PDA

View Full Version : Spybot closes and permissions on its .exe changed



mmauk
2009-08-31, 18:33
This bug disables all monitoring programs including spybot, symantec antivirus etc. Spybot closes after clicking start scan. It it thereafter unavailable due to altered permissions on the .exe. This occurs for other antivirus programs too. Complete removal and reinstallation results in repeat of same problem.

thanks

mike

Blade81
2009-09-03, 08:36
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.


Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

mmauk
2009-09-03, 17:21
Thanks for helping!

The three "here" links downloaded dds.com, dds.scr and dds.pif respectively

dds.scr wouldn't run with double click as windows didn't recognize association type. Launching from command prompt produced a 1/2 second run in separate command prompt. Neither dds.txt nor attach.txt were created anywhere on disk. Trying dds.com and dds.pif produced same result. Didn't continue as I assumed these steps may need to occur in sequence....

sorry if I'm being dense

mike

Blade81
2009-09-03, 20:06
Please continue to GMER run. We'll see that issue with DDS later.

mmauk
2009-09-04, 16:48
GMER was running when I left work last night. This morning it I find that it had crashed and the permissions on the executable had been changed. I added myself back and have launched it again. I imagine, however, this will lead to the same result. This is the same thing that happens to spybot.

Blade81
2009-09-04, 17:31
Yes, that's known symptom caused by this infection. See if you're able to finish GMER run.

After that, please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

mmauk
2009-09-04, 19:14
thanks for your patience....

Here is an interim report from gmer. It is still running but has not added a new entry in a while....

GMER 1.0.15.15077 [9hxt8ng4.exe] - http://www.gmer.net
Rootkit scan 2009-09-04 07:00:03
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.15 ----

? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\svchost.exe[2040] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\system32\svchost.exe[2040] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\system32\svchost.exe[2040] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\Explorer.EXE[2816] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\Explorer.EXE[2816] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\Explorer.EXE[2816] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Eudora\Eudora.exe[4424] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Eudora\Eudora.exe[4424] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Eudora\Eudora.exe[4424] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] USER32.DLL!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\system32\svchost.exe[2040] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\windows\system32\svchost.exe[2040] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\windows\Explorer.EXE[2816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\windows\Explorer.EXE[2816] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[3620] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[3620] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\Eudora\Eudora.exe[4424] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\Eudora\Eudora.exe[4424] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\ole32.dll [USER32.dll!CreateWindowExA] [004171AA] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\ole32.dll [USER32.dll!CreateWindowExW] [00417224] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\ole32.dll [USER32.dll!ShowWindow] [0041729E] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\WININET.dll [USER32.dll!SetWindowPos] [00417350] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\WININET.dll [USER32.dll!CreateWindowExW] [00417224] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [004171AA] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00417224] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00417350] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [0041729E] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\shell32.dll [USER32.dll!CreateWindowExW] [00417224] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\shell32.dll [USER32.dll!ShowWindow] [0041729E] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\shell32.dll [USER32.dll!SetWindowPos] [00417350] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [264] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [312] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [444] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [612] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1396] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [1436] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1596] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1636] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\spoolsv.exe [1884] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [2040] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\System32\alg.exe [2088] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\Explorer.EXE [2816] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [3472] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [3620] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Eudora\Eudora.exe [4424] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe [4452]

Blade81
2009-09-04, 19:51
Hi,

I think you can kill GMER process and run that other program linked in my previous reply. Post back its report.

mmauk
2009-09-04, 20:11
Just after I sent previous post gmer flagged something bad and I was able to copy report before it crashed. The gmer report is too big to post in one reply. So here is the win32kDiag report. Then I'll post the gmer report broken up into pieces...



Log file is located at: C:\Documents and Settings\mmauk\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Could not query reparse information for C:\windows\$hf_mig$\KB887472\KB887472: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB893066\KB893066: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB899587\KB899587: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB900485\KB900485: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB900725\KB900725: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB905414\KB905414: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB908531\KB908531: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB911280\KB911280: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB912945\KB912945: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB913446\KB913446: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB913580\KB913580: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB916595\KB916595: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB918118\KB918118: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB920213\KB920213: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB920685\KB920685: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB920872\KB920872: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB921398\KB921398: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB923414\KB923414: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB923980\KB923980: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB924270\KB924270: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB925902\KB925902: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB926255\KB926255: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB926436\KB926436: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB927779\KB927779: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB927802\KB927802: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB928255\KB928255: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB928843\KB928843: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB929123\KB929123: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB930178\KB930178: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB930916\KB930916: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB931261\KB931261: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB931784\KB931784: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB932168\KB932168: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB935839\KB935839: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB935840\KB935840: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB936357\KB936357: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB937894\KB937894: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB938828\KB938828: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB941202\KB941202: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB941693\KB941693: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB943055\KB943055: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB943485\KB943485: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB944653\KB944653: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB945553\KB945553: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB946026\KB946026: 1450
Could not query reparse information for C:\windows\$hf_mig$\KB948590\KB948590: 1450
Could not query reparse information for C:\windows\addins\addins: 1450
Cannot access: C:\windows\assembly\PublisherPolicy.tme



Cannot access: C:\windows\assembly\pubpol17.dat



Cannot access: C:\windows\assembly\pubpol20.dat



Cannot access: C:\windows\Blue Lace 16.bmp



Cannot access: C:\windows\bootstat.dat



Cannot access: C:\windows\clock.avi



Cannot access: C:\windows\cmsetacl.log



Cannot access: C:\windows\Coffee Bean.bmp



Cannot access: C:\windows\COM+.log



Cannot access: C:\windows\comsetup.log



Cannot access: C:\windows\control.ini



Cannot access: C:\windows\desktop.ini



Cannot access: C:\windows\desktopset.exe



Cannot access: C:\windows\DLA.EXE



Cannot access: C:\windows\DPINST.LOG



Cannot access: C:\windows\DtcInstall.log



Cannot access: C:\windows\explorer.exe



Cannot access: C:\windows\explorer.scf



Cannot access: C:\windows\FaxSetup.log



Cannot access: C:\windows\FeatherTexture.bmp



Cannot access: C:\windows\Gone Fishing.bmp



Cannot access: C:\windows\Greenstone.bmp



Cannot access: C:\windows\hh.exe



Cannot access: C:\windows\IDNMitigationAPIs.log



Cannot access: C:\windows\ie7.log



Cannot access: C:\windows\ie7_main.log



Cannot access: C:\windows\ie8.log



Cannot access: C:\windows\ie8_main.log



Cannot access: C:\windows\iis6.log



Cannot access: C:\windows\imsins.BAK



Cannot access: C:\windows\imsins.log



Cannot access: C:\windows\KB873339.log



Cannot access: C:\windows\KB883517.log



Cannot access: C:\windows\KB883523.log



Cannot access: C:\windows\KB884020.log



Cannot access: C:\windows\KB884575.log



Cannot access: C:\windows\KB884868.log



Cannot access: C:\windows\KB885250.log



Cannot access: C:\windows\KB885835.log



Cannot access: C:\windows\KB885836.log





Finished!

mmauk
2009-09-04, 20:12
GMER 1.0.15.15077 [9hxt8ng4.exe] - http://www.gmer.net
Rootkit scan 2009-09-04 09:44:29
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.15 ----

? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\svchost.exe[2040] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\system32\svchost.exe[2040] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\system32\svchost.exe[2040] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\Explorer.EXE[2816] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\Explorer.EXE[2816] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\windows\Explorer.EXE[2816] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3620] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\Hotsync.exe[3832] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Eudora\Eudora.exe[4424] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Eudora\Eudora.exe[4424] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\Eudora\Eudora.exe[4424] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] USER32.DLL!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
.text C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\CD125F8E.x86.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\system32\svchost.exe[2040] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\windows\system32\svchost.exe[2040] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\windows\Explorer.EXE[2816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\windows\Explorer.EXE[2816] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[3620] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[3620] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\Eudora\Eudora.exe[4424] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\Eudora\Eudora.exe[4424] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\CD125F8E.x86.dll
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\ole32.dll [USER32.dll!CreateWindowExA] [004171AA] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\ole32.dll [USER32.dll!CreateWindowExW] [00417224] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\ole32.dll [USER32.dll!ShowWindow] [0041729E] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\WININET.dll [USER32.dll!SetWindowPos] [00417350] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\WININET.dll [USER32.dll!CreateWindowExW] [00417224] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [004171AA] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00417224] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00417350] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [0041729E] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\shell32.dll [USER32.dll!CreateWindowExW] [00417224] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\shell32.dll [USER32.dll!ShowWindow] [0041729E] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe
IAT C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe[4452] @ C:\windows\system32\shell32.dll [USER32.dll!SetWindowPos] [00417350] C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [264] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [312] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [444] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [612] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1396] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [1436] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1596] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1636] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\spoolsv.exe [1884] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [2040] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\System32\alg.exe [2088] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\windows\Explorer.EXE [2816] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [3472] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [3620] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\Eudora\Eudora.exe [4424] 0x35670000
Library \\?\globalroot\Device\__max++>\CD125F8E.x86.dll (*** hidden *** ) @ C:\DOCUME~1\mmauk\LOCALS~1\Temp\a.exe [4452] 0x35670000

mmauk
2009-09-04, 20:12
---- Files - GMER 1.0.15 ----

File C:\Program Files\Common Files\Adobe\Help\nl_NL\Flash\CS3\index\deletable 4 bytes
File C:\Program Files\Common Files\Adobe\Help\nl_NL\Flash\CS3\index\segments 27 bytes
File C:\Program Files\Common Files\Adobe\Help\nl_NL\Flash\CS3\index\_1.cfs 1347 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3 0 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\content.css 387 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\help.html 658 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\helpmap.txt 47 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\homepage.png 101885 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\index 0 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\index\deletable 4 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\index\segments 27 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\index\_1.cfs 1527 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\localeSpecific.css 249 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Acrobat\CS3\meta_1_1.xml 100 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3 0 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\content.css 387 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\help.html 729 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\helpmap.txt 47 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\homepage.png 22516 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\index 0 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\index\deletable 4 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\index\segments 27 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\index\_1.cfs 1415 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\localeSpecific.css 249 bytes
File C:\Program Files\Common Files\Adobe\Help\no_NO\Flash\CS3\meta_1_1.xml 100 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\content.css 387 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\help.html 788 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\helpmap.txt 47 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\homepage.png 101885 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\index 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\index\deletable 4 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\index\segments 27 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\index\_1.cfs 1962 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\localeSpecific.css 249 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Acrobat\CS3\meta_1_1.xml 100 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\BRIDGE_1.0_HOMEPAGE.html 8404 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\BRIDGE_2.0_HOMEPAGE.html 1821 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\br_workarea_popup.html 1086 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\content-fonts.css 3865 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\content-hyperlinks.css 1964 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\content-ie6.css 316 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\content.css 18830 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\help.html 1897 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\help.js 25375 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\helpmap.txt 1803 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\AcrobatLinkIndicator.png 3170 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\AcrobatLinkIndicatorTopBar.png 3962 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\acro_proSharedIndicator.png 3170 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ActionScriptLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ActionScriptLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\adobelogo.gif 943 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\adobelogo.jpg 17506 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\adobeLogoSplashScreen.gif 161 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\AfterEffectsLinkIndicatorTopBar.png 4320 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\aftereffectsSharedIndicator.png 29888 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\AuditionLinkIndicator.png 28984 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\AuditionLinkIndicatorTopBar.png 4334 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\auditionSharedIndicator.png 28984 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\bkg-line.gif 43 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\BreezeLinkIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\BreezeLinkIndicatorTopBar.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\breezeSharedIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\bridge.png 756 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\BridgeLinkIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\BridgeLinkIndicatorTopBar.png 5602 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\bridgeSharedIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_appicon.png 1028 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_inspector.png 30915 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_photo_downloader.png 24996 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_stack_collapsed.png 34989 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_workarea.png 36239 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_workarea_popup.png 220313 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_workspace_buttons.png 65517 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\btn_next.png 3313 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\btn_prev.png 3258 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\bullet-li.gif 810 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\bullet.gif 61 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\DeviceCentralLinkIndicator.png 31253 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\DeviceCentralLinkIndicatorTopBar.png 4608 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\devicecentralSharedIndicator.png 31253 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\dingbat.png 313 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\DreamweaverLinkIndicator.png 28701 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\DreamweaverLinkIndicatorTopBar.png 4480 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\dreamweaverSharedIndicator.png 28701 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\e.gif 45 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\EncoreDVDLinkIndicator.png 28969 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\EncoreDVDLinkIndicatorTopBar.png 4165 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\encoredvdSharedIndicator.png 28969 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ExtensionManagerLinkIndicatorTopBar.png 4435 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\extensionmanagerSharedIndicator.png 28973 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\externalLinkIndicator.png 3434 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\externalUser.png 1088 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\faltten_view.png 778 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\favicon.ico 1150 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\FlashLinkIndicator.png 29381 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\FlashLinkIndicatorTopBar.png 4043 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\AfterEffectsLinkIndicator.png 29888 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_stack_expanded.png 42591 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ExtensionManagerLinkIndicator.png 28973 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\flashSharedIndicator.png 29381 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\IllustratorLinkIndicator.png 28930 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\next_null.gif 259 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\PhotoshopLinkIndicatorTopBar.png 4289 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\prev_hover.gif 379 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\showhidepanes.png 512 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\svc_adobe_dialog_popup.png 110615 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\switchtofull.png 544 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\FLIPLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\FLIPLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\GaijiSINGLinkIndicator.png 2955 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\GaijiSINGLinkIndicatorTopBar.png 3049 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\GoLiveLinkIndicator.png 29491 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\GoLiveLinkIndicatorTopBar.png 4386 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\goliveSharedIndicator.png 29491 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\homepage.png 35415 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\IllustratorLinkIndicatorTopBar.png 4274 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\illustratorSharedIndicator.png 28930 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\InCopyLinkIndicator.png 29695 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\InCopyLinkIndicatorTopBar.png 4146 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\incopySharedIndicator.png 29695 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\InDesignLinkIndicator.png 29518 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\InDesignLinkIndicatorTopBar.png 4255 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\indesignSharedIndicator.png 29518 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\keep_filter.png 452 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\LightroomLinkIndicator.png 30136 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\LightroomLinkIndicatorTopBar.png 4212 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\lightroomSharedIndicator.png 30136 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\lm.gif 311 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\lmh.gif 313 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ln.gif 110 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\lp.gif 309 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\lph.gif 315 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\next.gif 276 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\next_hover.gif 385 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\off.gif 80 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\on.gif 81 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\p1headern.gif 62 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\p1headerne.gif 155 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\p1headernw.gif 155 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\page.gif 104 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\pdf_fileicon.png 3459 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\PhotoshopElementsLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\PhotoshopElementsLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\PhotoshopLinkIndicator.png 28968 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\photoshopSharedIndicator.png 28968 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\PremiereElementsLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\PremiereElementsLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\PremiereProLinkIndicator.png 28857 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\PremiereProLinkIndicatorTopBar.png 4194 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\premiereproSharedIndicator.png 28857 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\prev.gif 269 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\prev_null.gif 259 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Accept_Md_N.png 690 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Alert_Mac_16x16.png 442 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Cancel_Md_N.png 925 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Conflict2_12x12.png 547 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Deleted_12x12.png 605 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Delete_Md_N.png 716 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Delete_Sm_N.png 534 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_DownloadPresent_12x12.png 587 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_EditLocal_12x12.png 479 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_EditRemoteDownload_12x12.png 449 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Folder_Wi_N.png 396 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_ListView_Md_N.png 507 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_MyServer_16x16.png 3674 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_NetworkServer_16x16.png 3746 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_New_12x12.png 610 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_New_Wi_N.png 390 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_OfflineMissing_12x12.png 488 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_OfflinePresent_12x12.png 604 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_OpenCloseStructure_Sm_N.png 492 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Open_12x12.png 549 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_PrivateProject_16x16.png 3690 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_ProjectOffline_16x16.png 3829 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Project_16x16.png 3747 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Ready_12x12.png 461 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Search_16x16_N.png 717 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_ServerOffline_16x16.png 3654 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Tools_Md_N.png 519 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\P_Vc2Project_16X16.png 3816 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ReaderLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ReaderLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\readerSharedIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\s.gif 57 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\se.gif 116 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\slider.png 379 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\SoundboothLinkIndicator.png 29036 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\SoundboothLinkIndicatorTopBar.png 4377 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\soundboothSharedIndicator.png 29036 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\spacer.GIF 43 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\StockphotoLinkIndicator.png 3304 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\StockphotoLinkIndicatorTopBar.png 3713 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\stockphotoSharedIndicator.png 3304 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\svc_adobe_dialog.png 7629 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\svc_server_admin.png 24037 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\svc_status_bar.png 49767 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\svc_versions.png 21969 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\svc_workgroup_config.png 5715 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\svc_workgroup_config_popup.png 59636 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\sw.gif 112 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\swf_fileicon.png 3435 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\switchtocompact.png 513 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\switchtoultra.png 474 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\tip_help.png 28843 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\tm.gif 764 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\tmh.gif 758 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\tn.gif 511 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\tp.gif 759 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\tph.gif 789 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\up.gif 59 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ValidatorLinkIndicator.png 3172 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\ValidatorLinkIndicatorTopBar.png 10831 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\validatorSharedIndicator.png 3172 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\VC_App_Icon-16x16x32.png 749 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\VC_TrayOff_Icon_20x20.png 736 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\VC_User_16x16.png 615 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\VersionCueLinkIndicator.png 30362 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\VersionCueLinkIndicatorTopBar.png 5602 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\versioncueSharedIndicator.png 30362 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\vline.gif 503 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\w.gif 45 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index\deletable 4 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index\segments 28 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index\_45.cfs 289935 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_1.html 45988 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_10.html 8018 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_11.html 6779 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_12.html 4515 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_13.html 7384 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_14.html 5988 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_16.html 29044 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_17.html 7779 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_18.html 11700 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_19.html 3651 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_2.html 8482 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_20.html 5955 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_21.html 13417 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_22.html 3878 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_23.html 15988 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_24.html 12786 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_3.html 4726 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_4.html 8637 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_5.html 6531 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_6.html 6254 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_7.html 5482 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_8.html 3703 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_9.html 6777 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\insertFlashPopup.js 815 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\localeSpecific.css 298 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\meta_1_1.xml 1491 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\popup.css 1094 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\splash.html 1821 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\srch_fset.html 440 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\srch_top.html 648 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\svc_adobe_dialog_popup.html 1070 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\svc_workgroup_config_popup.html 1154 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\terms.js 3923 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\toc.html 94947 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\tree.css 2161 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\treeview.js 51894 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\utilities.js 3269 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\VERSIONCUE_2.0_HOMEPAGE.html 8229 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS003A7BDB-7C22-4cd4-A771-A62178A198D2.html 7665 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS0095E6E3-D804-40bb-B4F0-A7E9F2B8CA41.html 12974 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS00C9FBA7-CF1F-410a-A8BB-CDB14A92C9E4.html 3677 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS00D4D950-78AB-4a24-BB55-926A9E91E6E1.html 4196 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS02168C3D-736B-4b73-A7A0-63EAFB7E09B1.html 4865 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS02C0A325-59D3-46ea-8831-E773E4D8BCC0.html 6176 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\index_15.html 9202 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\scripts.js 953 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\version.html

mmauk
2009-09-04, 20:14
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS0D78142E-6028-4ec1-9BBF-6837F1DE3CD5.html 5436 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS308E3BB0-4D80-4940-A772-F77DD21227EE.html 11612 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS4B0F17ED-6E98-47b4-B3E1-800EE67EFDAD.html 4193 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS69B2195A-82A8-4bee-93C5-EDF171E21A92.html 7668 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS8947C74D-DAC2-4ef5-861D-674D6033D41A.html 3956 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS9ECA884A-EC3D-4429-97D7-5BDB1E253107.html 6951 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSB7BF8D04-DC62-4ee1-96E0-C1AE7ABCECDA.html 4724 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC9B4FFD7-501A-4051-B05B-756AD9784BBE.html 5036 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSEAAF9554-6F4B-430b-92C0-AC60A7AE51BC.html 6512 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS02FAC913-84EB-4f42-8F29-4A914C08C078.html 6806 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS03801AA6-8939-4f4c-991F-ACA800549D16.html 4015 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS044E166E-FCF3-4642-9C19-F28CFEF2BBD8.html 4422 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS050B3B2C-172E-4f0b-905B-A381EBABA1F8.html 10298 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS053639F1-B3A7-4718-A582-5AC0CCDB1DB8.html 13078 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS0621E887-6541-4605-B965-51E40F8584FE.html 4645 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS093EF261-B811-489c-8E30-10109DBE71FB.html 9583 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS0D81D37E-2046-4f7b-97F5-A7C38FF7D467.html 4585 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS0DF94317-81FF-4202-8505-2E9E58036F5C.html 3608 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS0E552D7D-A469-4856-8A97-C5AEF01F383B.html 7338 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS0FED4788-09A5-45f5-B136-BEFE64ADE5F6.html 10098 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS10F46CE8-22B6-4a85-B3E4-465DF57C1364.html 6119 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS13B765A1-9B25-4c7f-8B77-DF499C0A98D0.html 9247 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS17406B5C-E04E-43c7-A8F1-5863C50ECA46.html 7944 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS1B39A47C-29C2-4c8e-8876-E602C9E0A16A.html 7003 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS1E4EBE7B-08FF-4a42-ACC0-05B9C5989C83.html 6885 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS283FF75A-DE68-4364-9125-9305C4879E16.html 7631 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS28D208C4-02EB-4099-A634-BBB1665A3F39.html 4759 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS2D694358-AEAF-4716-8FE2-889F3DD7C139.html 3918 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS2ED1D1ED-510F-4405-8632-865B5AD2FE30.html 3711 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS2F6E1E6C-2DD6-4242-A674-E2642CD0DF6A.html 3639 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS30CF6649-471F-45cd-BC8A-4A8D79CAD8BA.html 4256 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS327A661A-7797-4099-B631-93D222632F6D.html 4615 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS34CF17D2-72F5-4068-A252-FE3C691AF2CF.html 20969 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS374893A9-6854-4b45-9C1B-A2AD75571F01.html 4264 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS376084AE-BE6A-423b-98E1-39749C3C1A17.html 3528 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS38FC1F4F-23D6-4aec-9676-190F5D4BB82E.html 7580 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS3A6DE088-B23E-4145-941B-1754DEBCF9BE.html 3835 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS3CF2DC30-4780-4baa-BB31-E42AD199AE86.html 8276 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS3D48102F-842F-46d9-B7B1-AC15A0EF69C5.html 6218 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS405C1F46-A6FA-4899-8658-0987E478484D.html 6757 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS4523B0A5-DE34-42b1-98B5-5FC93DFC657B.html 4628 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS485BDC95-809E-4d6b-9BD8-D022B6A42148.html 3886 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS496111DE-533D-4206-A2FF-7D914C78A8A2.html 3813 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS49F36E28-5E3E-4e47-AD21-41C97503D8C0.html 5841 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS4E839ABD-7AA4-41b4-841C-8E1C8E655CAF.html 5765 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS4FC7198F-AB60-4be2-B359-D460C838D915.html 8064 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS4FE0DFF1-E750-45d8-A3A7-7425F4CA001D.html 4749 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS5329A762-80EF-4804-95DE-B654453DEEC6.html 5155 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS55BCC540-E65C-460d-8ED8-AF795757BD48.html 9360 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS562850D2-B721-472c-B89E-31941950F2DC.html 3788 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS562AF8B4-2C1B-46cc-B0CF-D6B77B13F37F.html 14849 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS5864511A-E4E2-488f-96AD-6CB45155FF6B.html 6375 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS5984E2AF-003B-4a83-8D0E-1E0D5141E497.html 7500 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS5C0A428D-D8CC-41c4-8584-BE4E5C2CA952.html 3970 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS602A27B1-4FC8-4919-A0EE-0B6D54359E3B.html 5384 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS61639261-F8C9-4433-A631-3BBCFB03DC6F.html 4528 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS620E2DCA-2B08-405d-B34E-A1D3C4E2C2DF.html 3358 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS66F83618-876B-4866-98BA-DB3C65074148.html 5664 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS6A26877A-0178-4149-9109-9D2D636F67F0.html 4605 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS6A38B006-62EC-4657-8001-C7C5F5BFAF5F.html 3907 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS6FA2F6F2-1EEE-41cb-A0EF-60B2AADE83B7.html 6624 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS7049512F-0ED0-4f33-B6D9-D7B89F8F0909.html 5940 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS7052E1B5-69BF-4f1b-8A3C-0E8E6E638676.html 7564 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS753D4770-910B-4f8e-AC4B-04DE37D7740C.html 4776 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS77E254EA-903F-4250-9308-861C517A2981.html 3284 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS79E47C4B-998E-43be-87C6-01E4E4B53EE6.html 6046 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS7A2E95E1-8E17-4a86-AC8C-EFE4193356C2.html 6044 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS7BEB2BA7-91E0-4db1-A8FA-9BBE04823352.html 6213 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS7D0151D2-FC77-4c66-9454-030FBBB6FA2B.html 4186 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS818ED8F9-66FC-4698-8D54-459ABC97CA48.html 4041 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS819E7672-DA01-40ab-ACFF-6D1088A650A6.html 5297 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS82970C54-330B-4f65-9411-BBA5EDCA825A.html 6364 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS89986D4A-ECBC-47bd-B965-2C6D38E3C4AD.html 6348 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS8A8B7CBA-9B81-4c8e-A9C8-3B2831E24AF2.html 4274 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS8B021048-2D4D-476f-9BA8-0B5A3777953D.html 20524 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS8C49C6A9-FB60-4bfe-819D-DFFD81F0F565.html 5025 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS8DD6A333-1822-4395-9B79-69E58B07E8A0.html 9797 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS8F738A53-29E4-498e-9810-0648C82637B1.html 4569 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS909C93A9-6AE2-4ce4-BCC5-15CF3FB9B3C3.html 8751 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS960E0C51-B0A2-43cb-9913-8C6D9CA3CF4A.html 11056 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS97D9A48D-21DA-4cc2-91F8-7E79C753EF94.html 5585 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS995FDF97-5B17-47a4-9150-DC2CB154795A.html 5381 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS9BD69516-0C7F-4a32-AB8A-214249093F18.html 19804 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS9C8C8BB9-4F7D-4cae-AA25-7B325EABF481.html 7687 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS9D8979FA-C5E9-46f1-B989-204E2FF59A8D.html 6763 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS9EC190AE-8A8D-417b-AA68-2D121156B275.html 4885 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS9EFAE2A8-91A7-4dc2-AFD2-0207024F404C.html 6912 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WS9FD61142-EC01-4506-9BA8-D840CB124A86.html 3722 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSA1D899D2-B6F8-4fff-B0D9-94889C4FD5CD.html 3917 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSA268344C-7820-4285-9359-C63DCE8C269F.html 7958 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSA2ACF783-7B02-4501-BB68-5A6D65210EFD.html 4183 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSA63F14FC-A095-4093-A549-D728F13C7342.html 4646 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSA6BF3B5F-F315-4b9f-A4D6-1358050C32A8.html 8172 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSA7EB9381-408B-446f-A9F9-030235F3E7B7.html 5463 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSA85CA9F5-04B5-4302-B0CC-7287DD7ACDC3.html 5193 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSAD82F19C-62C8-428a-A822-3EDD69FE1B67.html 4473 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSB05092E5-1583-4796-8502-D269850BCA58.html 6247 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSB243D629-322A-4caa-8014-A170DE93E20D.html 5665 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSB37B9B38-78CF-4d6b-9E39-29A8B3084A7E.html 3357 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSB76D773C-4908-4156-BF15-E9B01F667286.html 4870 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSB86100F9-D2A0-4170-B84A-C02B6E01F9F5.html 4091 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSBCB2D1F5-98B8-45cc-950A-58E8347FD2F8.html 9740 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSBCE53ABB-9447-498c-A504-1A9832C77820.html 3992 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSBCF5BF35-548E-4681-B4B8-BB641B1FD3F0.html 12544 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSBCFF6641-CEA1-4517-8E9F-308CF3DA2307.html 3814 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC08F8C24-C139-4be9-B101-63BCB482E19D.html 4661 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC0F73BA5-EC98-4075-B1FB-00087BC2C423.html 3776 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC24EDB7C-FBBD-4363-B198-869E0AEAFD38.html 3487 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC2E867EC-934C-4f41-985D-2F9B126D1CEB.html 3905 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC39358BF-E297-4286-90A1-728EB4E9B339.html 4992 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC53191C1-FC95-4556-80CC-79F299CF5E71.html 5558 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC54FBBA7-914C-41f4-9D65-E0A92873AE45.html 5627 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC700440B-7376-4823-A90D-5CAC0C07EE32.html 3814 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSC89F165A-E723-4ce9-96C5-B69BCEF96828.html 7169 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSCA40FBEF-A625-4422-B04C-FACFEBF417B9.html 9048 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSCA75D230-84FF-4589-BEB5-D4FA90B39773.html 4667 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSCE8EB907-49F3-4960-8EFA-233C6F1BC10C.html 9138 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSD2656724-FBF4-41b1-B9D4-9DD992306D2A.html 10269 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSD4BCF8D7-F1F1-4524-9B3F-FE846C289AEB.html 6999 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSD505FD80-B43C-49d0-AB67-FD2D98661112.html 4321 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSD5BC56A5-D4A5-4f8f-9947-D962C386CC5C.html 10190 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSDBA24A9B-D001-423b-87BB-F29A4E2E70A6.html 9236 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSDD176011-4B99-477b-87C3-4063D220342C.html 6309 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSE10F1F42-E5F0-434e-94FC-45E9BD274893.html 3733 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSE26E6C18-DA7C-4ab9-BAD1-8CE2E89F087B.html 10279 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSE7F22982-2B31-4714-B3F1-4F40844DA147.html 10529 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSE7F6DBB0-84D0-4cb6-8D02-0D97CD9C91AE.html 5380 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSE8EC146A-E33D-450c-8003-4115800814D3.html 7012 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSEAED2E84-EB62-4630-BF10-C02798DC8C78.html 10419 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSEC378273-AF69-4a1e-9CD8-108420C556ED.html 8463 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSEC5DD830-699C-4edb-9615-4E369166A440.html 5918 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSECDC2616-E9E4-4019-A276-D3ECAB296C5E.html 5932 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSF042984B-1A6E-4c35-8BC6-109A97BBC3AD.html 4497 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSF5373CA5-9E0D-4e77-B8A5-C9BE8BD52426.html 4412 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSF99C88DA-211B-412a-9464-8CB68F09B0D3.html 23509 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSFB3ABCB5-2657-4862-8FDA-3AB26C4E7002.html 6597 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSFCE56C1C-A6A7-469a-B49D-156D23BC73DD.html 5961 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-7236.html 9983 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-72ae.html 5653 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-72b0.html 5422 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-72b5.html 4782 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-72b6.html 5027 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-7345.html 11967 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-734a.html 7838 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-734b.html 4532 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-734d.html 6263 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-734e.html 3649 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-735f.html 3916 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-7363.html 7349 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-736d.html 7156 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-736e.html 8856 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-7370.html 3503 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\WSfd1234e1c4b69f30ea53e41001031ab64-7371.html 4987 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\content-fonts.css 3828 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\content-hyperlinks.css 1964 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\content-ie6.css 316 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\content.css 18737 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\EXTENSIONMANAGER_1.8_HOMEPAGE.html 1433 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\help.html 1809 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\help.js 25281 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\helpmap.txt 143 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\AcrobatLinkIndicator.png 3170 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\AcrobatLinkIndicatorTopBar.png 3962 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\acrobat_appicon.png 3170 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\acro_proSharedIndicator.png 3170 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ActionScriptLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ActionScriptLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\adobelogo.gif 943 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\adobelogo.jpg 17506 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\adobeLogoSplashScreen.png 32557 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\AfterEffectsLinkIndicator.png 29888 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\AfterEffectsLinkIndicatorTopBar.png 4320 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\aftereffectsSharedIndicator.png 29888 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\AuditionLinkIndicator.png 28984 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\AuditionLinkIndicatorTopBar.png 4334 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\auditionSharedIndicator.png 28984 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\bkg-line.gif 43 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\BreezeLinkIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\breezeSharedIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\BridgeLinkIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\BridgeLinkIndicatorTopBar.png 5602 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\bridgeSharedIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\btn_next.png 3313 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\btn_prev.png 3258 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\bullet-li.gif 810 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\bullet.gif 61 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\DeviceCentralLinkIndicator.png 31253 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\devicecentralSharedIndicator.png 31253 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\dingbat.png 313 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\DreamweaverLinkIndicator.png 28701 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\DreamweaverLinkIndicatorTopBar.png 4480 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\dreamweaverSharedIndicator.png 28701 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\e.gif 45 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\EncoreDVDLinkIndicator.png 28969 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\EncoreDVDLinkIndicatorTopBar.png 4165 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\encoredvdSharedIndicator.png 28969 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ExtensionManagerLinkIndicator.png 28973 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ExtensionManagerLinkIndicatorTopBar.png 4435 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\extensionmanagerSharedIndicator.png 28973 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\externalLinkIndicator.png 3434 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\favicon.ico 1150 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\FlashLinkIndicator.png 29381 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\FlashLinkIndicatorTopBar.png 4043 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\BreezeLinkIndicatorTopBar.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\DeviceCentralLinkIndicatorTopBar.png 4608 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\flashSharedIndicator.png 29381 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\IllustratorLinkIndicator.png 28930 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\off.gif 80 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\StockphotoLinkIndicator.png 3304 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\FLIPLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\FLIPLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\GaijiSINGLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\GaijiSINGLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\GoLiveLinkIndicator.png 29491 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\GoLiveLinkIndicatorTopBar.png 4386 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\goliveSharedIndicator.png 29491 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\homepage.png 16402 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\IllustratorLinkIndicatorTopBar.png 4274 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\illustratorSharedIndicator.png 28930 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\InCopyLinkIndicator.png 29695 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\InCopyLinkIndicatorTopBar.png 4146 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\incopySharedIndicator.png 29695 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\InDesignLinkIndicator.png 29518 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\InDesignLinkIndicatorTopBar.png 4255 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\indesignSharedIndicator.png 29518 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\LightroomLinkIndicator.png 30136 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\LightroomLinkIndicatorTopBar.png 4212 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\lightroomSharedIndicator.png 30136 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\lm.gif 311 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\lmh.gif 313 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ln.gif 110 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\lp.gif 309 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\lph.gif 315 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\next.gif 276 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\next_hover.gif 385 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\next_null.gif 259 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\on.gif 81 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\p1headern.gif 62 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\p1headerne.gif 155 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\p1headernw.gif 155 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\page.gif 104 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\pdf_fileicon.png 3459 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\PhotoshopElementsLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\PhotoshopElementsLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\PhotoshopLinkIndicator.png 28968 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\PhotoshopLinkIndicatorTopBar.png 4289 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\photoshopSharedIndicator.png 28968 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\PremiereElementsLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\PremiereElementsLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\PremiereProLinkIndicator.png 28857 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\PremiereProLinkIndicatorTopBar.png 4194 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\premiereproSharedIndicator.png 28857 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\prev.gif 269 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\prev_hover.gif 379 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\prev_null.gif 259 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ReaderLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ReaderLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\readerSharedIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\s.gif 57 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\se.gif

mmauk
2009-09-04, 20:15
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\SoundboothLinkIndicator.png 29036 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\SoundboothLinkIndicatorTopBar.png 4377 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\soundboothSharedIndicator.png 29036 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\spacer.GIF 43 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\StockphotoLinkIndicatorTopBar.png 3713 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\stockphotoSharedIndicator.png 3304 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\sw.gif 112 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\swf_fileicon.png 3435 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\tip_help.png 28843 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\tm.gif 764 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\tmh.gif 758 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\tn.gif 511 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\tp.gif 759 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\tph.gif 789 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\up.gif 59 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ValidatorLinkIndicator.png 3219 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\ValidatorLinkIndicatorTopBar.png 6574 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\validatorSharedIndicator.png 3219 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\VersionCueLinkIndicator.png 30362 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\VersionCueLinkIndicatorTopBar.png 5602 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\versioncueSharedIndicator.png 30362 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\vline.gif 503 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\images\w.gif 45 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index\deletable 4 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index\segments 27 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index\_l.cfs 47950 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_1.html 3372 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_11.html 5144 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_12.html 3399 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_13.html 3967 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_14.html 5142 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_15.html 4311 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_2.html 4958 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_3.html 3377 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_4.html 4534 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_5.html 4286 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_6.html 3345 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_7.html 4502 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_8.html 3362 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_9.html 6928 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\insertFlashPopup.js 815 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\localeSpecific.css 298 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\meta_1_1.xml 1012 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\popup.css 1067 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\scripts.js 953 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\splash.html 1433 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\srch_fset.html 440 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\srch_top.html 648 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\terms.js 3941 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\toc.html 17635 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\tree.css 2161 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\treeview.js 51669 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\utilities.js 3269 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\version.html 163 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS196E35A1-96D0-4801-B9C5-7490BA2AC4CB.html 7511 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS2ACEA5FA-8659-47b9-A1DA-92F437825240.html 3793 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS2DEA688B-8DD0-4065-8E4C-6E388F05C520.html 11680 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS3803C6DE-A82B-449c-920C-99C47986F343.html 6123 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS5EE5BADC-971E-4389-9052-6275E75A713C.html 4798 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS671D4979-B18E-484d-9F80-834904367C48.html 4529 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS6AF1AF65-5247-4af4-B401-51E8CF5B37FE.html 3665 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS6EE6602A-7CCA-4db8-A389-6824E15CC0A3.html 3452 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS7E71DB28-67D2-4dbc-BBAF-18FEB405BBBF.html 3877 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WS9E7F0D86-126C-4feb-B024-A9CF0FC9F946.html 10221 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSD1F1B2DA-4E6A-46db-A139-A14944FFF58A.html 6975 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSDE042EF7-2ECB-4e34-A9E9-B91F5DCF18B6.html 3934 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSE4332C6D-0982-4c98-8E77-77CC497A2F4D.html 4194 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSE4BFD539-7DEA-4579-9B58-A54647B8AF2E.html 6473 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSEC9893AE-0790-43f9-B27D-F3E4B7A26BBB.html 3533 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSef3735c8b4d78bef5dd58210e53c97942-7fe7.html 7894 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSef3735c8b4d78bef5dd58210e53c97942-7fe8.html 4443 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\index_10.html 11919 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSAE3ED363-FF5E-4b13-B2FF-7084F2B699CD.html 6343 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSef3735c8b4d78bef5dd58210e53c97942-7fe9.html 3675 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSef3735c8b4d78bef5dd58210e53c97942-7fea.html 3841 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSef3735c8b4d78bef5dd58210e53c97942-7ff9.html 6168 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSef3735c8b4d78bef5dd58210e53c97942-7ffe.html 5302 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSef3735c8b4d78bef5dd58210e53c97942-7fff.html 3740 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSef3735c8b4d78bef5dd58210e53c97942-8000.html 3715 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSF44C965C-0988-4911-B32C-FD8F39230DB0.html 4210 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSFB701FA8-2826-4278-B1BF-56B419B5B859.html 4234 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\ExtensionManager\1.8\WSFC0C4DCE-7F47-4f5c-8B46-625B67D025E9.html 3292 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\content.css 387 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\help.html 759 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\helpmap.txt 47 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\homepage.png 22516 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\index 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\index\deletable 4 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\index\segments 27 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\index\_1.cfs 1826 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\localeSpecific.css 249 bytes
File C:\Program Files\Common Files\Adobe\Help\pl_PL\Flash\CS3\meta_1_1.xml 100 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\content.css 387 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\help.html 750 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\helpmap.txt 47 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\homepage.png 101885 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\index 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\index\deletable 4 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\index\segments 27 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\index\_1.cfs 1640 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\localeSpecific.css 249 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Acrobat\CS3\meta_1_1.xml 100 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\BRIDGE_1.0_HOMEPAGE.html 8131 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\BRIDGE_2.0_HOMEPAGE.html 1824 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\br_workarea_popup.html 1108 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\content-fonts.css 3865 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\content-hyperlinks.css 1964 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\content-ie6.css 316 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\content.css 18830 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\help.html 1897 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\help.js 25375 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\helpmap.txt 1803 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\AcrobatLinkIndicator.png 3170 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\AcrobatLinkIndicatorTopBar.png 3962 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\acro_proSharedIndicator.png 3170 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\ActionScriptLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\ActionScriptLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\adobelogo.gif 943 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\adobelogo.jpg 17506 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\adobeLogoSplashScreen.gif 161 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\AfterEffectsLinkIndicatorTopBar.png 4320 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\aftereffectsSharedIndicator.png 29888 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\AuditionLinkIndicator.png 28984 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\AuditionLinkIndicatorTopBar.png 4334 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\auditionSharedIndicator.png 28984 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\bkg-line.gif 43 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\BreezeLinkIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\BreezeLinkIndicatorTopBar.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\breezeSharedIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\bridge.png 756 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\BridgeLinkIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\BridgeLinkIndicatorTopBar.png 5602 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\bridgeSharedIndicator.png 28877 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_appicon.png 1028 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_inspector.png 46319 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_photo_downloader.png 31772 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_stack_collapsed.png 34993 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_workarea.png 39793 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_workarea_popup.png 200941 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_workspace_buttons.png 9993 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\btn_next.png 3313 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\btn_prev.png 3258 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\bullet-li.gif 810 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\bullet.gif 61 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\DeviceCentralLinkIndicator.png 31253 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\DeviceCentralLinkIndicatorTopBar.png 4608 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\devicecentralSharedIndicator.png 31253 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\dingbat.png 313 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\DreamweaverLinkIndicator.png 28701 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\DreamweaverLinkIndicatorTopBar.png 4480 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\dreamweaverSharedIndicator.png 28701 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\e.gif 45 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\EncoreDVDLinkIndicator.png 28969 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\EncoreDVDLinkIndicatorTopBar.png 4165 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\encoredvdSharedIndicator.png 28969 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\ExtensionManagerLinkIndicatorTopBar.png 4435 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\extensionmanagerSharedIndicator.png 28973 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\externalLinkIndicator.png 3434 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\externalUser.png 1088 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\faltten_view.png 778 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\favicon.ico 1150 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\FlashLinkIndicator.png 29381 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\FlashLinkIndicatorTopBar.png 4043 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\AfterEffectsLinkIndicator.png 29888 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_stack_expanded.png 42589 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\ExtensionManagerLinkIndicator.png 28973 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\flashSharedIndicator.png 29381 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\IllustratorLinkIndicator.png 28930 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\next_null.gif 259 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\PhotoshopLinkIndicatorTopBar.png 4289 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\prev_hover.gif 379 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\showhidepanes.png 512 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\svc_adobe_dialog_popup.png 121186 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\switchtofull.png 544 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\FLIPLinkIndicator.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\FLIPLinkIndicatorTopBar.png 2901 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\GaijiSINGLinkIndicator.png 35473 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\GaijiSINGLinkIndicatorTopBar.png 4327 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\GoLiveLinkIndicator.png 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\GoLiveLinkIndicatorTopBar.png 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\goliveSharedIndicator.png 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\homepage.png 0 bytes
File C:\Program Files\Common Files\Adobe\Help\pt_BR\Flash 0 bytes

---- EOF - GMER 1.0.15 ----

Blade81
2009-09-04, 20:29
Hi,

Open notepad and then copy and paste the code box contents below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@echo off
dir /s /a %systemroot%\system32\eventlog.dll %systemroot%\system32\scecli.dll %systemroot%\system32\netlogon.dll %systemroot%\system32\cngaudit.dll %systemroot%\system32\sceclt.dll %systemroot%\system32\ntelogon.dll %systemroot%\system32\logevent.dll >c:\checking.txt

Double-click on fixes.bat file to execute it. c:\checking.txt file should appear. Post back its contents, please.

mmauk
2009-09-04, 22:29
Hi,

Thanks again for your time....


Here's the checking.txt contents

Volume in drive C is Preload
Volume Serial Number is E406-9CFA

Directory of C:\windows\system32

04/13/2008 05:11 PM 62,976 eventlog.dll

Directory of C:\windows\system32

04/13/2008 05:12 PM 181,248 scecli.dll

Directory of C:\windows\system32

04/13/2008 05:12 PM 407,040 netlogon.dll

Directory of C:\windows\system32

04/13/2008 05:11 PM 56,320 logevent.dll
4 File(s) 707,584 bytes

Total Files Listed:
4 File(s) 707,584 bytes
0 Dir(s) 1,145,200,640 bytes free

Blade81
2009-09-05, 01:39
Hi,

Open notepad and then copy and paste the code box contents below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@echo off
copy C:\windows\system32\logevent.dll c:\

Double-click on fixes.bat file to execute it.


Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.

Files to move:
c:\logevent.dll | c:\windows\system32\eventlog.dll
In the avenger window, click the Paste Script from Clipboard, http://img220.imageshack.us/img220/8923/pastets4.png button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

mmauk
2009-09-08, 17:38
Hi,

Here is the avenger.txt log...

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\logevent.dll|c:\windows\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


Thanks!

Blade81
2009-09-08, 17:43
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
%userprofile%\desktop\win32kdiag.exe -f -r

mmauk
2009-09-08, 17:58
Hi,

Here are the Win32kdiag.txt contents


Log file is located at: C:\Documents and Settings\mmauk\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Found mount point : C:\windows\$hf_mig$\KB887472\KB887472

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB887472\KB887472

Found mount point : C:\windows\$hf_mig$\KB893066\KB893066

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB893066\KB893066

Found mount point : C:\windows\$hf_mig$\KB899587\KB899587

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB899587\KB899587

Found mount point : C:\windows\$hf_mig$\KB900485\KB900485

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB900485\KB900485

Found mount point : C:\windows\$hf_mig$\KB900725\KB900725

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB900725\KB900725

Found mount point : C:\windows\$hf_mig$\KB905414\KB905414

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB905414\KB905414

Found mount point : C:\windows\$hf_mig$\KB908531\KB908531

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB908531\KB908531

Found mount point : C:\windows\$hf_mig$\KB911280\KB911280

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB911280\KB911280

Found mount point : C:\windows\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB912945\KB912945

Found mount point : C:\windows\$hf_mig$\KB913446\KB913446

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB913446\KB913446

Found mount point : C:\windows\$hf_mig$\KB913580\KB913580

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB913580\KB913580

Found mount point : C:\windows\$hf_mig$\KB916595\KB916595

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB916595\KB916595

Found mount point : C:\windows\$hf_mig$\KB918118\KB918118

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB918118\KB918118

Found mount point : C:\windows\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB920213\KB920213

Found mount point : C:\windows\$hf_mig$\KB920685\KB920685

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB920685\KB920685

Found mount point : C:\windows\$hf_mig$\KB920872\KB920872

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB920872\KB920872

Found mount point : C:\windows\$hf_mig$\KB921398\KB921398

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB921398\KB921398

Found mount point : C:\windows\$hf_mig$\KB923414\KB923414

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB923414\KB923414

Found mount point : C:\windows\$hf_mig$\KB923980\KB923980

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB923980\KB923980

Found mount point : C:\windows\$hf_mig$\KB924270\KB924270

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB924270\KB924270

Found mount point : C:\windows\$hf_mig$\KB925902\KB925902

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB925902\KB925902

Found mount point : C:\windows\$hf_mig$\KB926255\KB926255

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB926255\KB926255

Found mount point : C:\windows\$hf_mig$\KB926436\KB926436

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB926436\KB926436

Found mount point : C:\windows\$hf_mig$\KB927779\KB927779

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB927779\KB927779

Found mount point : C:\windows\$hf_mig$\KB927802\KB927802

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB927802\KB927802

Found mount point : C:\windows\$hf_mig$\KB928255\KB928255

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB928255\KB928255

Found mount point : C:\windows\$hf_mig$\KB928843\KB928843

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB928843\KB928843

Found mount point : C:\windows\$hf_mig$\KB929123\KB929123

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB929123\KB929123

Found mount point : C:\windows\$hf_mig$\KB930178\KB930178

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB930178\KB930178

Found mount point : C:\windows\$hf_mig$\KB930916\KB930916

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB930916\KB930916

Found mount point : C:\windows\$hf_mig$\KB931261\KB931261

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB931261\KB931261

Found mount point : C:\windows\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB931784\KB931784

Found mount point : C:\windows\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB932168\KB932168

Found mount point : C:\windows\$hf_mig$\KB935839\KB935839

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB935839\KB935839

Found mount point : C:\windows\$hf_mig$\KB935840\KB935840

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB935840\KB935840

Found mount point : C:\windows\$hf_mig$\KB936357\KB936357

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB936357\KB936357

Found mount point : C:\windows\$hf_mig$\KB937894\KB937894

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB937894\KB937894

Found mount point : C:\windows\$hf_mig$\KB938828\KB938828

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB938828\KB938828

Found mount point : C:\windows\$hf_mig$\KB941202\KB941202

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB941202\KB941202

Found mount point : C:\windows\$hf_mig$\KB941693\KB941693

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB941693\KB941693

Found mount point : C:\windows\$hf_mig$\KB943055\KB943055

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB943055\KB943055

Found mount point : C:\windows\$hf_mig$\KB943485\KB943485

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB943485\KB943485

Found mount point : C:\windows\$hf_mig$\KB944653\KB944653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB944653\KB944653

Found mount point : C:\windows\$hf_mig$\KB945553\KB945553

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB945553\KB945553

Found mount point : C:\windows\$hf_mig$\KB946026\KB946026

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB946026\KB946026

Found mount point : C:\windows\$hf_mig$\KB948590\KB948590

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB948590\KB948590

Found mount point : C:\windows\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\addins\addins

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1242.tmp\ZAP1242.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1242.tmp\ZAP1242.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1325.tmp\ZAP1325.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1325.tmp\ZAP1325.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1341.tmp\ZAP1341.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1341.tmp\ZAP1341.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP51F.tmp\ZAP51F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP51F.tmp\ZAP51F.tmp

Found mount point : C:\windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\tmp\tmp

Found mount point : C:\windows\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Config\Config

Found mount point : C:\windows\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Connection Wizard\Connection Wizard

Found mount point : C:\windows\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\CSC\d1\d1

Found mount point : C:\windows\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\CSC\d2\d2

Found mount point : C:\windows\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\CSC\d3\d3

Found mount point : C:\windows\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\CSC\d4\d4

Found mount point : C:\windows\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\CSC\d5\d5

Found mount point : C:\windows\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\CSC\d6\d6

Found mount point : C:\windows\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\CSC\d7\d7

Found mount point : C:\windows\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\CSC\d8\d8

Found mount point : C:\windows\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\chsime\applets\applets

Found mount point : C:\windows\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\CHTIME\Applets\Applets

Found mount point : C:\windows\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imejp\applets\applets

Found mount point : C:\windows\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imejp98\imejp98

Found mount point : C:\windows\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imjp8_1\applets\applets

Found mount point : C:\windows\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imkr6_1\applets\applets

Found mount point : C:\windows\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imkr6_1\dicts\dicts

Found mount point : C:\windows\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\shared\res\res

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\8.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000030\8.0.0\8.0.0

Found mount point : C:\windows\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\windows\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\java\classes\classes

Found mount point : C:\windows\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\java\trustlib\trustlib

Found mount point : C:\windows\Microsoft.Net\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Microsoft.Net\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\windows\Microsoft.Net\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Microsoft.Net\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\windows\Microsoft.Net\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Microsoft.Net\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\windows\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\msapps\msinfo\msinfo

Found mount point : C:\windows\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\windows\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\windows\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\windows\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\windows\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-04 04:00:00 743936 C:\windows\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:21 744448 C:\windows\pchealth\helpctr\binaries\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:21 744448 C:\windows\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\windows\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\windows\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\windows\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\windows\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\windows\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\windows\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\Temp\Temp

Found mount point : C:\windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\PIF\PIF

Found mount point : C:\windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Registration\CRMLog\CRMLog

Found mount point : C:\windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\windows\SoftwareDistribution\Download\05c415ef6d072eb49a51ae487bfc11a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\05c415ef6d072eb49a51ae487bfc11a6\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\0f8a5d0d09e527fa35dec9e085d4b802\0f8a5d0d09e527fa35dec9e085d4b802

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\0f8a5d0d09e527fa35dec9e085d4b802\0f8a5d0d09e527fa35dec9e085d4b802

Found mount point : C:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\11e16da0817126b62afaea7136882d9f\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\11e16da0817126b62afaea7136882d9f\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\131ae35a2f5be2cefedd349d083bb253

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\131ae35a2f5be2cefedd349d083bb253

Found mount point : C:\windows\SoftwareDistribution\Download\1eec13b5c1997fc7de00e3422db4b84d\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\1eec13b5c1997fc7de00e3422db4b84d\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\26a7ba71936ef28fcb3bb73b860e289e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\26a7ba71936ef28fcb3bb73b860e289e\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\2a8c07aaf8ec0a2dbcb5ab11c4e40d88\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\2a8c07aaf8ec0a2dbcb5ab11c4e40d88\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\3049c6005e80c7b3312fd80fbee860e4\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\3049c6005e80c7b3312fd80fbee860e4\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\3112269c39ef5d624522fb876634b1d2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\3112269c39ef5d624522fb876634b1d2\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\379c3e87f4016899bd06cdf1184d31ce\379c3e87f4016899bd06cdf1184d31ce

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\379c3e87f4016899bd06cdf1184d31ce\379c3e87f4016899bd06cdf1184d31ce

Found mount point : C:\windows\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\40a830826de015286a7a5523023b1e09

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\40a830826de015286a7a5523023b1e09

Found mount point : C:\windows\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\561c9bea035f5195ab841bef0d7c79b4\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\561c9bea035f5195ab841bef0d7c79b4\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\588786e399909bbe558853aada5a75c8\588786e399909bbe558853aada5a75c8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\588786e399909bbe558853aada5a75c8\588786e399909bbe558853aada5a75c8

Found mount point : C:\windows\SoftwareDistribution\Download\5d1b63b440a48ee590dfaf6f8030dbff\5d1b63b440a48ee590dfaf6f8030dbff

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\5d1b63b440a48ee590dfaf6f8030dbff\5d1b63b440a48ee590dfaf6f8030dbff

Found mount point : C:\windows\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\660425732726e9b33577f4657b36117d\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\660425732726e9b33577f4657b36117d\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\71a994314faa34c74b73fcac7756eea1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\71a994314faa34c74b73fcac7756eea1\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\a4246a739538de4092ff4efee1ce6dd7\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\a4246a739538de4092ff4efee1ce6dd7\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\a8f9af6d7eab2a4aa2140dcdde4eedc2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\a8f9af6d7eab2a4aa2140dcdde4eedc2\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\b79f0480d592be3a8c6db381ffc0c693

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\b79f0480d592be3a8c6db381ffc0c693

Found mount point : C:\windows\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\d130ed3c2e7e410b5d831b3fad9ac078\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\d130ed3c2e7e410b5d831b3fad9ac078\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\d61766d223927760d60364c3824ce500\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\d61766d223927760d60364c3824ce500\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\db28a0b760baa74ad8a6115c5936adf2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\db28a0b760baa74ad8a6115c5936adf2\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\dfb1b328cf19d4352aeb86f82e39c295\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\dfb1b328cf19d4352aeb86f82e39c295\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\ed49db3e3eb4e8cd7de32a9e4fb59630\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\ed49db3e3eb4e8cd7de32a9e4fb59630\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\backup\backup

Found mount point : C:\windows\SoftwareDistribution\Download\fd021e0d3be9e9d32612eef4c870a5b4\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\fd021e0d3be9e9d32612eef4c870a5b4\backup\backup

Found mount point : C:\windows\SQL9_KB948109_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SQL9_KB948109_ENU\hotfixas\files\files

Found mount point : C:\windows\SQL9_KB948109_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SQL9_KB948109_ENU\hotfixdts\files\files

Found mount point : C:\windows\SQL9_KB948109_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SQL9_KB948109_ENU\hotfixns\files\files

Found mount point : C:\windows\SQL9_KB948109_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SQL9_KB948109_ENU\hotfixrs\files\files

Found mount point : C:\windows\SQL9_KB948109_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SQL9_KB948109_ENU\hotfixsql\files\files

Found mount point : C:\windows\SQL9_KB948109_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SQL9_KB948109_ENU\hotfixtools\files\files

Found mount point : C:\windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Sun\Java\Deployment\Deployment

Found mount point : C:\windows\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1025\1025

Found mount point : C:\windows\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1028\1028

Found mount point : C:\windows\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1031\1031

Found mount point : C:\windows\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1037\1037

Found mount point : C:\windows\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1041\1041

Found mount point : C:\windows\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1042\1042

Found mount point : C:\windows\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1054\1054

Found mount point : C:\windows\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\2052\2052

Found mount point : C:\windows\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\3076\3076

Found mount point : C:\windows\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\3com_dmi\3com_dmi

Found mount point : C:\windows\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\windows\system32\appmgmt\S-1-5-21-3892667770-2823211827-607574068-1008\S-1-5-21-3892667770-2823211827-607574068-1008

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\appmgmt\S-1-5-21-3892667770-2823211827-607574068-1008\S-1-5-21-3892667770-2823211827-607574068-1008

Found mount point : C:\windows\system32\Client Security Solution\Client Security Solution

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\Client Security Solution\Client Security Solution

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Identities\{022E8536-330D-4DA9-95FC-F0E540EE6ABB}\{022E8536-330D-4DA9-95FC-F0E540EE6ABB}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Identities\{022E8536-330D-4DA9-95FC-F0E540EE6ABB}\{022E8536-330D-4DA9-95FC-F0E540EE6ABB}

Found mount point : C:\windows\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Lenovo\Client Security Solution\Client Security Solution

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Lenovo\Client Security Solution\Client Security Solution

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Lenovo\TSS\TSS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Lenovo\TSS\TSS

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v2.0.50727.190\v2.0.50727.190

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v2.0.50727.190\v2.0.50727.190

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\windows\system32\config\systemprofile\Bluetooth Software\sync\sync

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Bluetooth Software\sync\sync

Found mount point : C:\windows\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\12.0\12.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\12.0\12.0

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help\Microsoft Help

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help\Microsoft Help

Found mount point : C:\windows\system32\config\systemprofile\My Documents\Access Connections\Access Connections

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\My Documents\Access Connections\Access Connections

Found mount point : C:\windows\system32\config\systemprofile\My Documents\Bluetooth Exchange Folder\Bluetooth Exchange Folder

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\My Documents\Bluetooth Exchange Folder\Bluetooth Exchange Folder

Found mount point : C:\windows\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\windows\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\windows\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\dhcp\dhcp

Found mount point : C:\windows\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\drivers\disdn\disdn

Cannot access: C:\windows\system32\dumprep.exe

Attempting to restore permissions of : C:\windows\system32\dumprep.exe

[1] 2004-08-04 04:00:00 10752 C:\windows\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\windows\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\windows\system32\dumprep.exe (Microsoft Corporation)



Found mount point : C:\windows\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\export\export

Found mount point : C:\windows\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\windows\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\windows\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\windows\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Found mount point : C:\windows\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\mui\dispspec\dispspec

Found mount point : C:\windows\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\windows\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\oobe\html\oemcust\oemcust

Found mount point : C:\windows\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\oobe\html\oemhw\oemhw

Found mount point : C:\windows\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\oobe\sample\sample

Found mount point : C:\windows\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\ShellExt\ShellExt

Found mount point : C:\windows\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\windows\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\wbem\mof\bad\bad

Found mount point : C:\windows\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\wbem\mof\good\good

Found mount point : C:\windows\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\wbem\snmp\snmp

Found mount point : C:\windows\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\wins\wins

Found mount point : C:\windows\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\xircom\xircom

Found mount point : C:\windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Found mount point : C:\windows\Temp\nse124E.tmp\nse124E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\nse124E.tmp\nse124E.tmp

Found mount point : C:\windows\Temp\nsq1106.tmp\nsq1106.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\nsq1106.tmp\nsq1106.tmp

Found mount point : C:\windows\Temp\Patcher1428\Patcher1428

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\Patcher1428\Patcher1428

Found mount point : C:\windows\Temp\Patcher4856\Patcher4856

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\Patcher4856\Patcher4856

Found mount point : C:\windows\Temp\SETUP486A90F71F\SETUP486A90F71F

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\SETUP486A90F71F\SETUP486A90F71F

Found mount point : C:\windows\Temp\SETUP486A90F78C\SETUP486A90F78C

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\SETUP486A90F78C\SETUP486A90F78C

Found mount point : C:\windows\Temp\SETUP486A91001F\SETUP486A91001F

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\SETUP486A91001F\SETUP486A91001F

Found mount point : C:\windows\Temp\{4D36E96D-E325-11CE-BFC1-08002BE10318}0000\{4D36E96D-E325-11CE-BFC1-08002BE10318}0000

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Temp\{4D36E96D-E325-11CE-BFC1-08002BE10318}0000\{4D36E96D-E325-11CE-BFC1-08002BE10318}0000

Found mount point : C:\windows\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\WinSxS\InstallTemp\InstallTemp



Finished!

Blade81
2009-09-08, 19:43
Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds logs (if you're able to run DDS now).

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

mmauk
2009-09-08, 21:32
Hi,

This didn't go quite according to script....

Combofix says Forefront is running. I uninstalled forefront (we're required to have it) and rebooted. Even so, combofix said it was still running. There were no instuctions on how to disable forefront and I was unable to find them on web. So I ran combofix anyway....

It failed to install recovery console, stating that boot sector could not be enumerated (something like that). The instructions said to run it anyway. So here is the combofix log and the two dds logs (dds.txt and attach.txt)

thanks


Combofix log.....



ComboFix 09-09-08.01 - mmauk 09/08/2009 11:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1348 [GMT -7:00]
Running from: c:\documents and settings\mmauk\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *On-access scanning enabled* (Outdated) {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3183474021-1578020915-1903184759-500
c:\windows\AegisP.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-04 10:00 . 2009-09-04 10:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-30 15:29 . 2009-08-30 15:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-17 23:11 . 2009-08-17 23:11 56884 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-17 23:05 . 2009-08-17 23:06 -------- d-----w- c:\program files\Safari
2009-08-17 23:04 . 2009-08-17 23:04 -------- d-----w- c:\program files\iPod
2009-08-17 23:04 . 2009-08-17 23:04 -------- d-----w- c:\program files\iTunes
2009-08-15 04:45 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 11:31 . 2009-08-10 11:31 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-10 11:31 . 2009-08-10 11:31 -------- d-----w- c:\program files\Reference Assemblies
2009-08-10 11:31 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-10 11:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-10 11:31 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-10 11:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-10 11:31 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-10 11:31 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-10 11:31 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-10 11:31 . 2009-08-10 11:31 -------- d-----w- C:\f17fd4eb62eaa7af0cf7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 13:57 . 2008-07-15 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-30 15:33 . 2008-07-01 20:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-30 15:33 . 2008-07-17 10:21 -------- d-----w- c:\program files\Symantec
2009-08-30 15:33 . 2008-07-01 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-30 15:32 . 2008-11-09 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 23:24 . 2008-07-18 17:47 -------- d-----w- c:\documents and settings\mmauk\Application Data\Apple Computer
2009-08-17 23:12 . 2008-07-18 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-17 23:04 . 2008-07-18 17:45 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 23:00 . 2008-07-01 20:39 70088 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-15 11:38 . 2008-07-01 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-10 11:31 . 2008-07-15 17:33 -------- d-----w- c:\program files\MSBuild
2009-08-05 09:01 . 2006-04-30 22:52 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2006-04-30 22:51 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2006-04-30 22:52 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-04-30 22:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-04-30 22:52 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-04-30 22:52 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-04-30 22:52 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-04-30 22:52 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2006-04-30 22:51 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-04-30 22:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2006-04-30 22:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-04-30 22:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-04-30 22:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-04-30 22:52 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-04-30 22:51 76288 ----a-w- c:\windows\system32\telnet.exe
2007-02-21 21:51 . 2008-10-08 13:24 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-02-21 21:51 . 2008-10-08 13:24 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-02-21 21:51 . 2008-10-08 13:24 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-02-21 21:51 . 2008-10-08 13:24 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-02-21 21:51 . 2008-10-08 13:24 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"IBMTBCTL"="c:\program files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE" [2007-06-22 782336]
"TSMResident"="c:\program files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2007-06-22 45056]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"TrackPointSrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2007-04-26 91184]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-11-22 181536]

c:\documents and settings\mmauk\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-9-19 2367488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Alias SketchBook Snapshot.lnk - c:\program files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe [2005-6-3 233472]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-1 50688]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\eudora\EuShlExt.dll" [2006-08-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 21:52 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [10/16/2007 6:33 PM 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 6:32 PM 19504]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [7/1/2008 1:15 PM 4442]
R1 TSMSMI;Lenovo System Interface Driver;c:\windows\system32\drivers\tsmsmi32.sys [7/1/2008 1:17 PM 6656]
R2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [7/1/2008 1:17 PM 73728]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [1/28/2002 1:59 PM 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [1/28/2002 1:59 PM 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [1/28/2002 3:40 PM 670720]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [1/28/2002 3:41 PM 46592]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [1/28/2002 2:02 PM 31232]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [1/28/2002 2:04 PM 111616]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/14/2007 10:10 PM 11152]
R2 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [7/1/2008 1:17 PM 53248]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 1:11 PM 569344]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [5/10/2007 9:34 AM 22832]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 3:59 PM 30336]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [7/1/2008 1:08 PM 14208]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2009-09-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-07-01 16:22]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-NavLogon - (no file)
Notify-psfus - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: weather.gov\radar
DPF: {15DB31A0-65C9-4AEA-95AF-220598BDABC2} - hxxps://management.pna.utexas.edu/idengineswpa/tools/xc_loader_activex.ocx
FF - ProfilePath - c:\documents and settings\mmauk\Application Data\Mozilla\Firefox\Profiles\tg5iq5m9.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 11:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1104)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Completion time: 2009-09-08 11:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 18:25

Pre-Run: 820,105,216 bytes free
Post-Run: 1,013,956,608 bytes free

281 --- E O F --- 2009-09-08 14:31



Attach.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/15/2008 2:27:00 AM
System Uptime: 9/8/2009 11:21:16 AM (0 hours ago)

Motherboard: LENOVO | | 7764CTO
Processor: Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz | None | 1596/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 54 GiB total, 0.976 GiB free.
D: is CDROM ()
E: is CDROM ()
X: is NetworkDisk (NTFS) - 1397 GiB total, 48.813 GiB free.
Y: is NetworkDisk (NTFS) - 1397 GiB total, 193.754 GiB free.
Z: is NetworkDisk (NTFS) - 699 GiB total, 416.104 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4230&SUBSYS_11108086&REV_61\4&29E2C51B&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4230&SUBSYS_11108086&REV_61\4&29E2C51B&0&00E1
Service: NETw4x32

Class GUID:
Description: MoGo_Mouse_BT _
Device ID: PCMCIA\MOGO_MOUSE_BT-_-061F\1
Manufacturer:
Name: MoGo_Mouse_BT _
PNP Device ID: PCMCIA\MOGO_MOUSE_BT-_-061F\1
Service:

==== System Restore Points ===================

RP332: 8/25/2009 2:53:59 PM - System Checkpoint
RP333: 8/26/2009 8:48:18 AM - Software Distribution Service 3.0
RP334: 8/27/2009 9:18:46 AM - System Checkpoint
RP335: 8/30/2009 8:32:43 AM - Removed Symantec AntiVirus
RP336: 8/31/2009 7:40:18 AM - Software Distribution Service 3.0
RP337: 8/31/2009 7:41:02 AM - Software Distribution Service 3.0
RP338: 9/3/2009 7:45:59 AM - System Checkpoint
RP339: 9/3/2009 12:51:26 PM - Software Distribution Service 3.0
RP340: 9/4/2009 3:00:16 AM - Software Distribution Service 3.0
RP341: 9/4/2009 6:44:56 AM - Software Distribution Service 3.0
RP342: 9/5/2009 7:29:04 AM - System Checkpoint
RP343: 9/6/2009 8:29:05 AM - System Checkpoint
RP344: 9/7/2009 9:29:07 AM - System Checkpoint
RP345: 9/8/2009 7:31:17 AM - Software Distribution Service 3.0
RP346: 9/8/2009 10:35:08 AM - Removed Microsoft Forefront Client Security Antimalware Service
RP347: 9/8/2009 10:35:30 AM - Removed Microsoft Forefront Client Security State Assessment Service

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alias SketchBook Pro 2.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Eudora (8.0.0b3)
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Ink Art
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo Register Manager
InterVideo VirtualDrive
InterVideo WinDVD
iTunes
Java(TM) 6 Update 13
LiveUpdate 3.2 (Symantec Corporation)
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Education Pack for Windows XP Tablet PC Edition
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Crossword
Microsoft Ink Desktop
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Snipping Tool 2.0
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack
mMHouse
MobileMe Control Panel
Mozilla Firefox (2.0.0.2)
mPfMgr
mProSafe
MSDN Library - Visual Studio 6.0a
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
NI-DAQ 6.9.2
NI-DAQ Documentation Setup
NI-PAL 1.5.6f0 Engine
NI DAQ Provider for MAX
NI Measurement & Automation Explorer 2.2.0
NI Remote Provider for MAX
NI Software Provider for MAX
On Screen Display
palmOne
PCFriendly
PDF Settings
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Rescue and Recovery
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
System Migration Assistant
System Update
Tablet PC Tutorials for Microsoft Windows XP SP2
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Tablet Button Driver
ThinkPad Tablet Shortcut Menu
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TWC Customer Controls
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb972691)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
XP Themes

==== Event Viewer Messages From Past Week ========

9/8/2009 7:35:55 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/8/2009 11:16:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/8/2009 11:14:40 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/8/2009 10:39:18 AM, error: PlugPlayManager [12] - The device 'MATSHITA DVD/CDRW UJDA775' (IDE\CdRomMATSHITA_DVD/CDRW_UJDA775_______________CB03____\5&1609414&0&0.0.0) disappeared from the system without first being prepared for removal.
9/4/2009 9:42:54 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
9/4/2009 9:40:37 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
9/4/2009 3:19:07 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 15360000 milliseconds: Restart the service.
9/4/2009 3:01:41 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 960000 milliseconds: Restart the service.
9/4/2009 3:00:33 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/4/2009 12:27:04 PM, error: Service Control Manager [7031] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/4/2009 10:00:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm TPHKDRV TPPWRIF TSMAPIP TSMSMI
9/3/2009 7:01:20 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
9/3/2009 7:01:19 AM, error: Service Control Manager [7022] - The SQL Server VSS Writer service hung on starting.
9/3/2009 6:59:55 AM, error: Service Control Manager [7000] - The Microsoft Forefront Client Security State Assessment Service service failed to start due to the following error: The system cannot find the path specified.
9/3/2009 6:59:55 AM, error: Service Control Manager [7000] - The Microsoft Forefront Client Security Antimalware Service service failed to start due to the following error: The system cannot find the path specified.
9/3/2009 6:59:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/3/2009 6:58:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================



DDS.txt






DDS (Ver_09-07-30.01) - NTFSx86
Run by mmauk at 11:26:19.00 on Tue 09/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1366 [GMT -7:00]

AV: Microsoft Forefront Client Security *On-access scanning enabled* (Outdated) {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}

============== Running Processes ===============

C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\windows\system32\wuauclt.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\System32\tabbtnu.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\windows\system32\tp4serv.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\windows\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\windows\explorer.exe
C:\Documents and Settings\mmauk\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TrackPointSrv] tp4serv.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [IBMTBCTL] "c:\program files\thinkpad\tablet shortcut\IBMTBCTL.EXE" /r
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\mmauk\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aliass~1.lnk - c:\program files\alias\alias sketchbook pro 2.0\AliasSketchSnap.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: weather.gov\radar
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {15DB31A0-65C9-4AEA-95AF-220598BDABC2} - hxxps://management.pna.utexas.edu/idengineswpa/tools/xc_loader_activex.ocx
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240801121390&h=6a7a5a6feba0cccc35e18ceff4edc17b/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tpgwlnotify - tpgwlnot.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\eudora\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mmauk\applic~1\mozilla\firefox\profiles\tg5iq5m9.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-7-1 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-7-1 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-7-1 4442]
R1 TSMSMI;Lenovo System Interface Driver;c:\windows\system32\drivers\tsmsmi32.sys [2008-7-1 6656]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2008-7-1 73728]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2002-1-28 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2002-1-28 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2002-1-28 670720]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2002-1-28 46592]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2002-1-28 31232]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2002-1-28 111616]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-14 11152]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2008-7-1 53248]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-5-10 22832]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2008-7-1 14208]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

=============== Created Last 30 ================

2009-09-08 11:14 230,912 a------- c:\windows\PEV.exe
2009-09-08 11:14 161,792 a------- c:\windows\SWREG.exe
2009-09-08 11:14 98,816 a------- c:\windows\sed.exe
2009-08-31 12:48 43,352 a------- C:\Cortex infusions 8_28_09Mike.docx
2009-08-30 08:29 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-17 16:11 56,884 a---h--- c:\windows\system32\mlfcache.dat
2009-08-17 16:04 <DIR> --d----- c:\program files\iPod
2009-08-17 16:04 <DIR> --d----- c:\program files\iTunes
2009-08-14 21:45 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-14 21:45 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-11 02:08 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-10 04:31 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-10 04:31 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-10 04:31 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-10 04:31 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-10 04:31 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-10 04:31 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-10 04:31 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-10 04:31 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-10 04:31 <DIR> --d----- C:\f17fd4eb62eaa7af0cf7

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 10:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 10:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 10:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 10:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 10:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 10:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 10:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 10:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 10:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 10:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 10:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 04:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 01:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 04:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 05:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2008-07-01 13:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-10-13 14:11 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat

============= FINISH: 11:26:36.21 ===============

Blade81
2009-09-08, 23:07
Hi again,

Let's see if we manage without recovery console here..

Update your Adobe Acrobat to 8.1.6 version.


Uninstall vulnerable Flash version(s) by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.



Read the requirements and privacy statement then click on the Accept button.



The program will launch and start to download the latest definition files.



You will be prompted to install an application from Kaspersky. Click Run



Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives



Click on My Computer under Scan.



Once the scan is complete, it will display the results. Click on View Scan Report.



Click on Save Report As....



Change the Files of type to Text file (.txt) before clicking on the Save button.



Save this report to a convenient place.



Copy and paste that information & fresh dds.txt log into your topic. How's the system running?



The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

mmauk
2009-09-10, 01:35
Hi,

I've run the Kaspersky scan and another DDS, all three logs are attached below. The system is running much better, it starts up much faster and does not bog down occasionally like before. The acid test will be the ability to reinstall spybot and antivirus without trouble...

much thanks


Kaspersky log.......


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 9, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 09, 2009 18:07:40
Records in database: 2764172
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 151321
Threats found: 4
Infected objects found: 3
Suspicious objects found: 8
Scan duration: 01:38:42


File name / Threat / Threats count
C:\Documents and Settings\mmauk\Application Data\Thunderbird\Profiles\u8vouf8b.default\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 7
C:\Documents and Settings\mmauk\Application Data\Thunderbird\Profiles\u8vouf8b.default\Mail\Local Folders\Trash Infected: Trojan-Spy.HTML.Citifraud.ai 1
C:\Eudora\Out.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Eudora\Trash.mbx Infected: Email-Worm.Win32.Sircam.c 1
C:\System Volume Information\_restore{31B8BED5-9D7F-4557-ABBD-A1EED92B436E}\RP334\A0080079.exe Infected: Trojan.Win32.FraudPack.riw 1

Selected area has been scanned.



DDS.txt



DDS (Ver_09-07-30.01) - NTFSx86
Run by mmauk at 15:30:43.85 on Wed 09/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1342 [GMT -7:00]

AV: Microsoft Forefront Client Security *On-access scanning enabled* (Outdated) {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}

============== Running Processes ===============

C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\wscntfy.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\tabbtnu.exe
C:\windows\Explorer.EXE
C:\windows\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\windows\system32\tp4serv.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\windows\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\msiexec.exe
C:\Documents and Settings\mmauk\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TrackPointSrv] tp4serv.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [IBMTBCTL] "c:\program files\thinkpad\tablet shortcut\IBMTBCTL.EXE" /r
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\mmauk\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aliass~1.lnk - c:\program files\alias\alias sketchbook pro 2.0\AliasSketchSnap.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: weather.gov\radar
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {15DB31A0-65C9-4AEA-95AF-220598BDABC2} - hxxps://management.pna.utexas.edu/idengineswpa/tools/xc_loader_activex.ocx
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tpgwlnotify - tpgwlnot.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\eudora\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mmauk\applic~1\mozilla\firefox\profiles\tg5iq5m9.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-7-1 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-7-1 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-7-1 4442]
R1 TSMSMI;Lenovo System Interface Driver;c:\windows\system32\drivers\tsmsmi32.sys [2008-7-1 6656]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2008-7-1 73728]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2002-1-28 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2002-1-28 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2002-1-28 670720]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2002-1-28 46592]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2002-1-28 31232]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2002-1-28 111616]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-14 11152]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2008-7-1 53248]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-5-10 22832]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2008-7-1 14208]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

=============== Created Last 30 ================

2009-09-08 15:15 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-08 11:14 230,912 a------- c:\windows\PEV.exe
2009-09-08 11:14 161,792 a------- c:\windows\SWREG.exe
2009-09-08 11:14 98,816 a------- c:\windows\sed.exe
2009-08-31 12:48 43,352 a------- C:\Cortex infusions 8_28_09Mike.docx
2009-08-30 08:29 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-17 16:11 56,884 a---h--- c:\windows\system32\mlfcache.dat
2009-08-17 16:04 <DIR> --d----- c:\program files\iPod
2009-08-17 16:04 <DIR> --d----- c:\program files\iTunes
2009-08-14 21:45 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-14 21:45 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-11 02:08 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

==================== Find3M ====================

2009-09-08 15:15 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 10:09 915,456 -------- c:\windows\system32\wininet.dll
2009-07-03 10:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 10:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 10:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 10:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 10:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 10:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 10:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 10:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 10:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 10:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 04:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 01:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 04:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 05:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2008-07-01 13:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-10-13 14:11 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat

============= FINISH: 15:31:01.57 ===============




Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/15/2008 2:27:00 AM
System Uptime: 9/8/2009 2:00:23 PM (25 hours ago)

Motherboard: LENOVO | | 7764CTO
Processor: Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz | None | 1580/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 54 GiB total, 0.735 GiB free.
D: is CDROM ()
E: is CDROM ()
Z: is NetworkDisk (NTFS) - 699 GiB total, 415.957 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4230&SUBSYS_11108086&REV_61\4&29E2C51B&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4230&SUBSYS_11108086&REV_61\4&29E2C51B&0&00E1
Service: NETw4x32

Class GUID:
Description: MoGo_Mouse_BT _
Device ID: PCMCIA\MOGO_MOUSE_BT-_-061F\1
Manufacturer:
Name: MoGo_Mouse_BT _
PNP Device ID: PCMCIA\MOGO_MOUSE_BT-_-061F\1
Service:

==== System Restore Points ===================

RP332: 8/25/2009 2:53:59 PM - System Checkpoint
RP333: 8/26/2009 8:48:18 AM - Software Distribution Service 3.0
RP334: 8/27/2009 9:18:46 AM - System Checkpoint
RP335: 8/30/2009 8:32:43 AM - Removed Symantec AntiVirus
RP336: 8/31/2009 7:40:18 AM - Software Distribution Service 3.0
RP337: 8/31/2009 7:41:02 AM - Software Distribution Service 3.0
RP338: 9/3/2009 7:45:59 AM - System Checkpoint
RP339: 9/3/2009 12:51:26 PM - Software Distribution Service 3.0
RP340: 9/4/2009 3:00:16 AM - Software Distribution Service 3.0
RP341: 9/4/2009 6:44:56 AM - Software Distribution Service 3.0
RP342: 9/5/2009 7:29:04 AM - System Checkpoint
RP343: 9/6/2009 8:29:05 AM - System Checkpoint
RP344: 9/7/2009 9:29:07 AM - System Checkpoint
RP345: 9/8/2009 7:31:17 AM - Software Distribution Service 3.0
RP346: 9/8/2009 10:35:08 AM - Removed Microsoft Forefront Client Security Antimalware Service
RP347: 9/8/2009 10:35:30 AM - Removed Microsoft Forefront Client Security State Assessment Service
RP348: 9/8/2009 1:58:21 PM - Removed Java(TM) 6 Update 13
RP349: 9/8/2009 3:15:18 PM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alias SketchBook Pro 2.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Eudora (8.0.0b3)
Google Toolbar for Internet Explorer
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Ink Art
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo Register Manager
InterVideo VirtualDrive
InterVideo WinDVD
iTunes
Java(TM) 6 Update 16
LiveUpdate 3.2 (Symantec Corporation)
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Education Pack for Windows XP Tablet PC Edition
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Crossword
Microsoft Ink Desktop
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Snipping Tool 2.0
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack
mMHouse
MobileMe Control Panel
Mozilla Firefox (2.0.0.2)
mPfMgr
mProSafe
MSDN Library - Visual Studio 6.0a
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
NI-DAQ 6.9.2
NI-DAQ Documentation Setup
NI-PAL 1.5.6f0 Engine
NI DAQ Provider for MAX
NI Measurement & Automation Explorer 2.2.0
NI Remote Provider for MAX
NI Software Provider for MAX
On Screen Display
palmOne
PCFriendly
PDF Settings
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Rescue and Recovery
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
System Migration Assistant
System Update
Tablet PC Tutorials for Microsoft Windows XP SP2
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Tablet Button Driver
ThinkPad Tablet Shortcut Menu
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TWC Customer Controls
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb972691)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
XP Themes

==== Event Viewer Messages From Past Week ========

9/8/2009 7:35:55 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/8/2009 11:16:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/8/2009 11:14:40 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/8/2009 10:39:18 AM, error: PlugPlayManager [12] - The device 'MATSHITA DVD/CDRW UJDA775' (IDE\CdRomMATSHITA_DVD/CDRW_UJDA775_______________CB03____\5&1609414&0&0.0.0) disappeared from the system without first being prepared for removal.
9/4/2009 9:42:54 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
9/4/2009 9:41:24 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
9/4/2009 3:19:07 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 15360000 milliseconds: Restart the service.
9/4/2009 3:01:41 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 960000 milliseconds: Restart the service.
9/4/2009 3:00:33 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/4/2009 12:27:04 PM, error: Service Control Manager [7031] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/4/2009 10:00:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm TPHKDRV TPPWRIF TSMAPIP TSMSMI
9/3/2009 7:01:20 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
9/3/2009 7:01:19 AM, error: Service Control Manager [7022] - The SQL Server VSS Writer service hung on starting.
9/3/2009 6:59:55 AM, error: Service Control Manager [7000] - The Microsoft Forefront Client Security State Assessment Service service failed to start due to the following error: The system cannot find the path specified.
9/3/2009 6:59:55 AM, error: Service Control Manager [7000] - The Microsoft Forefront Client Security Antimalware Service service failed to start due to the following error: The system cannot find the path specified.
9/3/2009 6:59:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/3/2009 6:58:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================

Blade81
2009-09-10, 17:30
Hi,

Check your email messages and delete suspicious ones.


Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis




Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /u in the runbox and click OK


Next we remove all used tools.

Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

mmauk
2009-09-10, 18:21
Blade,

Everything back to normal, followed all securty/update steps.... Thanks a million!

FOr what it's worth, I've been meaning to donate to spybot for years, this incidenct finally got me going..... thanks to you and spybot!

mike

Blade81
2009-09-10, 18:33
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.