7c8fde1dd2052da184b9dd7d05df94d0531649cb0afb685974d1bd569d5c6440a69e49c2cc5cf1e1fc58521ea2758fc9a91e626dad64c9cc4759783f7627b0fea0a48a37f91193adc5e4f0576d93e556e957325bc21e7646ffac0e9ef8b1cece9ddafdc5a040b99f6f61ee3cb9dfc12222ade08a6ad6b65c8e237f9614e8a7f998b628808e0bbb51c150d29bb86173e2975db772ba5eab66d24e1b02168e8349de99d2a34f73e29d672e3340a1c59b22933f8715a9431eac12667c7f47600a2af9fbb10c86d44de65c2059a6c3840553b075ba89a297af5edbd53efaeaa3e5d1b848c1a2cb31a61c8d226ed4738556189dc6f45881d32a892a2f89263c7034cec4b60b9524811e93a696aec4457bce4d574315e1accf7e34a48a1c92b25ca4fd7a5fbe9c005ced9f2ae54ff98afb5f2c26b164f658fc052fca3487ea34db24672a7931cc56b493411100157084b2a87b3d729e6c0714fd41d270858c6d355c1dae37c8df55bfd89ba1cc93aaf66af7c4e9c17695847f27c6d5ef1f6dac4f581b213c71420fc980a16fb9e6ec69bf025daec999b66c0ee62006acf6b2288297ccf20bfde7aef2b5623fd1f57c375f176eab4571ea7a06e85a83b02dfa27709d1f34c702886091bcbf8e827eef9e47289f4cfa75d09f29fd045bb087fb33f516cdc3560ad0d02167050dce33c9a2f917946406433c210651b8983fbcf51c1bb5b85dd81fff5b4c032cc1916e8c32f241195159c62b3c99b5738463a791ff05f95dcb432d9ed4866ad6a29f5aab2d1bf443f5ebd9f7142e4e98d3c4ded058794e5fa517d90ff6ede85204eb9c7222da8990d897e94e8d92bf6c47ce03dfbf074f5ba4406cebdd0e5f15a23ac94fbc13db1cc82fea1a350df646b04e04751e4c15935267515bab0d442992290183a166aa485a6a66df52fbc58ef5550c95348640b5045cdf27c5fe3bf247f7d43e0aa1d486b82672cb210d8cf2b95c0b4af68ad4052ec1f32e53d5266223a7ad276af03bc64271d2a2402789b91c74cf442ba9dbdf6b2bd8d352512c334851977f9cfabb0c16080d89f0bf16d656a02f8c7719f43be4926c72b5baf2664bdaa665514672a6227bfb157e3f802b614bce8a989b53c3a735962c60f0816af855469520f9f06395decba9138ef34de676609edcfacfa0add8c7a7429536b0e5329295731a1c99c2d8e95a26ce8180d4d23106aade081641cc48875b8c065ace8f0d1ae4dc492faf55d4e72d23a9d176b136115d2055affd6f0f55b791d6561a425f5001a0e9d22abb6d331aa75a3daa1fe0211428660d655a1297c35a1897c13acb83d28a858e8c82600c6e7dce255dd55ab9b66e7abbaede636c50a174ad2496771502ddde99b74ce03ce9d50c9d8a8f0e3d31da8bc904f0be077e2c3a88e8b3d1ad7f717a30bdfaf0b86945aed7257c3db6e523c6c000c047aef3ac58dedd861967979eee104dcff4553bf269d24f8b77c14c1ce1dc05493992bb8bc5d5fda54da58dfbb7e1db9efe430f8094828e3ec0a3d9dc8d8a2449084d25b96ce1b48b9eb717db086649e9e0450e6e70cd4c7414785d00e64e3d4e9608b497f04afeea0afc4b095557acfb5c8f13d33362a463af3bb763c79c8b886ad2ebb19d464019ab52639bb3632a8f723c22ffc859032f0f5984957f920393791f6227a0cf9f99320da39653a24d660137a73ed8420d40c9bbd963bee601e9a2fc0cf4e01c880230a532d754a34ec50ab957923d6d9f0f9e153eb0aeac2415f2a8a959dfea0db7c909b177bb40d68d2101346a9802b0887b846a90d2b1ecbe42ccafcf4549039d723fab08dea2cca71e874696bb3236e68d99c7f07c8aaac0795eb177e3c167aea772450a6c9de4e62af1ff66bd336692c828c7cf560870dfc5bae97a2dd0d05f746dbc47f995a1c3675ffc0d348d3a44abf190e948031f0b21cbc75f03f01da672a8f7fcfc564243e51accefb2931507cce06c77be3d08efa32c15ed7f0cbbaa0420d8aa8ff92055bb83ad5cef6f8769ac23ee0eb6bb665d48333dce62be7ff0090d61268b68ac51b75095c62c0040da6d32d51aa85b29b7f25ad597ec928fc99a25a6d70e771b62c278effabde12bddd4718266e7242e8a596b91a8ca86f73512da8baec4cb87d02270e06096b718bad268aa573daa3039dcfae604dadfb89b2ed4980a5cdc013470ec2fa05c03167d647eb8bb603e35b562f7794120afefd2335a0ec165d6a0b7c19a15ce416577b06713d234164b8f448253774170bc3532df3d7f3f5e2732785eb6cf03b8a54063683f4c45b2edf7ff64046b6555998251437ed999d2aa502f0c84ccaa0e1c1651eb5982a3a65bc61e7a8599d3fbff94bc7abec8cf39dee40edae046392d0a79dbd052414c9cf4385b451e727933a31755ff4f0b858fc360554a69fdae0193f4cd59bd9622c0f52bc14bb6578414f975586236e19a6c1de3168a30498e93d16f9363e9b181a14d76e35ae8a134e85dae2eadd8dd71ebb487bbba16d430425073ef6e830b10f86e047a211b1bec263e5e061b3a9b5b9679bf7eb298bc6e73d7e9d8b12f9850f177c88a0cf4c694b2875921d09104e892ac238092885f308d9ab1c00dce21f7de075ef84b09807f377443fd85d1299c00d0ec3285dc5e434319f94a39c702c03494941211a946bc40e604b9b68f9cc730ebca8ad2f292ef0283a431ba9f3a87e133b7a4925eaff44d823dc9fc187e431cf53db79b1c67cee8fb650c06a6d90195506f2a3e31ac34bdc9d36453402fc513da6143c1b6be5a978a38a117a316d09f2ea17c4d74146d8f2244045da2168b323cd0ffbd3668cdfe915b78f40323cb2ffbc8751e30ce29c2def36eaa59d2c50dfeb9173bdc1ff9a35cdba085579d888841ba5490a6c45ecd33c9bdc6f646ade5efbbae88bcd7e371608739c56394b171f770ba6b940deb25f503f1bbdab162438b7bd10186cdf2a8a132eabf44d59de86583882118e4a701d2e627d355f9da28672975ba968df4cbcb4a82ab741c1d9fdb7c7d232fa98c84df40c8bee95e02cf1c118f3624387b52cf481dcb88e3b5884a6c58ac3b08fb102172ba50b8d54c70aa03038ee8fd249125b03331d21420826a609ea1c34527b66a55a94c6bda53a83bd42cec73450834619c1152017e25eb909280b4fa7654ddf3b1c094384248e21e06dd61db5db094c0f5543eb8b189751735254222aec87c6cba7c1190d6a1a646ada758c802c068ab737121b24cef6b9ad4c6bc96e7008165c6cfd087e28384eeb662ca685efce4e2784e9b50fb4df82d9ff3fd8ae3b9ad9b9379369da9f36349f1f8bf270cb6ae909bf90b42d02f34499b053243759120195a4456995380bd366dc1de0b3dca7a7e01aaf5798dfd8b342e20aafd6ce8f7f8894eaaa9218bc603329e40df8b7ea2e3a409e63e88cfcc6869a537c76daa689779c53e96bc9f2dc5dd18081c2e4bda6ff65d2df2c9c37d518abd4e1d58dc367dad597252a7c11a4285844f8a2c7a31cb8387094f1ed765188fefbd507a2f19717aa6ca9974e5998eb2c6c94978e5ad10cec492cc1b184128642749e153dcb01ebfe032756680797ceb3e2309c889f72a24923d8e278032d4278ecfc7634e6bb6cfcda44e78f528469798177579f83545818e504fe3e68d9a805027da78c26299ff24517306b9539d693112b0e01c166bb203bb7c73a9d6af00dd68ede7744847b637648644c11b88da6c49b3309d9e112920a2cd9869590db399297072f85891a8030ea1381ab43e7a0b62577904d6cbfa77dc15084776200f4e226e01676bb6ebec7a8330c185ebfb18e0ebadfeb85e9d5c0220105060669c8066e42517640a5dfe5e32b375854b35236775f5361aae0bba6a0f4e0576d2c9b36ddf342950accd6bc2edb7d8bb5a73260971ebb3be4ead9db21a0a2cabed234e24dd8419bbdfdbab90c4d4ac4f7a823b9d616feffc25a5d9cf8ca14a9825e0703140600

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 07:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-22 10:09 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 21:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/25/2010 3:26 AM 135336]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 10:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 10:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\Owner\Desktop\SABKUTIL.sys --> c:\documents and settings\Owner\Desktop\SABKUTIL.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 SUNPLUS;Micro Webcam Mobile;c:\windows\system32\Drivers\SP508hp.SYS --> c:\windows\system32\Drivers\SP508hp.SYS [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Monopoly by pogo - hxxp://game3.pogo.com/v/9.2.4.18/applet/monopoly/monopoly-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game3.pogo.com/v/9.2.4.6/applet/peaks/peaks-en_US.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.ufsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\0l59nctg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Opera\program\plugins\NPEvery.dll
FF - plugin: c:\program files\Opera\program\plugins\NPExpFTP.dll
FF - plugin: c:\program files\Opera\program\plugins\npjava11.dll
FF - plugin: c:\program files\Opera\program\plugins\npjava12.dll
FF - plugin: c:\program files\Opera\program\plugins\npjava13.dll
FF - plugin: c:\program files\Opera\program\plugins\npjava14.dll
FF - plugin: c:\program files\Opera\program\plugins\npjava32.dll
FF - plugin: c:\program files\Opera\program\plugins\npjpi160_07.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Opera\program\plugins\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.ufsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 13:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\UmxWnp.Dll

- - - - - - - > 'explorer.exe'(2884)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-10 13:28:38
ComboFix-quarantined-files.txt 2010-04-10 17:28

Pre-Run: 274,002,432,000 bytes free
Post-Run: 273,978,609,664 bytes free

- - End Of File - - 38EDFB7FF8AC3C26813DF4BBFF4FB0A5


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:03 PM

Posted 10 April 2010 - 12:32 PM

I don't see anything wrong there. Please got to the SAS forum and report those 4 files here as suspected false positive,
then let me know what they say when they get back to you, you can put a link to this thread if you want, thanks.

unite.jpg


#12 Kristina78

Kristina78
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 10 April 2010 - 04:31 PM

Ok thanks, will do thanks again for the help icon_thumb.gif

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:03 PM

Posted 10 April 2010 - 04:43 PM

You're very welcome smile.gif

unite.jpg


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:03 PM

Posted 13 April 2010 - 10:25 AM

Hi, any news on them files from SAS yet?

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:03 PM

Posted 15 April 2010 - 06:00 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users