Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe using 800,000kb memory! Help!!!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Rounsley

Rounsley

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 12 May 2010 - 10:04 PM

My laptop is going crazy! Scratch that, I am.

After doing a recovery a few weeks ago, I've noticed that explorer.exe is using so much memory that it renders my laptop almost useless. Looking at it right now, it's using almost 800,000kb of memory usage! I'm no computer expert, but even I know that way too f'ing much!

I've copied and pasted the report from "hijackthis" so you experts can see what I'm working with. Outside of telling you that it's a Gateway Laptop, XP Media Center, SP3, AMD Athlon 64 Processor 4000+ 2.59 GHz, 1GB Ram, 89GB Hard drive (65GB free), pasting the hijack this report and letting you know that I've run a comprehensive Norton360 scan, I'm not sure what else you'll need to help me.

-----
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunKist] "C:\Program Files\Digital Media Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Documents and Settings\Owner.Mary\Application Data\Adobe\Update\flacor.dat""
O4 - Global Startup: Windows Search.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7178 bytes
--
Are there any processes I can stop from running, permanently?

Do I have a virus?
Is there a registry problem?
Should I pour gas on it and strike a match?

Thanks for taking the time to help, I appreciate it...DJ

EDIT: Moved from XP to more appropriate Malware Removal Logs forum ~ Hamluis.

Edited by hamluis, 13 May 2010 - 03:22 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 13 May 2010 - 11:11 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Rounsley

Rounsley
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 May 2010 - 03:36 PM

Hi Elise,

Thanks for the reply...Here is what I have based on your instructions:

OTL.TXT report:

OTL logfile created on: 5/13/2010 2:11:53 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Owner.Mary\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.81 Gb Total Space | 65.00 Gb Free Space | 73.19% Space Free | Partition Type: NTFS
Drive D: | 4.33 Gb Total Space | 1.27 Gb Free Space | 29.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/13 14:06:15 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Mary\Desktop\OTL.exe
PRC - [2010/05/12 17:12:01 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/04/07 19:27:26 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/23 00:55:09 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/05/26 19:57:24 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwicon2k.exe


========== Modules (SafeList) ==========

MOD - [2010/05/13 14:06:15 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Mary\Desktop\OTL.exe
MOD - [2010/05/12 17:11:48 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\asOEHook.dll
MOD - [2010/04/21 19:01:17 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Owner.Mary\Local Settings\Temp\23631764.nls
MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/04/13 19:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapi32.dll
MOD - [2008/04/13 19:12:05 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll
MOD - [2008/04/13 19:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/13 19:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasapi32.dll
MOD - [2008/04/13 19:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasman.dll
MOD - [2008/04/13 19:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 19:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptdll.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 12:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2004/11/05 09:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/12 17:12:01 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/06/23 00:55:09 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 17:12:17 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/12 17:12:05 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/05/12 17:12:05 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/05/12 17:12:05 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/12 17:12:05 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/05/12 17:12:05 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/05/12 17:12:05 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/12 17:12:05 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/05/12 17:12:05 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/05/12 17:12:05 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/05/12 17:12:04 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/05/12 17:12:04 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/12 04:28:04 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100513.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/12 04:28:04 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/12 04:28:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/12 04:28:04 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100513.002\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/28 17:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/06/06 17:47:06 | 000,352,000 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/06/06 17:46:16 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/04/15 00:14:58 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 12:09:18 | 000,870,912 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2005/02/12 00:46:00 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/15 17:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 17:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 17:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/11/05 09:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/11 18:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/10 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/24 12:16:44 | 000,029,856 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMCfilt.sys -- (EMCFILT)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3850048648-645474148-1690031009-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-3850048648-645474148-1690031009-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3850048648-645474148-1690031009-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3850048648-645474148-1690031009-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/02 09:30:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 17:05:45 | 000,000,000 | ---D | M]

[2010/02/25 15:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Mary\Application Data\Mozilla\Extensions
[2010/02/25 15:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Mary\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/12 20:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.Mary\Application Data\Mozilla\Firefox\Profiles\gw9qrlvp.default\extensions
[2009/08/31 21:08:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.Mary\Application Data\Mozilla\Firefox\Profiles\gw9qrlvp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/17 16:56:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner.Mary\Application Data\Mozilla\Firefox\Profiles\gw9qrlvp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/13 13:58:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/03 00:58:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/17 17:05:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3850048648-645474148-1690031009-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3850048648-645474148-1690031009-1006..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3850048648-645474148-1690031009-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Mary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Mary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010/05/13 14:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/05/13 14:06:09 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Mary\Desktop\OTL.exe
[2010/05/12 22:29:24 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symtdi.sys
[2010/05/12 22:29:23 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.sys
[2010/05/12 22:29:23 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.sys
[2010/05/12 22:29:23 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symfw.sys
[2010/05/12 22:29:23 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndisv.sys
[2010/05/12 22:29:23 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.sys
[2010/05/12 22:29:23 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndis.sys
[2010/05/12 22:29:23 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symids.sys
[2010/05/12 22:29:22 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\cchpx86.sys
[2010/05/12 22:29:22 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.sys
[2010/05/12 22:25:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0308000.029
[2010/05/12 21:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/12 19:59:13 | 000,000,000 | ---D | C] -- C:\435e9789c35987ddc8210154
[2010/05/12 17:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Mary\My Documents\Symantec
[2010/05/12 17:12:39 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/05/12 17:12:22 | 000,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/05/12 17:12:17 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/12 17:12:17 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/12 17:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/12 17:11:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/05/12 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/05/12 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010/05/12 17:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/12 17:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/12 17:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/18 13:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Mary\My Documents\scan
[2010/04/17 17:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/17 17:05:45 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/17 17:05:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/17 17:05:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/17 17:05:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/27 10:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Mary\Application Data\Helper
[2010/03/16 19:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Mary\Application Data\Hewlett-Packard
[2010/03/16 18:50:17 | 000,000,000 | ---D | C] -- C:\temp
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2010/05/13 14:10:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner.Mary\Desktop\0zlnkdyi.exe
[2010/05/13 14:06:15 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Mary\Desktop\OTL.exe
[2010/05/13 14:03:33 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/13 14:03:33 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/13 14:03:33 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/13 13:58:21 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2010/05/13 13:58:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/13 13:58:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/13 13:57:54 | 1071,824,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/13 00:51:03 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Owner.Mary\NTUSER.DAT
[2010/05/13 00:51:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.Mary\ntuser.ini
[2010/05/12 23:10:47 | 000,609,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/05/12 23:10:17 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/12 22:25:25 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/05/12 20:18:23 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/12 20:12:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/12 17:12:17 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/12 17:12:17 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/12 17:12:17 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/12 17:12:17 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/12 17:12:05 | 000,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.sys
[2010/05/12 17:12:05 | 000,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.sys
[2010/05/12 17:12:05 | 000,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symtdi.sys
[2010/05/12 17:12:05 | 000,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symfw.sys
[2010/05/12 17:12:05 | 000,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndisv.sys
[2010/05/12 17:12:05 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.sys
[2010/05/12 17:12:05 | 000,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/05/12 17:12:05 | 000,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndis.sys
[2010/05/12 17:12:05 | 000,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symids.sys
[2010/05/12 17:12:04 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\cchpx86.sys
[2010/05/12 17:12:04 | 000,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.sys
[2010/05/12 17:11:53 | 000,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/05/12 17:11:43 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/05/12 17:11:43 | 000,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/05/12 17:11:43 | 000,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.inf
[2010/05/12 17:11:43 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.inf
[2010/05/12 17:11:43 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.inf
[2010/05/12 17:11:42 | 000,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/05/12 17:11:42 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/05/12 17:11:32 | 000,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\symnetv.cat
[2010/05/12 17:11:32 | 000,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.cat
[2010/05/12 17:11:32 | 000,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/05/12 17:11:32 | 000,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.cat
[2010/05/12 17:11:32 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.cat
[2010/05/12 17:11:32 | 000,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/05/12 17:11:32 | 000,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/05/12 17:06:23 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/02 09:57:00 | 000,000,093 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010/04/21 19:56:40 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Owner.Mary\My Documents\Free Dogs poster.doc
[2010/04/21 19:50:27 | 000,044,110 | ---- | M] () -- C:\Documents and Settings\Owner.Mary\My Documents\collage.JPG
[2010/04/21 19:01:20 | 000,107,058 | ---- | M] () -- C:\WINDOWS\msacm32.drv
[2010/04/21 18:56:44 | 000,672,053 | ---- | M] () -- C:\Documents and Settings\Owner.Mary\My Documents\happy stemmons.JPG
[2010/04/18 13:52:13 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Pix1111.dat
[2010/04/18 13:52:13 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Pix11.dat
[2010/04/17 19:21:03 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1268785209.job
[2010/04/15 18:18:06 | 000,000,036 | ---- | M] () -- C:\WINDOWS\rasqervy.dll
[2010/04/15 18:18:05 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/07 21:51:38 | 003,473,408 | ---- | M] () -- C:\Documents and Settings\Owner.Mary\My Documents\My Money.mny
[2010/04/07 21:51:29 | 003,458,246 | R--- | M] () -- C:\Documents and Settings\Owner.Mary\My Documents\My Money Backup.mbf
[2010/04/07 19:06:29 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Owner.Mary\My Documents\LAST WILL AND TESTAMENT.doc
[2010/03/16 19:23:19 | 000,000,488 | ---- | M] () -- C:\hpfr3420.xml
[2010/03/16 19:20:30 | 000,000,683 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/16 18:56:26 | 000,019,558 | ---- | M] () -- C:\WINDOWS\hpoins01.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/13 14:10:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner.Mary\Desktop\0zlnkdyi.exe
[2010/05/12 23:10:35 | 000,609,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/05/12 22:29:24 | 000,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\symnetv.cat
[2010/05/12 22:29:24 | 000,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.cat
[2010/05/12 22:29:24 | 000,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/05/12 22:29:24 | 000,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.inf
[2010/05/12 22:29:23 | 000,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/05/12 22:29:23 | 000,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.cat
[2010/05/12 22:29:23 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.cat
[2010/05/12 22:29:23 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/05/12 22:29:23 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.inf
[2010/05/12 22:29:23 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.inf
[2010/05/12 22:29:22 | 000,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/05/12 22:29:22 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/05/12 22:29:22 | 000,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/05/12 22:29:22 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/05/12 22:25:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/05/12 20:18:23 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/12 17:12:17 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/12 17:12:17 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/12 17:12:06 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/04/21 19:55:28 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Owner.Mary\My Documents\Free Dogs poster.doc
[2010/04/21 19:50:26 | 000,044,110 | ---- | C] () -- C:\Documents and Settings\Owner.Mary\My Documents\collage.JPG
[2010/04/21 18:56:43 | 000,672,053 | ---- | C] () -- C:\Documents and Settings\Owner.Mary\My Documents\happy stemmons.JPG
[2010/04/18 13:52:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix1111.dat
[2010/04/15 18:18:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/04/15 18:18:05 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/04/15 18:18:03 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/04/15 18:17:43 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2010/04/07 21:46:05 | 003,458,246 | R--- | C] () -- C:\Documents and Settings\Owner.Mary\My Documents\My Money Backup.mbf
[2010/04/07 21:38:34 | 003,473,408 | ---- | C] () -- C:\Documents and Settings\Owner.Mary\My Documents\My Money.mny
[2010/04/07 19:06:28 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Owner.Mary\My Documents\LAST WILL AND TESTAMENT.doc
[2010/03/23 13:00:37 | 000,107,058 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2010/03/16 19:20:57 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1268785209.job
[2010/03/16 19:20:47 | 000,000,488 | ---- | C] () -- C:\hpfr3420.xml
[2010/03/16 18:50:57 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/03/16 18:50:57 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/02/24 20:12:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/23 00:53:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/23 00:53:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 18:49:16 | 000,001,284 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

---

Extras.TXT report:

OTL Extras logfile created on: 5/13/2010 2:11:53 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Owner.Mary\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.81 Gb Total Space | 65.00 Gb Free Space | 73.19% Space Free | Partition Type: NTFS
Drive D: | 4.33 Gb Total Space | 1.27 Gb Free Space | 29.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3850048648-645474148-1690031009-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 20
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A607AC66-0C76-4519-9751-E12A93BF8EB2}" = Digital Media Reader
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_2045161F" = Soft Data Fax Modem with SmartCP
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"ie8" = Windows Internet Explorer 8
"InstallShield_{A607AC66-0C76-4519-9751-E12A93BF8EB2}" = Digital Media Reader
"LimeWire" = LimeWire 5.4.8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2010 5:22:50 PM | Computer Name = MARY | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 5:22:50 PM | Computer Name = MARY | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 5:22:50 PM | Computer Name = MARY | Source = Windows Search Service | ID = 3013
Description =

Error - 2/26/2010 5:22:50 PM | Computer Name = MARY | Source = Windows Search Service | ID = 3013
Description =

Error - 3/16/2010 8:22:09 PM | Computer Name = MARY | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.21, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x0002cdbd.

Error - 3/17/2010 1:23:24 AM | Computer Name = MARY | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.21, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x0002cdbd.

Error - 3/27/2010 11:21:22 AM | Computer Name = MARY | Source = Application Error | ID = 1000
Description = Faulting application 771012b27a3970f4.exe, version 0.0.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 4/18/2010 2:50:51 PM | Computer Name = MARY | Source = Application Error | ID = 1000
Description = Faulting application hpoevm08.exe, version 4.2.0.21, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x0002cdbd.

Error - 4/21/2010 9:28:20 PM | Computer Name = MARY | Source = Windows Search Service | ID = 3013
Description =

Error - 4/21/2010 9:28:20 PM | Computer Name = MARY | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 5/9/2010 8:23:21 AM | Computer Name = MARY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 5/12/2010 6:06:44 PM | Computer Name = MARY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 5/12/2010 8:35:25 PM | Computer Name = MARY | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 5/12/2010 8:35:38 PM | Computer Name = MARY | Source = DCOM | ID = 10010
Description = The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register
with DCOM within the required timeout.

Error - 5/12/2010 9:05:04 PM | Computer Name = MARY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 5/12/2010 9:12:12 PM | Computer Name = MARY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 5/12/2010 9:44:39 PM | Computer Name = MARY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 5/13/2010 12:10:17 AM | Computer Name = MARY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 5/13/2010 12:10:21 AM | Computer Name = MARY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IDSxpx86

Error - 5/13/2010 2:58:32 PM | Computer Name = MARY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058


< End of report >

---

GMER Report:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-13 15:35:29
Windows 5.1.2600 Service Pack 3
Running: 0zlnkdyi.exe; Driver: C:\DOCUME~1\OWNER~1.MAR\LOCALS~1\Temp\pxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 86BCB2C8 ZwAlertResumeThread
SSDT 86CA7638 ZwAlertThread
SSDT 85880C48 ZwAllocateVirtualMemory
SSDT 86B3ACD0 ZwAssignProcessToJobObject
SSDT 86BD5008 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF14B2130]
SSDT 85880440 ZwCreateMutant
SSDT 8587FEF0 ZwCreateSymbolicLinkObject
SSDT 86BE5268 ZwCreateThread
SSDT 86E32CD0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF14B23B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF14B2910]
SSDT 85880DA0 ZwDuplicateObject
SSDT 85880AA8 ZwFreeVirtualMemory
SSDT 86BC9688 ZwImpersonateAnonymousToken
SSDT 86C459E8 ZwImpersonateThread
SSDT 86CBBCA8 ZwLoadDriver
SSDT 86BE6330 ZwMapViewOfSection
SSDT 86BA5050 ZwOpenEvent
SSDT 85880F40 ZwOpenProcess
SSDT 86899E78 ZwOpenProcessToken
SSDT 86E2ECD0 ZwOpenSection
SSDT 85880E70 ZwOpenThread
SSDT 8587FFC0 ZwProtectVirtualMemory
SSDT 868A7C80 ZwResumeThread
SSDT 86AD6760 ZwSetContextThread
SSDT 858808C8 ZwSetInformationProcess
SSDT 86E43CD0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF14B2B60]
SSDT 86C6B578 ZwSuspendProcess
SSDT 86715050 ZwSuspendThread
SSDT 868AED30 ZwTerminateProcess
SSDT 86BFBDD0 ZwTerminateThread
SSDT 86897D80 ZwUnmapViewOfSection
SSDT 85880B78 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 24D8 80501D10 4 Bytes CALL 06D6E16E
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\ehome\ehtray.exe[176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01D10000
.text C:\WINDOWS\ehome\ehtray.exe[176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01D50000
.text C:\WINDOWS\ehome\ehtray.exe[176] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 01D30000
.text C:\WINDOWS\ehome\ehtray.exe[176] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 5 Bytes JMP 01F50000
.text C:\WINDOWS\ehome\ehtray.exe[176] ADVAPI32.dll!CryptImportKey 77DEA1F1 5 Bytes JMP 01F10000
.text C:\WINDOWS\ehome\ehtray.exe[176] ADVAPI32.dll!CryptGenKey 77E11849 5 Bytes JMP 01F30000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!CommitUrlCacheEntryA 3D940F78 5 Bytes JMP 01E50000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01D70000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01DF0000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 01E90000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 01DD0000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01E30000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 01EB0000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01E10000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!CommitUrlCacheEntryW 3D963085 5 Bytes JMP 01E70000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!InternetReadFileExW 3D963349 5 Bytes JMP 01DB0000
.text C:\WINDOWS\ehome\ehtray.exe[176] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01D90000
.text C:\WINDOWS\ehome\ehtray.exe[176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01ED0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01780000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 017C0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 017A0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 5 Bytes JMP 019C0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!CryptImportKey 77DEA1F1 5 Bytes JMP 01980000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!CryptGenKey 77E11849 5 Bytes JMP 019A0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01940000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!CommitUrlCacheEntryA 3D940F78 5 Bytes JMP 018C0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 017E0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01860000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 01900000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 01840000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 018A0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 01920000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01880000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!CommitUrlCacheEntryW 3D963085 5 Bytes JMP 018E0000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!InternetReadFileExW 3D963349 5 Bytes JMP 01820000
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] wininet.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01800000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01250000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01890000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 01270000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 5 Bytes JMP 01A90000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] ADVAPI32.dll!CryptImportKey 77DEA1F1 5 Bytes JMP 01A50000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] ADVAPI32.dll!CryptGenKey 77E11849 5 Bytes JMP 01A70000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01A10000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!CommitUrlCacheEntryA 3D940F78 5 Bytes JMP 01990000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 018B0000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01930000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 019D0000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 01910000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01970000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 019F0000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01950000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!CommitUrlCacheEntryW 3D963085 5 Bytes JMP 019B0000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!InternetReadFileExW 3D963349 5 Bytes JMP 018F0000
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[632] wininet.dll!InternetReadFileExA 3D963381 5 Bytes JMP 018D0000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 016F0000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01730000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 01710000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 5 Bytes JMP 01940000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] ADVAPI32.dll!CryptImportKey 77DEA1F1 5 Bytes JMP 018F0000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] ADVAPI32.dll!CryptGenKey 77E11849 5 Bytes JMP 01920000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018B0000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!CommitUrlCacheEntryA 3D940F78 5 Bytes JMP 01830000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 01750000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 017D0000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 01870000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 017B0000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01810000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 01890000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 017F0000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!CommitUrlCacheEntryW 3D963085 5 Bytes JMP 01850000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!InternetReadFileExW 3D963349 5 Bytes JMP 01790000
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[640] wininet.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01770000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01990000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019D0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 019B0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 5 Bytes JMP 01BD0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] ADVAPI32.dll!CryptImportKey 77DEA1F1 5 Bytes JMP 01B90000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] ADVAPI32.dll!CryptGenKey 77E11849 5 Bytes JMP 01BB0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01B50000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!CommitUrlCacheEntryA 3D940F78 5 Bytes JMP 01AD0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 019F0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01A70000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 01B10000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 01A50000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01AB0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 01B30000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01A90000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!CommitUrlCacheEntryW 3D963085 5 Bytes JMP 01AF0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!InternetReadFileExW 3D963349 5 Bytes JMP 01A30000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[964] wininet.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01A10000
.text C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02C30000
.text C:\WINDOWS\Explorer.EXE[972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02ED0000
.text C:\WINDOWS\Explorer.EXE[972] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 02EB0000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01840000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01880000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 01860000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 5 Bytes JMP 01A80000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] ADVAPI32.dll!CryptImportKey 77DEA1F1 5 Bytes JMP 01A40000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] ADVAPI32.dll!CryptGenKey 77E11849 5 Bytes JMP 01A60000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01A00000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!CommitUrlCacheEntryA 3D940F78 5 Bytes JMP 01980000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 018A0000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01920000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 019C0000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 01900000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01960000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 019E0000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01940000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!CommitUrlCacheEntryW 3D963085 5 Bytes JMP 019A0000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!InternetReadFileExW 3D963349 5 Bytes JMP 018E0000
.text C:\Program Files\Digital Media Reader\shwicon2k.exe[1100] wininet.dll!InternetReadFileExA 3D963381 5 Bytes JMP 018C0000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01C40000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01C80000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 01C60000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 5 Bytes JMP 01E80000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] ADVAPI32.dll!CryptImportKey 77DEA1F1 5 Bytes JMP 01E40000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] ADVAPI32.dll!CryptGenKey 77E11849 5 Bytes JMP 01E60000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01E00000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!CommitUrlCacheEntryA 3D940F78 5 Bytes JMP 01D80000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 01CA0000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 01D20000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 01DC0000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 01D00000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01D60000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 01DE0000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01D40000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!CommitUrlCacheEntryW 3D963085 5 Bytes JMP 01DA0000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!InternetReadFileExW 3D963349 5 Bytes JMP 01CE0000
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[1164] wininet.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01CC0000
.text C:\WINDOWS\system32\ctfmon.exe[1180] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\ctfmon.exe[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\ctfmon.exe[1180] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\ctfmon.exe[1180] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 5 Bytes JMP 01440000
.text C:\WINDOWS\system32\ctfmon.exe[1180] ADVAPI32.dll!CryptImportKey 77DEA1F1 5 Bytes JMP 01400000
.text C:\WINDOWS\system32\ctfmon.exe[1180] ADVAPI32.dll!CryptGenKey 77E11849 5 Bytes JMP 01420000
.text C:\WINDOWS\system32\ctfmon.exe[1180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013C0000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!CommitUrlCacheEntryA 3D940F78 5 Bytes JMP 01340000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!InternetReadFile 3D94654B 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 012E0000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 01380000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 012C0000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01320000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 013A0000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01300000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!CommitUrlCacheEntryW 3D963085 5 Bytes JMP 01360000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!InternetReadFileExW 3D963349 5 Bytes JMP 01050000
.text C:\WINDOWS\system32\ctfmon.exe[1180] wininet.dll!InternetReadFileExA 3D963381 5 Bytes JMP 01030000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2476] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Thanks!!
DJ

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 14 May 2010 - 05:45 AM

Hi there,

P2P WARNING
-------------------
Going over your logs I noticed that you have LimeWire installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 22 May 2010 - 09:13 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 01 June 2010 - 10:42 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users