Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Keep Getting Redirected To Other Sites [Log included]


  • This topic is locked This topic is locked
27 replies to this topic

#1 AJB4

AJB4

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 June 2010 - 09:14 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:25 PM, on 6/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UWDGKPTN\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...09&m=aoa150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe" /scan:boot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-4220243132-1895904523-1107083448-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '3A3B')
O4 - HKUS\S-1-5-21-4220243132-1895904523-1107083448-1008\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '3A3B')
O4 - HKUS\S-1-5-21-4220243132-1895904523-1107083448-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'HELP')
O4 - HKUS\S-1-5-21-4220243132-1895904523-1107083448-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-4220243132-1895904523-1107083448-500\..\RunOnce: [AcerScrSav] C:\WINDOWS\Acer\run_NB.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-4220243132-1895904523-1107083448-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11291 bytes


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 05 June 2010 - 09:28 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 AJB4

AJB4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 June 2010 - 10:29 PM

my laptop did an unexpected shutdown and now its doing what its been doing which is saying my laptop cannot connect to the wireless network can i still do it without the internet by downloading those files to a USB and putting it on my laptop

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 05 June 2010 - 10:38 PM

yes you can but run this first on the usb before to keep it from getting infected

: Download and run Flash_Disinfector

Download Flash_Disinfector from here and save it to your desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 AJB4

AJB4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 June 2010 - 11:10 PM

is the scan supposed to take a long time

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 05 June 2010 - 11:14 PM

for rkunhooker it can, but at this time it is needed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 AJB4

AJB4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 June 2010 - 11:16 PM

oh thats cool i just wanted to be sure that it was actually scanning

#8 AJB4

AJB4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 June 2010 - 11:58 PM

DDS (Ver_10-03-17.01) - NTFSx86
Run by 3A3B at 23:49:28.10 on Sat 06/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.631 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\3A3B\LOCALS~1\Temp\RtkBtMnt.exe
D:\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://global.acer.com
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-30 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-30 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-30 242896]
R1 SASDIFSV;SASDIFSV;c:\docume~1\andrew~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-6-3 9968]
R1 SASKUTIL;SASKUTIL;c:\docume~1\andrew~1\locals~1\temp\sas_selfextract\SASKUTIL.sys [2010-6-3 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-8 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-8 308064]
R2 BNPagent;Bradford Persistent Agent Service;c:\program files\bradford networks\persistent agent\bndaemon.exe [2009-11-1 3026656]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-8 430152]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-9 24064]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-5-7 15944]
S3 SASENUM;SASENUM;\??\c:\docume~1\andrew~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\andrew~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-06-06 03:47:35 0 ----a-w- c:\documents and settings\3a3b\defogger_reenable
2010-06-03 22:09:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-03 22:09:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 17:58:10 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-03 01:42:25 682 ----a-w- c:\windows\system32\.crusader
2010-06-03 01:32:07 60416 --sha-r- c:\windows\system32\labelw.dll
2010-05-27 03:09:09 0 d-sh--w- c:\documents and settings\3a3b\PrivacIE
2010-05-27 03:04:56 0 d-----w- c:\docume~1\3a3b\applic~1\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2010-05-27 02:55:29 0 d-----w- c:\docume~1\3a3b\applic~1\SiteAdvisor
2010-05-09 01:48:05 0 d--h--w- C:\$AVG
2010-05-09 01:40:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-09 01:39:29 0 d-----w- c:\windows\SxsCaPendDel
2010-05-07 19:36:55 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-07 19:36:22 0 d-----w- c:\program files\Hitman Pro 3.5
2010-05-07 19:36:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

==================== Find3M ====================

2010-06-02 14:01:06 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-09 01:47:34 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-09 01:47:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-03 22:06:04 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-15 17:51:40 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-01-10 15:39:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011020090111\index.dat
2009-03-11 15:53:07 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-03-11 15:53:07 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-03-11 15:53:07 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 23:51:48.37 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2009 10:41:54 AM
System Uptime: 6/5/2010 11:23:11 PM (0 hours ago)

Motherboard: Acer | |
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 125.375 GiB free.
D: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 6/2/2010 9:44:44 PM - System Checkpoint
RP2: 6/5/2010 10:52:26 PM - System Checkpoint

==== Installed Programs ======================


Acer Crystal Eye webcam
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
Audacity 1.2.6
AVG Free 9.0
Critical Update for Windows Media Player 11 (KB959772)
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
Java™ 6 Update 16
JMicron JMB38X Flash Media Controller
LADSPA_plugins-win-0.4.15
Launch Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Works
MSXML 4.0 SP2 (KB954430)
OpenOffice.org 3.1
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Synaptics Pointing Device Driver
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== Event Viewer Messages From Past Week ========

6/5/2010 11:25:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
6/3/2010 3:30:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL
6/3/2010 3:29:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/3/2010 2:57:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
6/3/2010 2:57:51 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 10:16:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/3/2010 1:58:20 PM, error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: The system cannot find the file specified.
6/3/2010 1:49:47 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
6/2/2010 9:45:29 PM, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
6/2/2010 9:45:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
6/2/2010 9:45:29 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/2/2010 2:18:16 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/1/2010 6:06:15 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00234E530336. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/29/2010 12:39:50 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/29/2010 12:39:50 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/29/2010 12:39:40 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 12:33:58 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
5/29/2010 1:24:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
5/29/2010 1:24:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
5/29/2010 1:24:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
5/29/2010 1:24:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
5/29/2010 1:24:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
5/29/2010 1:24:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
5/29/2010 1:24:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
5/29/2010 1:24:32 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 1:24:32 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 1:24:32 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 1:24:32 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 1:24:32 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2010 1:24:32 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF5C2F000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA8AC5000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4968448 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA13B3000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1773568 bytes (-, UVC Camera Streaming Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0x9DF13000 C:\WINDOWS\system32\DRIVERS\athw.sys 1314816 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xF7486000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5652000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9F15C000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5992000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA40EE000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9ED89000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9EA00000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA3EBF000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF5A3B000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x9F128000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF7618000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9F00B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7459000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7573000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x9F1CC000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF5BF3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9F23E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA3BE0000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9F1F7000 C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys 151552 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x9DEEF000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA8AA1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5A72000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF59F0000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9F21C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7553000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75E8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF5BD7000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 114688 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF743F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF759F000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF75B8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF75D0000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF752A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5A24000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7513000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xF5C1B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA437C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7541000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7607000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5A13000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77D7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77C7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76C7000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF7697000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF6A21000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF7727000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7847000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7857000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA9BED000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7687000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7707000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF76F7000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7877000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7777000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7787000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7757000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7767000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xA0176000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7677000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7867000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7747000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7667000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF69D1000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76E7000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF76B7000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF7737000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7897000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF6A41000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 40960 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator)
0xF7717000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7837000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7887000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA01A6000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9E620000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF76A7000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF76D7000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xA4C68000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA842D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7917000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7927000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF7A17000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78FF000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF794F000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF78E7000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7947000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF7A07000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xF791F000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF6338000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF792F000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7937000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xA0034000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF7A27000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A2F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xA003C000 C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7A0F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA845D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7A1F000 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 20480 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0xF793F000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF790F000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7907000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xA843D000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78EF000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A3F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7A47000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78F7000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF7A37000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9F391000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A8B000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF7A9B000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF7A7F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7AA3000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF73C2000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7A87000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7A93000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF7A9F000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF7B2F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9F0F0000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A8F000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF7A83000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7A97000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7A77000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A7B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9F836000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA84A1000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7B1F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA848D000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBFF50000 C:\WINDOWS\System32\TSDDD.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xF73BE000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7B6B000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7BA3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B75000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7B6D000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7BA1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B73000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7B67000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BA5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B77000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7BA7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BD9000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B6F000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7BD7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B71000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7B69000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D13000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA4DB7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA6D9C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C30000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C2F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x86EE5AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x86E87BF0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF75B8000 WARNING: suspicious driver modification [atapi.sys::0x86EE5AEA]
0xF790F000 WARNING: Virus alike driver modification [i2omp.sys], 20480 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\3A3B\Local Settings\History\History.IE5\MSHist012010060620100607\index.dat
!-->[Hidden] C:\Documents and Settings\3A3B\Recent\TRAVELDRIVE (D).lnk
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\0SMJO6CAW01058CAVKAE5PCAA8VGJUCA4DOPZBCATTCL71CAG9EHEJCACMBTNZCA6C1Y8DCA43TN0NCAL4TQXCCA81HWPICA8LTFT7CAOI3HUECACYH8WXCA6PZLUMCAEZC886CATZ0U4FCA3T7TFDCAOP1UXRCAQ80MT6CA2FKSET984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\0TN562CA92YZOLCA0AL293CACNT6HJCAUQL033CAOI2F12CATFXNDHCAP7BS53CA66HJFMCAVWSDC1CAKGOC1PCABWB6ZVCASB6C0XCAEFTLINCAA5QSFHCAQLLS1ICASU6CGPCADLML5NCAI58JQNCA3S6EZPCAYTA3ALCAI5DTLU984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\29K65QCADFW6ZFCARCFT5ACAQU75S6CA3XNO7MCAU0SXIDCA2CAWGACA37RTAVCAH9O23PCA5QD5I0CAKR7WARCAHO04RVCAB1AKOVCAYWH4KNCAXE4KH2CAQZ5L67CAVIZAB2CAH8L3GTCA6PBNQ7CAIB5H5UCAGQRX1PCABM94XU984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\2B65UACAV104E1CA23U566CACGNJ39CA1V07X4CA9AUO62CAEDMCW7CAHSED2ACAEM2LZDCA37UUGNCAPHDCGUCANA8911CA7AK1PLCAZLJ352CA80N2ILCARXGC3BCA6E2V74CAJS8FJ3CA65WY5RCA9TQA1JCAQK3523CAF1TZZ3984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\2U7301CA901F56CAD6H7Y5CAK8UO4ICA4GF1MOCATYASR9CAULG9F4CA3OBM53CAG1256QCAHFS801CA17RF06CAGJ83DRCAUVEFSGCAWJLX5DCAN8B7YVCA7BEXFUCAQSZ5XOCAM1HPDPCAHYATPHCA66TWLGCA9Y4N5YCAHZFF3X984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\34TXGHCAGNECW4CAG9EC49CAEIATR1CAQ20CSACADFES16CAYVLW9JCA8K17HSCAKIL76YCAV5R19QCAKQ9ZF5CA5T1GJHCA4XUKP7CANNIRS2CAKE7U88CA5OTKWUCA91PMT8CAK1ZHSUCALA9XSWCARN7QAVCA1DE02DCAK35G4N984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\35VQAOCA0IN965CA44Z1GVCADR2L6OCAF4G9KGCAA5PR4FCA388MVDCATE744ACAJ86SXKCAKKVNRQCAQI6DM2CAF7RHZKCAMEIR82CALIN34PCAW1YPE7CAGU9X0KCAOJ12AOCAP04NRMCAX4ZF9BCACVS2FNCAZ7FS8RCARI9EAI984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\39598MCAG1S1E1CAYYD302CATS0772CA6B0LVZCAP3E0DOCA4CCJ4SCA1BWW5CCAIW0WHMCANWU4GDCAUYIGFQCARZINPOCA8TPYR0CAXBWRWTCAKXDBFSCAJ2F5OECAGQ5FEJCATR6HDHCAE4UCW0CAJH7YCOCA0PVGO4CAQR9MZ2984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\3PPT91CASN6NRJCAKP2YBFCA16EZPWCAD9J746CAE75RC2CA9GTQNECAWMJLG7CAG8B1C4CA3YD82QCA8YPHZZCAJO9LG8CAOYHVA1CAKYHZTCCA50CYMZCA1K3RWKCAGAR55LCAZXMID1CAQBND5HCAW5RO3JCAY6TWOSCAVARDD3984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\3Q11IYCA4251LZCAD686X9CAQW6SP9CA7424XYCAHHH5VACA3IOG2GCAES7VKZCA5NA533CA26NVYUCAR9EVTFCAO1SEA3CAAYV6A5CAK8Y729CAFCLR3PCALF3SRGCA6RWOLLCALG5UIFCAAWFTH2CA4DPKOQCAKZQ684CAKHL9N3984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\48G232CAVM06V9CA7VW8KZCA19LOFVCAGTMHKBCAM8Y74LCAOEQ7HBCA58ICDUCAOSL02BCAEQS9Q0CAR9KRL4CAHYXIKJCA5XX150CA0U8GCVCA168GXJCAOXABO3CAXK30EBCAAB237SCAO0YXUQCAPHK8E6CA73J6UZCA3W15MU984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\4JYGPVCA6E88P0CAW8DO4DCA8JWETOCAZA4EP0CAX3Z12UCAX8L9PECAIHXD7XCA63AUL4CALF70EACAB3LA5ICAK226PECAQLEW6UCAWYLQPRCAA3V4SDCAP2Y39CCAKIJT64CAP6U14ECAAH74YECA0FD1H9CAWKNM7SCAMJMT6X984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\4PUZZSCA2XPENOCA9DI3KVCAC4VV0PCAR61FYYCA0W0K6UCATZQH7RCA08TFSRCACY8ZW1CA8V61M3CAJGZIS2CA5NK6UKCAT91B5WCA5CFHXPCA537MV2CAW7QOO7CA40F3UGCAP50IYMCA7HE16LCARJ8FZSCAKT4ZOUCA4BZIQB984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\4WSOE7CAZ2G3JRCA111T3RCANXX6TJCAYX3YNFCA58C2YCCA6T1GH9CAG2G4MKCAZH47JZCA4FN5I2CA5HSF9VCAEENCR9CAH39IBACAEUAHD4CACHT422CAI304B6CAN2CUQCCAXKRW0TCA51SB3KCAAZDP00CAA7O4WWCA8OZV8A984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\503GFICAFHASDPCAPNWPDJCAPYJ1VYCA1WCD2BCA1U7E79CADJVM6BCA6XG2O1CAYGD3ZXCA4XLKKTCAH01KN0CAXIHVWHCAXRKXN3CANE6210CA9V12APCAUKCNS2CA2A7KLNCA2QXLYDCA00T911CAHDSRM3CAWMM241CATR04IQ984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\5DHU75CAKBNKBOCALR09W8CAJ1Q0S6CAYLFAFECA8C6902CAEQLR0ZCAROUIBACAM0PPQ4CAIQSSNICAD2JP9XCAG5VQBFCA7JC2Q8CASMM1EFCALM6ZE6CAUMVDQFCAAQIO80CAZEXPF8CATMCOASCAMXTAFBCAH1DH1DCAXXNFFV984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\5W3TCVCAQ8R3MSCAVRXIWCCAKQ2SYZCACLUKS8CAJDMVQ1CAMGXO7SCA67SLZTCAEQ5JH5CAJ7XSDNCAZCZL53CABKC0FDCA3HM3KBCA4I9ITLCA0SUXFUCA9GN6YLCARSE6GFCAQEN8JTCAO6J29ACA2H08OMCAVN35L8CAH5L518984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\5Y08E4CA04NCT9CAN7XELKCAEX1N1NCA0P4GJOCATUWYW8CAW9VXQ1CAKLVIZ4CA8QGUXBCAWWK88TCAWUGFYLCAN1WWOSCAWQY50SCAQM5O4GCAKME4OMCA2P8K1VCAV0XA08CAC4AL9VCASYS8NXCAXWNFEXCADI2YQSCA453T13984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\606TLACAVBMDAACAQUDEL1CAIBWPFJCAGF8YZGCACF2DB6CAP418T5CADITTEVCAEM5TPUCAVEG7UUCAPEAO4MCA8ETOB2CAPRTZD4CA8C0VZDCAZVFBPGCA77HT4YCAH30TENCA3P5OX6CAN5J3AICAUTM9BBCAR6SAHICAOJD4MO984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\67OSJ9CA8LASRMCAN3VUDECAPJEZNGCAI9K3QKCA4VVAX6CAOQNPBRCAF32DXZCA70N350CAA2KXZFCAG0PI3NCA7G2YSWCAKCGBR8CAVR5DB4CA7LRI7VCA4PNOX8CA88UA3ICA9A3Y4WCA5SCGJLCAFCY7XBCAD66VN2CA3M8JJL984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\6G5H6VCAVLKU4JCAHW44TYCAJB6X21CAHUYADGCALVNI7FCA85VK6LCAIH4293CAD5YPPYCAFRLXA7CANLGN98CAVK6LKTCAPQVNEGCAQQXMRPCAALT27FCAM0Y3M3CAISE06SCA6XY57WCAYIHSJ2CAEY0BYSCAQOSD52CA94ZVT6984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\789S3LCALOZAG4CA7ZOYJ7CAZM6XUVCAAB9MDACAUNSK3NCALL03MMCA78Q4D1CAIPPTNLCARXIQ7TCAX4U3XSCA0F6RVBCA7APLWDCA8CD7E6CAIOTYYYCAF2SGTUCAK0Y7UACA7X9KVZCA72G7O7CA5G83MGCA28VQF8CAM2MU7X984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\7BOC2ECA4MW9TUCA3QH5DGCA3H5CP3CANGMHXQCA2H1EKQCAODN47DCAWVI4H1CAF01LYGCA8M5EPTCAO3B0A3CAW4GS50CAFONI2TCAKPUHUBCAKETVQ1CAXXVGUBCA5QEF7VCAGL69KSCA6CW7HJCAHU3V2KCAF4B460CADM9NDW984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\7FAJ0JCAGEAWSVCAYUWKS7CATMBHUKCAYAI291CAVSBF95CADWXV9BCAOL6YDQCAFHO45ICAI0AQ6JCAARE3Y7CAZW56WUCAG9KO80CAYMF23CCAB5B90ACARUOBL0CAMJ281XCA40NNZYCA3FVM4HCAJH8R5ECAR9WRZKCA9FRULW984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\7J81ADCAYYYYBTCAESH35GCAVDORKJCAQ4X3UTCANSVNSTCAOIZLRZCAD2U188CA4E5YRKCA2ILVR3CAAL4DNUCA4CSMBQCA1WZD3KCAKP901TCAI18F9ZCAV5S8QDCA483Y54CA78S3FICADFT2LGCAIF7ZRBCAJFU979CAJSONBL984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\7L033XCAYFYOF4CAAIVRC3CAL3C9QDCAI4FRD1CA4KK1ZZCAXC7SUYCAIF76ERCA86M1T1CA2K9VEMCAX08QNJCAXQZ4IICAKIV211CACTTCWPCAZ42DA0CAPGWH9VCAVFBRY2CA9MJJOJCAD7644YCAGO6D8HCAZLKKYJCAGUZ8GL984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\7TR8VXCAB9Q3GWCAVCICXGCAHZUSO1CAIKN9WGCA0N57DQCATVMEQICALUMMQICAN4TC4BCAGAOETKCAFDUXVFCAY07TTZCAFYXV5TCACJ8O4ICAHCYYD8CAII5MT4CA0LRZC0CA5VBZBWCA0GIU7BCA0KZGP3CAC9ZVLKCAVBHR3X984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\7VZF5ACAHK1RUMCAX7CIN5CAL9O5BWCAO6578LCAAPHCJBCA3BSIPCCA1EYYDUCA42VN1OCAGHHLV6CA16EW7RCA56VFE0CAMMX8E6CAWV6B91CAQTKGCLCAS7IHZ9CAO07SR4CA9ERQSRCAIREBKQCATIVI6FCAHB6OR7CAPGP5W1984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\7Z174MCADMT5JKCA4UI6QSCA64X3QVCAN2OZ38CAHWHU14CA6MB8XOCA6XTTA9CAX4AD4KCAS9X37PCAFUG32ZCAE4XPN2CAMTCVHKCA1B6XYKCA83ZQ04CA68XM8SCADZ4KTACA9Q2F6RCAKTZGT4CAU7T2I6CAY1YFGJCAQ5WHQ4984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\99UM6MCAWOY161CAAE5NYICAD93G18CALG8FJDCAOGHBLSCA32SYSHCAWXFGV3CA5Q50SDCAII9F81CA63XD4ACAGVLVGACAEU0TR6CASMVUV2CAK0LG5DCA2WCPN3CAVT4UJ2CA9XSBQHCAQUJ1TYCABTC91BCAF9RN4ACA8JXSV6984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\9C6NLFCAG1V9ULCANWXAFNCAOUAX20CAV9K4QDCAG3QC58CAX1QB10CAX6RKHMCAS49NK3CAQ2G8ZOCA929ZE7CAZE4RF1CAC079Q2CAZ0L55WCACD0WZDCARX2250CAAVL6WUCAOLNQYKCADBD0JECA3N6QW3CACF1YTVCA7HXRKQ984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\9LZBH8CARJGBXJCAL6GRX5CAEI1DNCCACVSJYZCAGB2UDTCA7KDIJCCAQL4TJMCAIXC7E6CAPGT9K8CAZAJH07CAPBL4DTCA8Y4329CADEJD4FCA3PAA8NCAAYM4LOCAIIU73WCAQ37U9BCA4KVZ7ACAEZH91WCADJR380CAH346TG984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\A6SOCRCAEND9Z6CA136VKFCA3E6EIZCAUSYJSDCARIM5M4CA2GDGXUCA14JOKRCA248BDCCAIS18TTCA33TWXQCAK9FPF0CA1FLXUTCA2SDM98CAU8JAIQCAS7HZGZCANJRNZZCAS1PACMCAV4B3RGCA56TKDPCAC9BFB3CALGUQHH984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\ACPQO0CARYU3MRCA8ODO8DCA3P7EIECA2QZTKPCA9NKBJGCA1DBFOMCA3YSE62CACAIT60CATHL3FBCAKUR8I2CA1C3YUECA29LHN1CAM6Y2Q6CAJE3JM2CAUEGVMLCAWWRM2LCAGPGEZBCAYBSPX6CASXZYIOCA1AASVHCAMB72SC984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\ANUKSOCAUKN2SWCAZHWHV2CARISXUMCAUF6BFBCAPPVFQUCA6EVQI0CAGD71QKCA4MK6JWCA5ZISVTCARYKRG5CA2826BWCA3OHPAACA6BLCPKCAN394E8CACV7IVXCAQS4QHZCAYZ1XG6CA1KRW8PCA9CNU70CAQ7TDOVCAZEDAM2984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\AO1H04CA7MXJEUCA645HVHCATH76SDCAMIBJG1CAEEBK1HCAUOOX1UCASY99FQCAD2JZPYCAPID4CWCAUO2L07CAXDNZA2CAZLVVJXCACAJA1VCAVZUKI6CAVBJPACCA2JXRAVCAJSERZYCA3AQ798CALAEJ5ECAQ5V4PPCAE6TIVJ984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\APS1YKCA6HOMURCAP73V7NCAVT2ZO3CA2EIRRZCA5OFNG0CAYXCJAWCAP5D5MMCAD9V8CACA7ME15LCARCAMRGCAEOVEWNCA5XOFQECAZZ6WVECA3KV2BQCATKX1B4CAPF6JHXCAT417R1CAAGJ6JOCA4U36BJCALIGL4HCAJWCIQV984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\APW0SXCA427360CA8MJC9ACA8HRG3JCA427WHACAWO6LKMCAUMDKKKCAIG9DH5CATI338ECAO77P2HCAWMAYILCAPKQHF5CAXNB2JKCA3SZPCTCASF1PF5CAE5JSMXCAVB2JB7CA86UNQYCAZLGMNGCASVFNG6CA7XOBCTCAA4GOV2984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\AVVVFRCA1GAGWXCABRA8NNCA5HIX0JCAGC684GCAMBWSRDCA8U8CM9CATXIAPXCATAYKWOCAUQACPUCAU6GG13CAVCRDPVCA50BFW6CAE8URWPCALJJFOGCA35TSFWCAQ6WLJXCA2PHDBKCAXKF3JICAP8JSY1CAC7G6VTCAWZA8L5984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\B33BUBCAYODG6FCAHBWFHGCA5R6WJJCAJSFTSMCAB6DUPTCA5DBTCPCAFSSVK3CAXXDCBMCAOYBJL4CADARPF0CAJW61DMCAWLU4QLCADN6LLOCARZEU2HCA548257CARLKFM9CA3VWUPLCA3OVXHQCA1N20KICAOQPQ6PCAWO3VMG984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\B3ER32CA6J7P0OCAR1KT0MCAXAA86SCAGPL033CAHEF69WCAQDQJGNCA72L2JGCARU5RAACAJS8GVECA1FBK2ACA02504DCAE8A3NGCAA5VJXBCAE262PFCA89UINMCAC9L2Q0CAIYUSZPCAZWH4QHCAXW1134CA2DRUJJCABGK1IB984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\B8N3PZCAMHN3GLCAV1QU0UCAXQDV3RCAMZ3Y8PCAH1SCBTCAHBXC0MCAEI3TFHCAIBI9ZACAF4US6CCAD6HYXJCAOJ1703CAN5V19GCAZOI7G6CAJL9QWECAX0YEU0CA2Z63Y0CAMHMF5PCABOZLOOCA1FEE2KCAMPC3G0CAXEFMYY984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\CJ7NP2CAVAJZH0CAZTB6JRCASMNP9BCAHGSAGGCAGFJVNGCA6VGSH4CAQC347OCA90C3ASCA3LG25XCAIAN9BVCATZHGOICABP7QL1CAA7H00LCAC0M4N7CAJRCTA7CA59VH3LCAIQ68V3CAM9C6JQCABFPU40CARWJD4PCA9TS3TR984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\CKRZF2CA329MPBCA1HS0KKCA9IM32ICA36LXP2CA4OBX3UCA0YFPEHCA78O7DMCA1W3C1GCA1L0EUICAER2D3QCA9S4FFXCAFTDC31CA0K6CX0CAYLG8HNCA95CVTICAR4YILPCA2J5OL4CAF35MMPCA49L3VVCA0Y9HFLCANV5990984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\CU6K0XCAIVE268CATRQQEXCAZ6561ICAAUCS11CADQLXDGCAP3VZNUCAEKRR85CA4YATJJCAY7XZVHCAGJXMGTCAMPNAGLCAC34LY0CA3TRGZCCAJ9YIM8CASLMPV2CAU41I1YCAO51JE1CAIUU1GTCA7MUMLACAO0BUFKCAIHFJPN984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\CVCOT9CAFS7AN5CAQH14F9CAV39L7RCAZA2U0YCAR6LO7CCA0W498PCAZU9YABCA6YKLBGCAAZ2SFOCAIG1CZ9CAGXKA23CA0CWSX0CASZFEDTCATQ0CE1CAROGI26CAVS9V0ZCAYLGGRDCAW17OXRCAMK3GFDCALNYXB5CABPRCC5984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\DT0YU3CAITKKIVCAE695K2CA9F71SACA1BGHJKCAP3P36QCA07S8R8CA2OQAEGCA34LP0GCAHLAMQ0CATKMH2XCAUMJWMICA81IG4MCA5MSIPHCAZUHPSCCAVEACOOCA3Z4XQFCAT7U35HCAJ677JPCAYO72Z1CAIYBQ3MCACATDNW984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\EBZLCFCAPTUY6DCA45RPGJCAVKO2NMCAB22NSWCAUADW72CALX1A7OCA7J0XLPCAGFTX2PCA22SZX6CAHNK9TNCA8MOD2DCAIMRSY3CAEINEJCCAIKXT5RCA3YEPIICA2L837NCA3JHZKJCA0A3Y3JCA837FMBCAGHJ60HCATGTAOP984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\EEKQVZCAYIMUW8CAXW4CDUCAP5K7JUCAUXAG1YCA2MQQ62CAR9QB5KCAFII24GCACB20YECAO7D6IGCADXITM2CAK7J3YUCA48Q9X1CAV8RDJOCAAGR2JRCAKB3RIKCATDJ0DHCAONASRXCAZWFV8NCA20A0HLCACKE16KCAU70VY3984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\EMRD37CA2J6S96CAIJCEVPCA8DI11RCA5O63LBCAJN52BFCAX7CNEBCA50JKMOCANFTAQ4CAS7X5SRCAHO6QYACA6EID2VCAVP8M9CCAZU360TCA27ZNPUCADFLW9UCAQVDPN8CA9SWVG0CA56VPSWCAQKJW4ACAF9FOUPCAK13BPW984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\EN2IPBCAWE9I2PCAF67AHVCAX4SGNGCAZ6Z58GCAEAU5F3CAB01MDQCAHQ8992CA2UMUBWCA6DAG9VCAUIZH9QCA4SRZO5CA85AD12CAQX1PPFCAXE4QURCA1QI9C0CAUQP18MCA53948UCAJ25RKFCAQCC2ATCANTX2PNCAVAFES2984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\EWNXH7CA0ID90DCA8LHAOACAVBEQLRCA1ZBJ86CABEAZGGCAW06IX9CA1AS03VCASXXFURCAX33PTMCARV993ZCAFS7FR4CATG1N4HCAU09R4VCA6Z3RNWCA0BP1QJCAUT2JP0CAVSMPKJCAQVCW3JCAK2C9SDCAI25E7HCA9DBKUA984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\EYSTXNCA2UI9HMCAAEET17CAH1DAP7CAK458SICA4YBX8SCAERLLJ3CA3RCOMXCAWFM1XWCAS52QHHCAT62CSNCA09X3SBCA7ZF5PFCAZ4E5M9CAFGRVBLCANJIK12CA6CDN0FCAFY3ZW7CAMXWCT5CA2LPOFHCAHHZQOZCAKKQ8MF984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\FA2FC4CAKYOJUUCADJNGJICA3P1X6RCAS1MFQLCAUKQR93CAS0II2HCAWHXQ71CAAITACSCA4S1J0JCAF97GRUCABP0HZ5CATF8B2KCAJE3NLHCAZPYEY8CAN4779NCAY25K4QCA590OSGCAKJXLQOCA18EE23CAIM1RKJCAKFAM13984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\FLBQ43CAVVYUAGCAZR4JPYCAKKNOL0CAVFPP29CALNJOOOCA3ZZ4DXCAX8D8M7CA55XLA1CAFLCU3XCAR7KNTACASF1JUNCAJW4VK8CANSF65HCAJ0QMSTCAFEY3I2CA9M7BC1CAASBF8RCAKX67HJCA3U97A1CAZ9RXLJCAP6B717984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\FO4J51CA7OULBUCAAMXXT4CA5ZLLB4CA9T9CZOCAYSCOOECA44YT2TCADD7DLZCAZ3D858CADAHQ7QCAQGYP2GCATAMD03CAXEABTYCADEF1ZYCAFOCL88CAKSIYR4CAEXIXEPCA0SHEB8CARKH8SICAS3X179CAFI1X0MCAP01F0Q984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\GJ1LYICAYV0GNNCA0LHI8LCA0011MLCAN0JVT5CAGLU3Y6CAQUP3A2CAQUU92PCAA6Y0NXCAM7EYT4CAJ7HCMQCA76PVY2CA3YKDSZCAM7MCYOCAPP066HCAQ1BDZKCA7LYKLQCAI3264MCAQWL7I6CAUOUNRUCAISS2J8CA7IVNYA984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\GOE9WQCA5T4K19CAP3QT5JCAZ1ZO16CATHTKURCA8DP8COCABGVAYKCA11B2QQCAYEG9RTCA56AT9XCAXX1X3ACAAR8WYGCAEI4P2OCA631UMUCABLEZYHCAIIKO4YCAWPNZSFCA90MQQQCAIN71N6CAQ82BM2CARDGM0TCA18J7NA984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\H7822DCA0KC01XCAJ0SQJ0CA54BUDECADR0V63CAU3E58KCA27J43SCAZHGACGCACF2MVTCAXYYXPJCA87EJAOCAWQWU6XCA9J7HZ6CAPYOHYNCAZN7PXDCA22VUV3CA7CWECSCA7X5DFWCA3M56WOCAS54NCBCAQ1URPFCAI7UC27984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\IAIR3KCAYFI1UNCAB4MDH7CALJD6Z9CAKA7R6KCAPWDGD2CAV40399CAU9AF3UCAXKL212CAF8V4X8CASMZ67LCAUDLD3ECAU1ITDJCA67W6HFCAQ0R5NXCA1L8TG0CACLWTVVCA9HAKAICALPGXOYCA2JEX71CAATQYEACAAJXMV1984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\IAR97UCA3HLMP1CAMV289NCAV2072GCAG9HK39CA17PGDCCASJXEYFCA7I327PCAVR0J72CAB2HSMCCAO6YIA0CAQKYTDQCA1YUFFECAES3TENCARY34TOCAD57XFBCALV116PCAQY10UHCAA9WC11CAM1CBUOCADFO0JKCAY9ZNPN984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\IB1AZFCAIA50WRCA0O0J35CA69O3RSCATTNJ9TCA3E2241CADVW5RDCAXV04TZCAXPV9IPCAXXB2YVCA9X0LVLCA8ZVT2CCAA1JXZUCAJC0334CA295CNKCAO5CVHQCA3H5G6XCACQW2SACAHIGKIXCANFSWIUCAZK4O53CAC6LI9S984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\IC4U0LCAK86NYECAWCL6KTCAJ3TQSICA3EPZI0CA6QYGTYCACKL7K0CASP4G49CA28KP10CA3UEVULCASN4FHQCA8LHW2WCA4VX6PACAGR73R4CAPT3DH0CA0S7H9ICAM21OKPCAEJN1TLCAD5HJWYCAHVS0U4CAAPJIYHCA42EL4Q984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\K3JLFHCA7OB441CAWNF8UICA92DBF2CADHXCRWCAL748D6CABFNQ0ZCALN4B1NCAU8ZQHCCA7L0IN5CAYWDSPCCAZU05VFCAYMC4JOCAEDTPQDCAPDFBIDCAM1ZRI7CAJBSH3BCA08NJU3CA1PEN89CAY71W28CABRLL0ECAHYIK4I984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\KE232QCAA9417BCA0RAOEPCACGINMBCAUGBDMJCAEP7XK9CAF6RKPACAUX1JYDCA6W9KYOCA76YOBICA7V9IS1CA1TJ3E7CAR8USMZCAID3XGSCAPN5S88CAMBX6KOCA52DN26CA20ZBE3CA8DN1VRCA94JLK8CAT93X33CA3BJLX4984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\KJHI9SCA3H0OONCADGVIQ5CAOQZW9DCAN2Z2Z5CASMTQI0CA2XU5P0CA6F0Y7MCACVDXUWCAVVXK0FCA8JWUWVCA1GWKG1CAH5J9G8CA5VTLMQCA6A4REJCAQOZ1GHCA82DVJSCA86R0ZCCAPBRZQJCAPLCXBWCADEMT3GCAV9ZM1V984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\KJO62KCAHVAVX4CAPRM7JFCAEZD43TCA21ELMWCAZ7R0YKCAYYXVH9CACQMHIHCACFQLV3CAUOCC4HCAKWU12ECA876R5RCACC30ZPCA1DM0KTCASNP2G0CA5RLBYGCAVWQ3EOCA4LP6Q0CAK5B123CAPS4GXZCAWD5EIBCAMF9TIU984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\KV2KYCCAJET41UCADKU1JACAUFVJU5CAR6YNKHCAXGBA3UCAW31ZXQCAT6RSF2CAHGGG23CA2RU0GACA1WY0OHCAVID5YACAARZCXMCA0Q8MV1CAGX0VOECA3EJQE2CALXRT1TCAINU26RCAOMK8XACA0FJY88CAMX694FCA1EYCE1984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\LLU08GCA7T0G78CADPWCE5CALOL5F7CA3TQ5O1CA3WEAD4CAZZKGZRCA9BG69PCAE1TCYGCAQFNZFWCAHMRJ2MCARL35G5CA91TFHNCA9M3OPPCAKVK537CA2K5I8BCAH7LAPCCA6OWCBMCATXJU41CAN1N2J7CAMWH0N1CAT2VG35984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\LTNR6ICAGVR5S1CAN1Q41MCAPHEX6QCAX5182OCA1XL17MCAP6KCJ7CADO7O43CAH60MU7CABAMBL3CAIVN9UBCAAS8IPXCAYXQCBFCA71TLGWCANPZH2BCAD4K4QHCAJCKLXACAT049BJCA7PM1BXCA38CNIDCA0LYBG4CA3FLUY5984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\MKKMBJCA79KQ42CASO54JFCAZG8I1CCAP2UY50CA9PLBYECAXHWJUECA88C2FOCASYKTVZCAS034GWCA3RIE14CATPMKVECAJ0CTVYCAPV2HQWCAXY0NEVCAVMPO8MCAEQ9OR8CA4CHOVICAAOFEWDCAYFH9R5CA6PEYG3CAQBMQKZ984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\MW4O87CAOG0DJTCA0GT116CA8QRHAKCA3YRE9VCA1DV59ICA2BU1F9CAYUF1WACAUBI8SYCA4KL50XCAJCZ193CAGU5F31CAAUNGJKCAQF15P9CAU0TU2MCA0R2I7OCA7LTUSNCA5CMK2NCAGPG0E1CAVIQANWCA55X6PACAYEJERG984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\MX19RNCAAY820KCAAXMMCYCAT4QKYXCA0P0JD8CAIE47SSCAN1VBWRCA73N58TCAXWSSRACANERBR2CA2ZNZUTCATY1B82CA0W6PHOCA234H3LCA3E690NCANRWNEGCA19BLEACAJDVUPXCAQQ0UXUCANX72BLCA7G5I37CA4LEM7X984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\NC8N01CAUJC9DMCA250XRBCAMRJKDQCAA2DZJTCA6EANP0CAEWWTZUCAP2QSXVCA3YVEEGCAR6DO6LCAY2F36GCAJ7EN5ACAAVE72TCA2IWSDKCAY0ZGFLCAVJUZM6CA63JJPOCAT9ZAJMCAQYR4EXCABVZ9YBCAOCK4MRCAIQP1V5984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\NM3K21CAXZUF36CAH1DQ9RCA1384CUCA0ZY3DHCA1LHNHHCAAMWQKYCAGG1CQTCAYYAPIBCAF82SWLCALULCHNCAR4P8F5CAH862LYCAGI0ZHLCABPV9G0CAE4WYDDCAE95RMNCA2M7CV8CA2GP8K7CADG0UPBCAW8RLBSCAQ6E76Y984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\NMKGZQCAGS0VSJCAYF9L0MCAW5W5L9CATVC2VLCA1IJ9EMCAQKFH3JCAMB97G6CACEP7ZJCAUPHG72CAMUG5O0CA5L9R81CADRLD1YCAH6L77PCALQMO4VCAGLH02XCA6OAXU9CAQKG791CAZK7HTVCAZ9BP3LCAEX3L5ACALN7ULO984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\OAJU7MCAK86DC7CARVP8QDCAUEHI2GCA4YNTYRCAH1EXHICAXI90YECAKE9XX1CA7MSA91CA8UBA97CA1B2BC6CAGV6T9NCA2UD469CAAJ70OPCAAHGX0TCA7PJ8GUCAKO23PWCA5A22CPCA94XRUDCAPQ81WVCASVSJ9ECAUC63VN984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\OHLKSWCA8393UXCAY6NYXRCASIRB6NCATWWVFBCA2A7CKFCAJ64014CADQRPQFCABJMXAACA4GTR0CCA31ADY9CAGNNC92CAUFRH0MCAE7MRDKCAYM79NOCA7E9DB5CALC3Z94CAEFQEBXCAWMXHHBCAVH6X7DCA2EXC52CA6ACS3D984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\ORCTWFCAFBQLUMCAH7WI1XCAURI6IICAPZ9925CA9EGADOCAHL64XUCAKZK408CANSDBT8CA9K9QYPCAX3H1UBCAJKPDE2CAWSNFGHCA2QAK9UCAFFTVF8CA77W1MGCA47WCCHCAE5ISPFCAJO32OSCA25C1G2CABC4Z9SCAV9LCQK984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\OVHM92CA3DP9EFCAJYYRYJCAJNLUO2CASJHYR9CA345W6KCAFTGVAECAUA9U21CA0OQOTPCAU48XJ3CA58K69OCARM0G3WCA8PQODFCALG4VRLCA0L155WCAU1KDLXCAWKY56TCAT5WY1NCAF46PAACAYE0H00CA846V82CA7CN78F984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\OWG5YWCAFZJ7SSCAGQ2UCCCA6M44W1CAF3XDW6CAHV0P2FCA0ULOA5CA7BIO9FCAONQMXDCAIUUJUDCA6XWOD9CA66RB4GCA3FSZH1CA94ORHSCAGJRR2YCA09YLEICA1SL4ODCAAFN61ICA5QFEV1CA0FIWKRCAQ5CUJVCAOQKHGI984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\OYYNO4CA7EPWIFCAQ672TWCA0TGY7ECADSLZD7CALTLTJ8CAUR2QVQCA3JL8M2CA701Y2DCAIJSLJACAV879V2CAQWLZXZCAJ2XZ6GCANZ7WCJCAZA8U5ECANZ5J4HCAIRTBO9CA8GT8QKCAX4ETJXCAHZD2QGCAP32I48CAZGT6TV984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\QRXOLCCA8Q180XCA97Y2EXCAXEVYB9CAYZXKZ7CAH6M1FOCA0AFJ7JCAWW6IC2CAK92SMACAVDUPBXCAVLYUT7CAZGKXE4CAQI1AKQCAY9K4POCAVCQ8N5CA8Y4Z4WCARAK7NECA9C3UWPCALC8US2CAJL08NTCAWNPYZBCA0LE9U5984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\QSBYY8CAOFZZH8CAMA00JICAPI5S5CCAMY0Q0ECAMWI7WNCA0UY747CASG58PJCAJUFZJPCAGK78ATCA7HRC3XCAWUSFWSCA4G5YB2CALQU7O1CAZN5VSUCA326YKACAYJJL08CAS8K3MICA1KLQKACAAVM4QWCAKHTN4JCA51WCTF984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\QSVNDPCASXOB3XCARQN39ACAZ039ALCAF4JTISCAOFKB76CAAZBQX0CAFPL8FVCA3OF6L2CAKVO71QCAFQX5G9CAMZWLAFCAG5RT21CARVY4OHCA4XH4ZZCAVE6VOECAQC0JUECAK0FIOTCAFTUAR9CAHGJ2IFCAGJL0PMCAPJHUYS984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\R6RI5WCALKSPAVCAJLJW15CAW8L9PSCAD87M2ECATDC74NCAB9E809CA6OZX5ICALOE73GCA35IIG4CAUJZUOXCAQJ3IAJCA20LNZTCAJ0M2NPCAVBXAEMCA24NGK9CA1Q5FWVCAH8GAAKCA77PZ3NCA6MWOZGCA3NABS0CA7NXV5Y984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\R94V0NCAE9A1KNCAOBMMN0CA8VG5T2CAAQZK7ECA8F2NCPCA2R9L14CAVLKBAFCAC3XYMGCAHAGSOUCARBPWFLCA15QPL9CAAIB35HCAHACS0WCAOJI97SCA20FEYLCAJWBI6NCA6AH0YFCAYAM6ABCA1I3CVYCAE5H78DCAGW2XMP984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\ROPXTZCA2Z875JCA2VO7HZCA5535KYCA22O63UCA2OT9BHCAAGZU12CAN3YO3GCA136Y16CAUDLP2KCAJX0L03CA3FEFV7CAJBWFDMCAIIK0EACAE7Y16ICAZV0KQ5CAS0TGBSCA18T5YECAD13HXPCAVCU1LFCARJDZTUCAY1R1JG984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\RWSTRPCAMH5JHOCAFXQ518CABT9V0MCAGOV4CUCAC3B13TCAB7QSUECAY9OKQFCAW3YHUHCAI2DF06CA4KJ570CAQGOIT6CAQCMP12CA26UCJJCAEOOWCTCA3YWJ38CANRC8P5CADVD6L6CAR7UV0JCAG9HGPWCASF7MMKCAFQ6O8L984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\RXMQS1CAH4XXOJCAP0IVLKCAL2V5JHCAI1FWDECA4D6XV1CA7S9FJ9CA7TJ1E0CAQOHE0GCAM5AFSBCAN9RGF0CA75NVMKCAP3NYLGCA6AJYOKCA3AG51NCANFG6WJCADKM2LOCAGO3YO4CAF7BSNDCAV0J3VTCAR1OOM5CAB5BRY9984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\SXASIXCA8DT21CCAPG1TCUCARA1IBNCAHR75B7CAOVDQAJCAA8BA8ACAZC9Z8ZCA4I848KCA4IXIUMCAXNNLHTCABXRTK5CA03WJ37CAKBZ4A8CAV7F68JCAC3KV8TCAJG1BJECADM49NBCA3V9NJZCATMGK47CA79H4HICAUJGT2U984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\TBFPE2CATKBAS5CA0LXBEGCAUK3XP0CAV0N7OOCAN4NQJJCAZQWXUSCA2O2NEYCA64Y6CZCAH8NK4DCA3VE0K0CA1X217FCAIFHD32CAQ531BOCAR1MS52CA4SX25GCA7TFWFJCA96R0TTCAH7L0ERCAE2TXACCA669Y1UCAHK5TZC984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\TECR5TCAI5S0NCCA5THLFNCAQ6Z5S3CAW973CKCACM7EO3CAKNKPOICAZYETLZCAIX3RLCCAVTQ0B8CAYHV2Y1CAJRCHPQCADOLZAGCARH26N0CAM4T3S9CA5ZE2EPCAOMS0GECAE9OM0OCAXG4LRLCA5I6WMGCAF9VY92CAPEQMQ4984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\TEXYI6CAU51CU4CA8581R5CAY8GEAACA7CJT73CALQUUMKCA505ROJCA7DJMT2CAQA181ZCAXKU9X9CA9KNLYBCA6L4LZPCASYHX17CAROEKL7CAHQOJD3CAE9R358CA1P9TQZCAF4D6AHCAIH4W82CAH741EOCAYIK43ICAKPCUM1984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\TM7X9PCALQB1D8CAPYUUFTCARHGG8ZCACL03Z3CAK1QANRCAKW6BYMCADMYLH3CAZIY2D4CA891DEPCABVS3XCCA3UC5XXCAZAK0UWCAJASRVECAGHJCMKCAYGSJCVCA6INME7CAQEUJX7CA6ER3ABCAXTL1HDCANXO54HCAWJRUSG984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\U104QPCAJ9PML9CA99W662CAOD0PP1CAT7NLSICAO727DGCAW7TX59CAD5EAZ5CAWTJGWCCAA5T8WOCAIHSNT3CA71BGSWCA9RWFROCAJ9UVTVCA2ND2UACADKXMM8CA13OOZGCAVPTJ26CAKMTU5XCAPSNMCHCACBOWUPCAF3PY8U984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\UIUWZFCAFSQOKACAEIVEBPCARMOCKSCA05JGZOCADXT04WCASUREFJCAPVNR7JCA6R9NAJCAJ4LSM9CAB1TOALCAXSO677CAW0HVRQCA51PA0HCAKEPVPGCAJW88YDCAMYT2KRCACUMQYOCAS3ZLVLCACH23HYCACRJQPKCAOU29Q4984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\VS2972CAMS2WJECAJE2Y8SCADXS0GXCADHP1EJCAXPPI7FCA4L75J2CAWXS5MLCA086L7CCAC1SIYHCA5YINVACA3YF1KVCAX60UYICAY3BBB7CA5AQN6FCAXEF7HVCABGFS9HCA72TJ3XCANY9NDZCAAFARAICABI52RICA58BX8F984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\W4YWFTCARLKNT4CADKMP6ZCA9P4M4ACAHXB0ULCA14FBVDCAYRO36OCA62HI9CCAUVQO1RCAL6BT1FCAHEIRBGCAFM6S3TCADN5IH5CAU0U64OCAZOD2A4CAZ5RPM1CAK6ISTHCAN4DSVXCAX8FMHVCAYPU1D6CA2AV1FUCAPHXTTL984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\W4ZY96CA43TTCPCAH0O3OSCA5W9SFDCAA7JN6WCAU8EQZ0CAYZAQ64CADXH8X5CAMKNBN1CAOC7L39CAI0U6L0CASR3SK9CA09O2WGCAA1HFXICAQTEB0ECA1SPVD6CA35YGKHCAE6XLXVCAD24Z1ECAVVLXNMCAUQADCCCA0YKU3B984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\WD9WYVCAJB35TMCA16RH4DCACEVAEPCAFWNRAFCA3H7M0TCAVCOVM6CAMQU390CAMBAGS8CAHJMRXJCA2D99BACA1I3XIOCA0FZTESCAP56Y0CCADLIDK3CA9T7D0HCAOG1DVHCAW3C41ICAWLPMHOCABP1BYDCACLNY2GCARHZJ7N984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\WKUQ5ACA41R86ZCA6OFUAQCAO1Q2GFCA8QVXRTCA0LGY3RCA9573SICAMDFFC0CAX8FLK6CAXJEXDUCAUY3WBRCALBZSL0CAHF5R1QCA5M6HTHCAVM3S44CAKY3PKLCAF9CMW4CAC0YHHHCAHAN35ECAJ6NWZ8CA0JWASLCAZ3YVDQ984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\WOTIQ2CAEIS2OBCAFB7EQZCA4NW1EZCAJRRS00CAAM76PZCA5J58DMCAJ9HR6LCAN95ZFJCABIVVHNCAR7FPQGCA5Y3JMRCAQTVOQ3CAF0SVGFCALHTLW8CAHOWQYDCANW42XVCA3USAWQCAQ1ILD1CAH52LGECAA33EVQCA7UPDL5984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\WQIKR4CA175D8BCAJADJQDCA1I5BKYCA2ENLBCCAI74VZDCAWBTUE4CA9I83TECAJDJVFQCAG66GEUCA2AWVUYCAGBLKBCCANYHTWECAKX00XICA8KCEMUCAVB9DHRCAKQRXMJCAL1GRQ9CAJ2VC5XCAG6PXYMCA4LO2G4CAXPF8RP984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\WT7WM6CA970M72CACD8VU0CANTWCRGCADEAR2OCAF2UX12CASIPHB4CA1XV1Z2CAD7X3DZCA2Y8DGQCA93C5Z4CA4X01KBCAFZX8IJCAJL7HTVCAM5PBIPCAUUZ0W2CA9QUFYXCA7JYVKACA6EA989CA059E61CAJ4J8DPCA2BAELC984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\XDHSDUCARB5K74CA5109P6CAFZ5PXXCAJ08GVICALD2S6GCAKQ5A7NCA44ZF3ACAW2MUV1CA91PITQCAKZGL36CATD6CRICAU72AZACANF3NW6CAI02FIVCA5X9IE1CAH9UA6WCALXKV4ECALBBPDBCA5JCKUVCAHODI65CA625SGT984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\XF0SUYCABW2WLQCA766CD6CAEQ7WPACA7YWIZ9CAKZKT3ZCAD9C985CAOVZAAYCAIZFJ50CALBBY3QCAB9DQ3XCAY08FVDCATRIOAOCA37SI7ECAFL6N4XCAYVSXZJCA0QVE8FCABZUC8LCAE2OLK1CA04LTJ2CATZU59JCAGSVI0T984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\XGNKN2CA30KCFRCAGVZKEACAACSMMECAQ5M9NXCAIMGAFBCASUMXJBCAUYKC0ZCAUSEC1TCA67UPE7CABMXZ9ICAX17IPICAF8CGC6CAQL2PRVCA8QU6VICAUFFWY2CA4EAXC8CA86ICOQCASM4063CAAGCWCBCA7JGPXLCAINE8NC984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\XI31L2CADA3Y0FCANHVJZ6CA6GY4O8CAQV882BCAXPS1I9CADV70CCCAQKS1G0CA8UOZ7ACAA3JF4NCA8A6BK1CAHS0NE9CAVPW622CAMVXF29CAR73KL3CA3SPQ5FCAM86FKWCARR6ZHUCAOPEHY7CAUKBOIBCAWBALB3CA7LG8VY984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\XP6V8ECAJOTBCJCAI1VNVHCA5ECC5CCAGT7707CAUT20NDCAMRCFGLCAPSS42RCAEYDXCMCALQYL85CAHLTMTECAK1ETDDCAYMDW2ZCA3ZKJVGCAE0ZOUKCA1GWJCCCAJ1WVRACA7IOASNCA2RT0BYCAER3ML5CAGJCM19CA1EIN9X984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\XQ0SLPCAGIRJQQCAAITW2TCAXAAN1NCA2L9D04CATCP0QVCAAZ1L93CA77IY99CASCRNX0CAXJ14X6CAMO9MIXCAPMI51TCAFLMDVOCADZC9JECALSUB54CA96UKECCAFBPOG3CAILFVA6CAI9EDABCAQ26EWLCAY5FMA1CA34WM37984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\Y68ETACA9KB9OECA063HHRCAJXT9KHCAYUDFKUCA69QOX3CAQDYTTVCA8K2S7CCA90SD1RCA73GD65CAG7VIFHCAQSNP0PCAO131N6CAT8CDXWCASSFSMMCAGB0VM7CAMGSS9NCAR0MDRKCALJPNXJCAYC51RDCAZY2RCSCAX388Q0984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\YJVFJDCADYHYTCCAADPVMHCAJJJ5LECAW5WOD0CALIQZUICAYFZ8JPCAH9CW24CA62B52GCAFZOIIWCARKFMCECALRA51BCALYC1EBCAKFE8ASCAVBFFPFCAI6YSEVCAMVW3OECA9A1U3FCAEM6WRHCAEM2YCKCASRMEBYCA3ULG2E984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\YK1IWJCAF9PCXQCAYMEV3XCABUCE0NCAMAX7QACAFTJTADCAAF3PBLCAEEYZCACA25FTI8CAYWW2TZCA71RIYOCA99HB3LCA48LVKFCAU9IDJ4CAHWPNVKCAEVHTXCCABW1L6OCABWUEG8CA00K3Y9CA3H53MSCAE3I0NXCAXGMTDW984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\YMPQMMCAH8Q8QGCAJG6AI7CA7LPUX7CATHTSUCCADLXM6MCAW500I5CAEKKORRCA66DQ1CCAW9KJFUCAB5Q6MKCAICBMLFCA2KF1HZCASQIS0GCACI4WEUCA2D9314CAZ0LFSACA3869MBCA47I736CAIRGBBRCAVT1UE6CABCUKD7984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\YPUL1JCAOFV5OYCABFW5IBCAULHST8CAYZ4WXYCAJD6NP6CAMCPY9ECADPTGP5CANW0QXZCA9BPHROCAO9CPQUCAIRDT1LCAQRBN3RCANQPHVWCAUZ3XGYCAKCY5VZCAZJG5UMCAXMSGJ6CA8V8ROFCALK242DCAOPYELDCAXJAOT7984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\YRYEBXCAOD4NCUCA97XG6MCA1J5N8KCAJMRZENCAM3WCBDCAJW88AXCASFGOG0CAUXVH76CATK63H2CAZFJDCGCA0PB0V9CA3MA9URCAVBD63BCA89MG1BCAO6KACICAX92UQGCAOLNFNRCACJWOA1CACK6G6ICAMMZWG4CASJTS4K984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\YV8REHCAPOEWE1CALOP4AWCAUFGSL6CAYW23CPCAZHHC0XCAZDUU93CA1IR7DMCAF3OFEACADJBKWDCA5WAYO3CA7MXAZHCASR2K8WCAEFYWVLCASAK4FQCAF7VCSICAX93VCKCAYEHK3MCAT7OY0KCAJF2VXUCAM97RDECAQ5DWYU984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\YY233ICAYOBGYNCA6B2JDWCA7SR6QXCACEJH3PCAL1JNNZCAGUUOSPCAST60WECAPATRZ6CAYT06XNCAXF3PICCAZN6CXQCAUBZW7ACASXFQ78CAADRHCYCAU7ZQ92CATW0Y82CAQSZPOQCA1ZWY9TCAR44YUOCAS69CA2CAK3TVNM984
!-->[Hidden] C:\Documents and Settings\Andrew Bullard\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZSZXC2EA\YZFZIBCAJ3LH9XCAWF7GWYCASYVUNPCA8O0HV1CA0RQJ6KCAB6CAVZCA11BKHICADRIMW7CAFEIMHACA16SWY4CALHUV37CAQ6B3PCCAVNX6WNCAMSPT65CANNJ4S8CATKX6T4CAZ6T8J6CAKLESS1CAVXNYB1CAEDUQP3CAZQA2Z4984
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1K92TGM5\y;playlisteverythree=false;playtimes=0;pid=10;kw=blinkx;fc_utarget_ok=true;t=1;tvshowid=;sz=125x30,234x60,300x250,980x610,468x60,728x90;tile=1;~cs=m[1].gifD
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1K92TGM5\y;playlisteverythree=false;playtimes=0;pid=10;kw=blinkx;fc_utarget_ok=true;t=1;tvshowid=;sz=125x30,234x60,300x250,980x610,468x60,728x90;tile=1;~cs=v[1].gifD
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AW9ZTCM1\19ila59b,f0f12sa,g10005c;sz=300x250;tile=1;ord=5921687016346119;afid=281100876;dsid=523822;seq=1;_glt=240_4_16_8_30_15_2010_6_3;redirect=adapt;flg=1216;[1]]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RRVLTG1G\9il94do,f0f12sa,g10001t;sz=300x250;tile=1;ord=8297553517197036;afid=281100876;dsid=523822;seq=1;_glt=240_4_16_7_52_140_2010_6_3;redirect=adapt;flg=1089;[1]]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YFFMMMUW\19il5cjz,f0f12sa,g10005c;sz=728x90;tile=1;ord=5004556916555815;afid=281100876;dsid=523822;seq=1;_glt=240_4_16_5_36_421_2010_6_3;redirect=adapt;flg=1216;[1]]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YFFMMMUW\f0f02sa,g10005c;sz=160x600,120x600;tile=2;ord=5921687016346119;afid=281100876;dsid=523822;seq=1;_glt=240_4_16_8_31_890_2010_6_3;redirect=adapt;flg=1216;[1]]
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
[2268]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2268]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2268]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2268]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2268]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2268]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2268]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2268]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2268]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2268]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2268]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2864]GoogleDesktop.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [GoogleServices.DLL]
[2864]GoogleDesktop.exe-->user32.dll-->MessageBoxA, Type: Inline - RelativeJump 0x7E4507EA-->00000000 [GoogleServices.DLL]
[2864]GoogleDesktop.exe-->user32.dll-->MessageBoxW, Type: Inline - RelativeJump 0x7E466534-->00000000 [GoogleServices.DLL]
[332]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[332]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[332]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[332]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[332]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[332]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[332]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[460]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[460]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[460]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[460]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[460]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[460]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[460]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[460]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[460]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[460]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[460]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[584]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C0E4-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040C0E0-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0040C0B0-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040C0B8-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7C9C1134-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x7C9C1D18-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcA, Type: IAT modification 0x7C9C1D48-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x7C9C1EA4-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x7C9C1E3C-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x7C9C1EE4-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x7C9C1F90-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x7C9C1D34-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x0040C268-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7E411130-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x0040C2A4-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [yui.dll]
[584]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x0040C29C-->00000000 [yui.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 06 June 2010 - 12:18 AM

Greetings

One or more of the identified infections is a Backdoor Trojan.

This could allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 AJB4

AJB4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 06 June 2010 - 02:01 PM

ComboFix 10-06-06.01 - Andrew Bullard 06/06/2010 14:42:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.522 [GMT -4:00]
Running from: D:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 01:20 . 2010-06-06 01:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-03 22:09 . 2010-06-03 22:09 -------- d-----w- c:\documents and settings\Andrew Bullard\Application Data\Malwarebytes
2010-06-03 22:09 . 2010-06-03 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-03 22:09 . 2010-06-06 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 17:58 . 2010-06-03 17:58 -------- d-----w- c:\documents and settings\Andrew Bullard\Application Data\SUPERAntiSpyware.com
2010-06-03 17:58 . 2010-06-03 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-03 01:32 . 2010-06-03 01:32 60416 --sha-r- c:\windows\system32\labelw.dll
2010-05-29 17:35 . 2010-06-02 14:55 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Microsoft
2010-05-27 22:43 . 2010-05-27 22:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-27 03:09 . 2010-05-27 03:09 -------- d-sh--w- c:\documents and settings\3A3B\PrivacIE
2010-05-27 03:09 . 2010-05-27 03:09 -------- d-----w- c:\documents and settings\3A3B\Application Data\Yahoo!
2010-05-27 03:04 . 2010-05-27 03:04 -------- d-----w- c:\documents and settings\3A3B\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2010-05-27 02:57 . 2010-05-27 02:57 -------- d-----w- c:\documents and settings\3A3B\Local Settings\Application Data\Google
2010-05-27 02:23 . 2010-05-27 02:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-27 02:17 . 2010-05-27 02:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-09 01:48 . 2010-05-09 01:48 -------- d-----w- C:\$AVG
2010-05-09 01:40 . 2010-05-09 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-09 01:39 . 2010-05-09 01:59 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-07 19:36 . 2010-06-06 03:11 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-07 19:36 . 2010-06-04 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-07 19:36 . 2010-05-07 19:36 -------- d-----w- c:\program files\Hitman Pro 3.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 14:01 . 2010-06-02 14:01 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-02 14:01 . 2010-06-02 14:01 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 14:01 . 2009-01-30 21:14 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 14:01 . 2009-01-30 21:14 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 06:16 . 2009-07-01 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-01 23:29 . 2010-06-01 23:29 -------- d-----w- c:\documents and settings\Guest\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2010-05-29 17:38 . 2010-05-29 17:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2010-05-09 01:47 . 2009-01-30 21:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-09 01:47 . 2009-01-30 21:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-09 01:41 . 2009-01-30 21:14 -------- d-----w- c:\program files\AVG
2010-05-08 22:18 . 2008-08-15 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-08 22:17 . 2008-08-15 18:09 -------- d-----w- c:\program files\McAfee
2010-04-22 20:22 . 2009-10-12 23:24 1 ----a-w- c:\documents and settings\Andrew Bullard\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-21 17:51 . 2010-04-21 17:51 -------- d-----w- c:\program files\7-Zip
2010-04-09 04:30 . 2009-08-03 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-18 23:05 . 2009-01-30 00:44 64840 ----a-w- c:\documents and settings\Andrew Bullard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-10 24064]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

c:\documents and settings\Andrew Bullard\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-09 01:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/30/2009 5:14 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/30/2009 5:14 PM 242896]
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/8/2010 9:43 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/8/2010 9:43 PM 308064]
R2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [11/1/2009 2:23 PM 3026656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 5:08 PM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [5/8/2010 9:46 PM 430152]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/9/2009 8:53 PM 24064]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [5/7/2010 3:36 PM 15944]
S3 Normandy;Normandy SR2; [x]
S3 SASENUM;SASENUM;\??\c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:07]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:07]

2010-06-06 c:\windows\Tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(2836)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-06 14:49:07
ComboFix-quarantined-files.txt 2010-06-06 18:49
ComboFix2.txt 2010-06-06 18:34

Pre-Run: 137,088,475,136 bytes free
Post-Run: 137,071,149,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4E087B1EC92328791C299486711FFA96


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 06 June 2010 - 02:54 PM

Greetings

Good the first run cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
c:\windows\system32\labelw.dll

Driver::
Normandy


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE**
  • When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 AJB4

AJB4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 06 June 2010 - 10:42 PM

ComboFix 10-06-06.01 - Andrew Bullard 06/06/2010 23:19:40.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.497 [GMT -4:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew Bullard\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\labelw.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\labelw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NORMANDY
-------\Service_Normandy


((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-06 01:20 . 2010-06-06 01:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-03 22:09 . 2010-06-03 22:09 -------- d-----w- c:\documents and settings\Andrew Bullard\Application Data\Malwarebytes
2010-06-03 22:09 . 2010-06-03 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-03 22:09 . 2010-06-06 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 17:58 . 2010-06-03 17:58 -------- d-----w- c:\documents and settings\Andrew Bullard\Application Data\SUPERAntiSpyware.com
2010-06-03 17:58 . 2010-06-03 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-01 23:29 . 2010-06-01 23:29 -------- d-----w- c:\documents and settings\Guest\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2010-05-29 17:38 . 2010-05-29 17:38 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2010-05-29 17:38 . 2010-05-29 17:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2010-05-29 17:36 . 2010-05-29 17:36 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Google
2010-05-27 22:43 . 2010-05-27 22:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-27 03:09 . 2010-05-27 03:09 -------- d-sh--w- c:\documents and settings\3A3B\PrivacIE
2010-05-27 03:09 . 2010-05-27 03:09 -------- d-----w- c:\documents and settings\3A3B\Application Data\Yahoo!
2010-05-27 03:04 . 2010-05-27 03:04 -------- d-----w- c:\documents and settings\3A3B\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2010-05-27 02:57 . 2010-05-27 02:57 -------- d-----w- c:\documents and settings\3A3B\Local Settings\Application Data\Google
2010-05-27 02:23 . 2010-05-27 02:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-27 02:17 . 2010-05-27 02:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-09 01:48 . 2010-05-09 01:48 -------- d-----w- C:\$AVG
2010-05-09 01:40 . 2010-05-09 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-09 01:39 . 2010-05-09 01:59 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 03:11 . 2010-05-07 19:36 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-04 14:24 . 2010-05-07 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-02 14:01 . 2010-06-02 14:01 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-02 14:01 . 2010-06-02 14:01 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 14:01 . 2009-01-30 21:14 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 14:01 . 2009-01-30 21:14 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 06:16 . 2009-07-01 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-05-09 01:47 . 2009-01-30 21:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-09 01:47 . 2009-01-30 21:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-09 01:41 . 2009-01-30 21:14 -------- d-----w- c:\program files\AVG
2010-05-08 22:18 . 2008-08-15 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-08 22:17 . 2008-08-15 18:09 -------- d-----w- c:\program files\McAfee
2010-05-07 19:36 . 2010-05-07 19:36 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-22 20:22 . 2009-10-12 23:24 1 ----a-w- c:\documents and settings\Andrew Bullard\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-21 17:51 . 2010-04-21 17:51 -------- d-----w- c:\program files\7-Zip
2010-04-09 04:30 . 2009-08-03 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-18 23:05 . 2009-01-30 00:44 64840 ----a-w- c:\documents and settings\Andrew Bullard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-06-06_18.32.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-07 03:29 . 2010-06-07 03:29 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
+ 2010-06-07 03:31 . 2010-06-07 03:31 16384 c:\windows\Temp\Perflib_Perfdata_c8c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-10 24064]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

c:\documents and settings\Andrew Bullard\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-09 01:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/30/2009 5:14 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/30/2009 5:14 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/8/2010 9:43 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/8/2010 9:43 PM 308064]
R2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [11/1/2009 2:23 PM 3026656]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [5/7/2010 3:36 PM 15944]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 5:08 PM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [5/8/2010 9:46 PM 430152]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/9/2009 8:53 PM 24064]
S3 SASENUM;SASENUM;\??\c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\ANDREW~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HITMANPRO35
.
Contents of the 'Scheduled Tasks' folder

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:07]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:07]

2010-06-07 c:\windows\Tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3536)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Hitman Pro 3.5\HitmanPro35[1].exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\docume~1\ANDREW~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-06-06 23:39:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-07 03:39
ComboFix2.txt 2010-06-06 18:49
ComboFix3.txt 2010-06-06 18:34

Pre-Run: 137,089,372,160 bytes free
Post-Run: 136,971,653,120 bytes free

- - End Of File - - 5DEC81EF98D48ECF36876C36EDA740E0





and internet works now

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 06 June 2010 - 10:46 PM

Hello AJB4

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..


Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic


"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 AJB4

AJB4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 06 June 2010 - 10:50 PM

it's saying it can't find the registry key on Java

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 06 June 2010 - 10:57 PM

ok skip that and go to next part



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users