Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tmpfw.exe application error/crashes computer


  • This topic is locked This topic is locked
5 replies to this topic

#1 paco2244

paco2244

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 24 January 2010 - 10:34 PM

My dad has a work computer that he doesn't have full access too, but we use a sign on for our home computer and i started downloading stuff like games and it crashes 2-3 months later. It crashes after 10 minutes or so, but much quicker when I'm playing a video with sound or pretty much anything with sound.

When rebooted. it says "Microsoft Visual C++ Runtime Library" Then Runtime error! Program C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe. Then "This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information."

It says tmpfw.exe application error. The exception unknown sofware exception (0xe06d7363) occurred in the application at location 0x7c812afb.

The TmPfw.exe thing in task manager shows it under SYSTEM user name and not our sign in murrayk. Everytime I try to end it, it pops up again at the bottom.


I was reading another topic and an admin asked this person for some information about his computer through some scan, and I did it and have it pasted below.


OTL logfile created on: 1/23/2010 6:11:50 PM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\murrayk\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 56.44 Gb Free Space | 75.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWS-1K577J1-N1
Current User Name: murrayk
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\murrayk\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\Temp\MV3FCF.EXE (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\drivers\audio\R201108\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe ()
PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\DWRCST.EXE (DameWare Development)
PRC - C:\WINDOWS\system32\DWRCS.EXE (DameWare Development LLC)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\murrayk\My Documents\Downloads\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (tmlisten) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (STacSV) -- c:\drivers\audio\R201108\stacsv.exe (IDT, Inc.)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)
SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)
SRV - (DWMRCS) -- C:\WINDOWS\System32\DWRCS.EXE (DameWare Development LLC)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (Wuser32) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (GarenaPEngine) -- C:\Documents and Settings\murrayk\Local Settings\Temp\GTRF2.tmp ()
DRV - (TmFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (CCIDFILTER) -- C:\WINDOWS\system32\drivers\ccidflt.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (kbstuff) -- C:\WINDOWS\system32\drivers\kbstuff5.sys (Microsoft Corporation)
DRV - (idisw2km) -- C:\WINDOWS\system32\drivers\idisw2km.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cityweb.ci.austin.tx.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cityweb.ci.austin.tx.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/15 15:31:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 08:47:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/05 20:48:58 | 00,000,000 | ---D | M]

[2009/11/08 00:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\murrayk\Application Data\Mozilla\Extensions
[2009/11/08 00:06:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\murrayk\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/13 22:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\murrayk\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/23 16:45:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\murrayk\Application Data\Mozilla\Firefox\Profiles\vcevyvts.default\extensions
[2009/12/16 13:02:28 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\murrayk\Application Data\Mozilla\Firefox\Profiles\vcevyvts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/16 13:01:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/05 20:48:58 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/05 20:48:54 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/05 20:48:54 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/01/05 20:48:54 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/12/07 17:59:48 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/07 17:59:48 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/07 17:59:48 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/07 17:59:48 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/07 17:59:48 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/07 17:59:48 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/07 17:59:48 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/12/02 01:38:29 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/02 01:38:29 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/02 01:38:29 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/02 01:38:29 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/02 01:38:29 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/02 01:38:29 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/02 01:38:29 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/04/14 06:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BIOSEvent] C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe ()
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [CLIVFR] C:\Program Files\Dell\Latitude ON Reader Data\CLIVFR.exe (CyberLink)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\RunOnce: [UniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\mappier.bat ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = WARNING! WARNING! WARNING! WARNING!
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = This system is for the use of authorized users only. Unauthorized or improper use of this system may result in administrative disciplinary action and/or civil and criminal penalties. All users will have their activities on this system monitored and recorded by system personnel. By clicking the OK button you are indicating your acceptance of the terms and conditions of COA Acceptable Use Policy. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1257674127453 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coacd.org
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/23 18:02:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\murrayk\Application Data\Uniblue
[2010/01/23 16:11:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\murrayk\log
[2010/01/22 15:38:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/01/22 15:38:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/22 15:38:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/01/22 15:37:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/01/22 15:37:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/01/14 10:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/01/08 09:07:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\murrayk\My Documents\IRA-6313_files
[2009/12/31 00:17:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\murrayk\Desktop\ASC PICA
[2009/02/14 07:21:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2009/02/14 07:21:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/02/14 07:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[2008/04/25 15:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/25 15:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/25 15:29:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/25 15:29:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/23 18:04:33 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\murrayk\NTUSER.DAT
[2010/01/23 17:57:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\murrayk\Local Settings\Application Data\WavXMapDrive.bat
[2010/01/23 17:56:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/23 17:55:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/23 17:55:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 17:55:38 | 20,802,68288 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/23 17:54:48 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\murrayk\ntuser.ini
[2010/01/23 17:54:43 | 03,742,442 | -H-- | M] () -- C:\Documents and Settings\murrayk\Local Settings\Application Data\IconCache.db
[2010/01/23 15:29:53 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\murrayk\My Documents\Alma Bank Summary.xls
[2010/01/23 13:35:41 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\murrayk\Desktop\Microsoft Office Excel 2003 (2).lnk
[2010/01/22 19:30:12 | 00,530,556 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 19:30:12 | 00,447,660 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 19:30:12 | 00,073,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 19:25:43 | 00,000,456 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/01/22 15:37:54 | 00,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/22 15:28:10 | 04,096,054 | ---- | M] () -- C:\WINDOWS\BGInfo.bmp
[2010/01/22 10:02:38 | 00,016,780 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/01/21 14:56:34 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 21:25:58 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/20 05:11:38 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\murrayk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 23:05:45 | 00,000,088 | ---- | M] () -- C:\Documents and Settings\murrayk\Desktop\FaceBook.url
[2010/01/18 16:46:14 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\murrayk\Desktop\Microsoft Office Word 2003 (2).lnk
[2010/01/14 10:21:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/09 05:31:39 | 00,050,904 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/08 09:07:19 | 00,049,598 | ---- | M] () -- C:\Documents and Settings\murrayk\My Documents\IRA-6313.htm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/23 13:36:24 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\murrayk\My Documents\Alma Bank Summary.xls
[2010/01/19 23:04:57 | 00,000,088 | ---- | C] () -- C:\Documents and Settings\murrayk\Desktop\FaceBook.url
[2010/01/09 05:31:39 | 00,050,904 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/08 09:07:12 | 00,049,598 | ---- | C] () -- C:\Documents and Settings\murrayk\My Documents\IRA-6313.htm
[2009/12/09 09:33:12 | 00,000,633 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2009/11/07 22:01:50 | 00,000,045 | ---- | C] () -- C:\WINDOWS\INSTALL.INI
[2009/04/22 21:51:57 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\murrayk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/03 14:06:44 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\murrayk\Local Settings\Application Data\setup.txt
[2009/04/03 14:06:44 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\murrayk\Local Settings\Application Data\WavXMapDrive.bat
[2009/03/20 09:33:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/20 08:28:30 | 00,016,780 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/02/14 08:47:22 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll
[2009/02/14 08:45:47 | 00,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/02/14 07:39:49 | 00,000,456 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/14 07:27:36 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/14 07:14:06 | 00,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009/02/14 07:11:44 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/07/28 18:03:06 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/06/13 11:18:56 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/06/13 11:18:56 | 00,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/06/13 11:18:54 | 00,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/06/13 11:18:54 | 00,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/06/13 11:18:52 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/06/13 11:18:52 | 00,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/06/13 11:18:52 | 00,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/06/13 11:18:50 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/06/13 11:18:50 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/06/13 11:18:48 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/06/13 11:18:48 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/06/13 11:18:46 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/06/13 11:18:44 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/06/13 11:18:44 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/06/13 11:18:42 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/06/13 11:16:16 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/05/30 09:38:24 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/05/30 09:38:14 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/05/30 09:37:52 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/05/30 09:37:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/05/30 09:37:22 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/05/30 09:37:20 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/05/30 09:37:18 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/05/30 09:37:16 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/05/30 09:37:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/05/30 09:37:12 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/05/30 09:37:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/05/30 09:37:10 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/05/30 09:37:08 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/05/30 09:37:06 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/05/30 09:37:04 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/05/14 17:40:30 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/04/25 15:26:32 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/03/18 13:02:52 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/25 12:04:48 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/04/19 05:52:16 | 00,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 05:28:10 | 00,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2006/08/14 11:02:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/30 12:58:44 | 00,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 08:01:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 12:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/02/14 07:26:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/02/14 07:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/17 21:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/02/14 07:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/12/16 13:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/12/07 18:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/02 22:14:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\murrayk\Application Data\LimeWire
[2009/12/16 12:56:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\murrayk\Application Data\Smith Micro
[2010/01/23 18:02:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\murrayk\Application Data\Uniblue
[2009/02/14 07:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\murrayk\Application Data\Wave Systems Corp
[2009/12/19 09:28:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\murrayk\Application Data\Windows Live Writer

========== Purity Check ==========


< End of report >




Thank you for any help.

Edited by paco2244, 25 January 2010 - 01:22 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 AM

Posted 31 January 2010 - 03:41 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 paco2244

paco2244
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 03 February 2010 - 08:47 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-03 19:46:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\murrayk\LOCALS~1\Temp\axdyraow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D028F5
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D02781
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[148] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D02873
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D027B9
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[148] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D027F1
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[160] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 076328F5
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[160] WS2_32.dll!send 71AB4C27 5 Bytes JMP 07632781
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[160] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 07632873
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[160] WS2_32.dll!recv 71AB676F 5 Bytes JMP 076327B9
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[160] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 076327F1
.text c:\drivers\audio\r201108\stacsv.exe[620] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011328F5
.text c:\drivers\audio\r201108\stacsv.exe[620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01132781
.text c:\drivers\audio\r201108\stacsv.exe[620] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01132873
.text c:\drivers\audio\r201108\stacsv.exe[620] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011327B9
.text c:\drivers\audio\r201108\stacsv.exe[620] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011327F1
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[1100] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 039728F5
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[1100] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03972781
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[1100] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03972873
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[1100] WS2_32.dll!recv 71AB676F 5 Bytes JMP 039727B9
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[1100] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 039727F1
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\smmanager.exe[1116] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 026928F5
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\smmanager.exe[1116] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02692781
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\smmanager.exe[1116] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02692873
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\smmanager.exe[1116] WS2_32.dll!recv 71AB676F 5 Bytes JMP 026927B9
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\smmanager.exe[1116] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 026927F1
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1512] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C928F5
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1512] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C92781
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1512] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C92873
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1512] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C927B9
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[1512] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C927F1
.text C:\WINDOWS\SYSTEM32\DWRCS.EXE[1916] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E728F5
.text C:\WINDOWS\SYSTEM32\DWRCS.EXE[1916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E72781
.text C:\WINDOWS\SYSTEM32\DWRCS.EXE[1916] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E72873
.text C:\WINDOWS\SYSTEM32\DWRCS.EXE[1916] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E727B9
.text C:\WINDOWS\SYSTEM32\DWRCS.EXE[1916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E727F1
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1928] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 032828F5
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1928] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03282781
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1928] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03282873
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1928] WS2_32.dll!recv 71AB676F 5 Bytes JMP 032827B9
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1928] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 032827F1
.text C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[1956] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 048B28F5
.text C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[1956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 048B2781
.text C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[1956] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 048B2873
.text C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[1956] WS2_32.dll!recv 71AB676F 5 Bytes JMP 048B27B9
.text C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe[1956] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 048B27F1
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E628F5
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E62781
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E62873
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E627B9
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E627F1
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2072] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02EC28F5
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2072] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02EC2781
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2072] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02EC2873
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2072] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02EC27B9
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2072] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02EC27F1
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E728F5
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E72781
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E72873
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E727B9
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E727F1
.text C:\Program Files\Intel\AMT\LMS.exe[2240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 018228F5
.text C:\Program Files\Intel\AMT\LMS.exe[2240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01822781
.text C:\Program Files\Intel\AMT\LMS.exe[2240] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01822873
.text C:\Program Files\Intel\AMT\LMS.exe[2240] WS2_32.dll!recv 71AB676F 5 Bytes JMP 018227B9
.text C:\Program Files\Intel\AMT\LMS.exe[2240] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 018227F1
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2256] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 028E28F5
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2256] WS2_32.dll!send 71AB4C27 5 Bytes JMP 028E2781
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2256] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 028E2873
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2256] WS2_32.dll!recv 71AB676F 5 Bytes JMP 028E27B9
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2256] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 028E27F1
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2272] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009328F5
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00932781
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2272] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00932873
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2272] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009327B9
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2272] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009327F1
.text C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe[2320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010C28F5
.text C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe[2320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010C2781
.text C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe[2320] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010C2873
.text C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe[2320] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010C27B9
.text C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe[2320] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010C27F1
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2380] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01AC28F5
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2380] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01AC2781
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2380] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01AC2873
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2380] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01AC27B9
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2380] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01AC27F1
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2440] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E728F5
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2440] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E72781
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2440] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E72873
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2440] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E727B9
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2440] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E727F1
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2476] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CD28F5
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2476] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CD2781
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2476] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CD2873
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2476] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CD27B9
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2476] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CD27F1
.text C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe[2556] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F528F5
.text C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe[2556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F52781
.text C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe[2556] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F52873
.text C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe[2556] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F527B9
.text C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe[2556] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F527F1
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\dell.ucm.exe[2624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03F028F5
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\dell.ucm.exe[2624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03F02781
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\dell.ucm.exe[2624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03F02873
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\dell.ucm.exe[2624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03F027B9
.text C:\Program Files\Dell\Dell ControlPoint\Connection Manager\dell.ucm.exe[2624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03F027F1
.text C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe[2700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02CC28F5
.text C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe[2700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02CC2781
.text C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe[2700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02CC2873
.text C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe[2700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02CC27B9
.text C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe[2700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02CC27F1
.text C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe[2928] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010E28F5
.text C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe[2928] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010E2781
.text C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe[2928] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010E2873
.text C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe[2928] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010E27B9
.text C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe[2928] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010E27F1
.text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\uns.exe[2956] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011728F5
.text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\uns.exe[2956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01172781
.text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\uns.exe[2956] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01172873
.text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\uns.exe[2956] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011727B9
.text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\uns.exe[2956] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011727F1
.text C:\WINDOWS\SYSTEM32\dwrcst.exe[3096] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FB28F5
.text C:\WINDOWS\SYSTEM32\dwrcst.exe[3096] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FB2781
.text C:\WINDOWS\SYSTEM32\dwrcst.exe[3096] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FB2873
.text C:\WINDOWS\SYSTEM32\dwrcst.exe[3096] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FB27B9
.text C:\WINDOWS\SYSTEM32\dwrcst.exe[3096] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FB27F1
.text C:\WINDOWS\Explorer.EXE[3184] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03B728F5
.text C:\WINDOWS\Explorer.EXE[3184] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03B72781
.text C:\WINDOWS\Explorer.EXE[3184] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03B72873
.text C:\WINDOWS\Explorer.EXE[3184] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03B727B9
.text C:\WINDOWS\Explorer.EXE[3184] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03B727F1
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3268] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 071E28F5
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 071E2781
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3268] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 071E2873
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3268] WS2_32.dll!recv 71AB676F 5 Bytes JMP 071E27B9
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3268] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 071E27F1
.text C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\wuser32.exe[3304] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016628F5
.text C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\wuser32.exe[3304] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01662781
.text C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\wuser32.exe[3304] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01662873
.text C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\wuser32.exe[3304] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016627B9
.text C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\wuser32.exe[3304] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016627F1
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3356] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009728F5
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3356] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00972781
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3356] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00972873
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3356] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009727B9
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3356] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009727F1
.text C:\Program Files\iTunes\ituneshelper.exe[4724] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016828F5
.text C:\Program Files\iTunes\ituneshelper.exe[4724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01682781
.text C:\Program Files\iTunes\ituneshelper.exe[4724] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01682873
.text C:\Program Files\iTunes\ituneshelper.exe[4724] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016827B9
.text C:\Program Files\iTunes\ituneshelper.exe[4724] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016827F1
.text C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe[4756] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EF28F5
.text C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe[4756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EF2781
.text C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe[4756] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EF2873
.text C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe[4756] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EF27B9
.text C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe[4756] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EF27F1
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4872] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012C28F5
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4872] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012C2781
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4872] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012C2873
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4872] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012C27B9
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[4872] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012C27F1
.text C:\Program Files\Messenger\msmsgs.exe[5028] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F228F5
.text C:\Program Files\Messenger\msmsgs.exe[5028] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F22781
.text C:\Program Files\Messenger\msmsgs.exe[5028] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F22873
.text C:\Program Files\Messenger\msmsgs.exe[5028] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F227B9
.text C:\Program Files\Messenger\msmsgs.exe[5028] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F227F1
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[5976] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016B28F5
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[5976] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016B2781
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[5976] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 016B2873
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[5976] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016B27B9
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[5976] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016B27F1
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] USER32.dll!SetScrollInfo 7E419056 5 Bytes JMP 00688BF0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] USER32.dll!GetScrollInfo 7E42DFE2 5 Bytes JMP 00688B40 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00688CC0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00688B80 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00688C30 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 00688BB0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00688C70 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] USER32.dll!EnableScrollBar 7E468005 5 Bytes JMP 00688B00 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 029228F5
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02922781
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02922873
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] WS2_32.dll!recv 71AB676F 5 Bytes JMP 029227B9
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[6080] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 029227F1

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\iaStor \Device\Ide\iaStor0 89CE46C8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 89CE46C8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 89CE46C8

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat 9A5ABD20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR

---- EOF - GMER 1.0.15 ----

Here it is. Thank you for the help sir.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 AM

Posted 04 February 2010 - 07:00 PM

Nothing there.

We're back to the tmpfw.exe error. First, this is a legitimate file from TrendMicro's firewall so unless you do not have the firewall (though it looks like you do) you are looking at a straight reinstall of the software to see if that solves the issue.


Posted Image
m0le is a proud member of UNITE

#5 paco2244

paco2244
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 07 February 2010 - 11:15 PM

Thank you Mole for all your help smile.gif.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:29 AM

Posted 13 February 2010 - 08:34 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users