Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tried to get the viruses off myself -- internet connection causes pandemonium still


  • Please log in to reply
10 replies to this topic

#1 Quiott

Quiott

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 17 October 2010 - 11:47 PM

Running XP on a Dell
At first unable to open any folders and when I attempted at first to fix that I noticed that any time you tried to open anything the CPU usage went to 100%. Eventually got to install avast and zone alarm. Avast found 38 viruses and it was unable to remove 14 (Win32... Gator-H;Spyware-gen;Newdotnet;Downloader-Q etc.) Ran CC Cleaner as well. The C drive remains with about 500 MB left of memory each time even when I remove things. So the virus fills whatever space I open up possibly. On the other hand it's possible that in my downloading of avast and zone alarm that took up that space.

I used CC cleaner to stop startup programs that were unnecessary and found one bad (sonic... something...). Restarted and ran avast again and it found more (Trogen Gen;Adware-gen... etc). Then I connected back to the internet and it seemed to cause slowness and randomn closings of programs. seems to me it still seems infected.

Here are the logs any help would be great!!

-----DDS Log-----
DDS (Ver_10-10-10.03) - NTFSx86
Run by Mary at 21:12:23.59 on Sun 10/17/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.27 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Mary\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://server224.smartbotpro.net/7search/?new-hklm
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {707e6f76-9ffb-4920-a976-ea101271bc25} - c:\program files\tv media\TvmBho.dll
BHO: {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TV Media] c:\program files\tv media\Tvm.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [TV Media] c:\program files\tv media\Tvm.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mary\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org1.1.2\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - <a href="http://www.comcast.net/" target="_blank" rel="nofollow">http://www.comcast.net/</a>
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - <a href="http://www.comcastsupport.com/" target="_blank" rel="nofollow">http://www.comcastsupport.com/</a>
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - <a href="http://online.comcast.net/help/" target="_blank" rel="nofollow">http://online.comcast.net/help/</a>
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38105.9030671296
Notify: igfxcui - igfxsrvc.dll
Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-17 165584]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-10-17 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-17 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-17 136176]

=============== Created Last 30 ================

2010-10-17 17:20:45 -------- d-----w- c:\program files\CheckPoint
2010-10-17 17:20:03 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-10-17 17:20:02 -------- d-----w- c:\windows\system32\ZoneLabs
2010-10-17 17:19:59 -------- d-----w- c:\program files\Zone Labs
2010-10-17 17:19:12 -------- d-----w- c:\windows\Internet Logs
2010-10-17 16:15:39 -------- d-----w- c:\windows\pss
2010-10-17 16:06:35 -------- d-----w- c:\program files\CCleaner
2010-10-17 08:00:19 38848 ----a-w- c:\windows\avastSS.scr
2010-10-17 08:00:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-13 10:00:27 -------- d-----w- C:\7b6217acc894bddd51202c0d

==================== Find3M ====================


============= FINISH: 21:14:55.09 ===============







-----GMER Log-----
GMER 1.0.15.15319 - <a href="http://www.gmer.net" target="_blank" rel="nofollow">http://www.gmer.net</a>
Rootkit scan 2010-10-17 21:11:27
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Mary\LOCALS~1\Temp\kxtoapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEF392CF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEF4AF534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEF4A9782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEF392BAC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEF4AFCC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEF4C2EB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEF4C32A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEF4CC916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEF4AFDF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEF4AA398]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEF393160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEF39308A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEF4C1DF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEF4CA93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEF4CAB44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEF4A9FAA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEF392C86]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEF4C51CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEF4C4DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEF392DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEF39322E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEF4CB208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEF4AF0F4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEF392D66]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEF4AF7DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEF4AA75C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xEF4CBE12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEF392EE6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEF4C3F0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEF4C3C86]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEF39FB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [C0, FC, 4A, EF, B4, 2E, 4C, ...]
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP EF39CFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1142 5 Bytes JMP EF39B5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A410A 7 Bytes JMP EF39FB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF9659760]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 00F37620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 00F34410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 00F364C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WININET.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 00F38510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 00F37AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00F37810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00F35BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!send 71AB428A 5 Bytes JMP 00F36780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00F387C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00F371A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00F36D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00F360D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 00F38B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 00F380A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00F35F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[260] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 00F374C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 10037620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 10034410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 100364C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10037AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10037810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10035BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!send 71AB428A 5 Bytes JMP 10036780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100387C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100371A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10036D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100360D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 10038B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 100380A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 10035F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 100374C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\wbem\unsecapp.exe[640] wininet.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 10038510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 10037620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 10034410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 100364C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10037AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10037810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10035BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!send 71AB428A 5 Bytes JMP 10036780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100387C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100371A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10036D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100360D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 10038B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 100380A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 10035F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 100374C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[1352] wininet.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 10038510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1804] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 10037620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 10034410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 100364C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10037AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10037810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10035BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!send 71AB428A 5 Bytes JMP 10036780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100387C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100371A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10036D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100360D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 10038B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 100380A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 10035F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 100374C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Documents and Settings\Mary\Desktop\gmer.exe[2416] wininet.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 10038510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 10037620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 10034410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 100364C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WININET.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 10038510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10037AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10037810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10035BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!send 71AB428A 5 Bytes JMP 10036780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100387C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100371A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10036D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100360D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 10038B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 100380A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 10035F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\explorer.exe[2956] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 100374C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 00BE7620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 00BE4410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 00BE64C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 00BE7AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00BE7810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00BE5BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BE6780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BE87C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BE71A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BE6D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BE60D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 00BE8B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 00BE80A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00BE5F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 00BE74C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\hkcmd.exe[3300] wininet.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 00BE8510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 00BE7620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 00BE4410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 00BE64C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 00BE7AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 00BE7810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00BE5BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BE6780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BE87C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BE71A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BE6D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BE60D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 00BE8B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 00BE80A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00BE5F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 00BE74C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3528] wininet.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 00BE8510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 10037620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10037AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10037810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10035BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!send 71AB428A 5 Bytes JMP 10036780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100387C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100371A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10036D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100360D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 10038B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 100380A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 10035F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 100374C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 10034410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 100364C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3536] WININET.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 10038510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 10037620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 10034410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 100364C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10037AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10037810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10035BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!send 71AB428A 5 Bytes JMP 10036780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100387C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100371A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10036D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100360D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 10038B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 100380A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 10035F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 100374C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\WINDOWS\System32\DSentry.exe[3608] wininet.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 10038510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] kernel32.dll!GetQueuedCompletionStatus 7C80A72D 5 Bytes JMP 061F7620 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] Secur32.dll!EncryptMessage 77FEA651 5 Bytes JMP 061F4410 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] Secur32.dll!DecryptMessage 77FEA6A0 5 Bytes JMP 061F64C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 061F7AE0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 061F7810 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!connect 71AB406A 5 Bytes JMP 061F5BF0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!send 71AB428A 5 Bytes JMP 061F6780 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 061F87C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!recv 71AB615A 5 Bytes JMP 061F71A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 061F6D40 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 061F60D0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!WSARecvFrom 71ABF652 5 Bytes JMP 061F8B50 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!WSASendTo 71AC0A95 5 Bytes JMP 061F80A0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 061F5F60 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 061F74C0 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)
.text C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe[3784] wininet.dll!UnlockUrlCacheEntryFile 771D7D9C 5 Bytes JMP 061F8510 C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge/TMRG, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Attached File  Attached.zip   2.6KB   0 downloads


Was able to run Windows updater and it found some 31 updates most were security. I installed those and restarted. Then went back to windows update and it found some more to update but I also tried downloading a driver for a mouse. After I did that now whenever I connect that mouse this blue screen appears. With a troubling part at the bottom...

A problem has been detected and Windows has been shut down to prevent damage to your computer.

IRQL_Not_Less_or_ Equal

IF this is the first time you've seen this stop error screen restart your computer.

If this screen appears again folow these steps:

Check to make sure any new hardware or software is properly installed if this is a new installation, as your hardware or software manufacturer for any Windows updates you might need. If problems continue disable or remove any newly installed hardware or software. Disable Bios memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select advanced startup options then select safe mode. Technical information:

*** STOP: 0X0000000A (0X0000592E, 0X00000002, 0X00000000, 0X804E469A)

Begining dump of physical memory, physical memory dump complete contact your system administrator technical support group for further assistance

I am using a different mouse now on that computer another thing I noticed was that in my C drive there are strangely named files that I can't delete like 9cd377f3637ab7e87a1cb1c2e any help would be great

EDIT: Posts merged ~BP

Edited by Budapest, 21 October 2010 - 04:10 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:37 AM

Posted 27 October 2010 - 06:45 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    winlogon.exe
    wininit.exe
    explorer.exe
    hlp.dat
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Quiott

Quiott
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 01 November 2010 - 01:32 AM

I will get on that right away Thanks!

#4 Quiott

Quiott
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 02 November 2010 - 10:50 AM

Ok so - This is my friends computer that he was just going to toss because it was infected - so I got it free. Conditions Before I made changes were that any time you would open a program the CPU usage went to 100 % and never let up so it forced you to restart the computer. And there was random closings of programs and freezings. I disconnected the cord from the internet. I was able to change the "Set program access and defaults" from custom to normal and that seemed to help a lot because you could open programs now. I was able to download ZoneAlarm Firewall, Avast, and recently PSI. I ran Avast and it found all sorts of bad programs. Listed in the second line of this topic title. I know some how that Limewire was on the computer before. And I see the log lists many anti virus and other firewalls when I know nothing about them. It was running really slow and there was about 500MB left of available space so I deleted some Photos that were taking up a bunch of space But it is running as slow as a snail. And while doing about 3 of the 7 suggestions from PSI it kept on saying that you are not the computer administrator while it's obvious that I am because there are no other users

Thanks!
Quiott

Here are the logs:
OTL


OTL logfile created on: 11/1/2010 11:46:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Mary\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 26.00% Memory free
746.00 Mb Paging File | 211.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 23.97 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 0.77 Gb Free Space | 20.65% Space Free | Partition Type: FAT32

Computer Name: DB5TBQ41 | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 23:10:24 | 001,132,600 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mary\Local Settings\Temp\CR_45.tmp\setup.exe
PRC - [2010/11/01 21:50:02 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary\Desktop\OTL.exe
PRC - [2010/10/18 14:00:00 | 004,643,384 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mary\Local Settings\Application Data\Google\Update\Download\{0A9F0441-08F8-4DC9-96D2-CD980EA0F2F1}\chrome_updater.exe
PRC - [2010/09/29 04:17:08 | 001,712,696 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/09/01 01:30:58 | 000,318,520 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2003/08/13 08:27:40 | 000,028,672 | -H-- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe


========== Modules (SafeList) ==========

MOD - [2010/11/01 21:50:02 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\NewDotNet\nnrun.exe -- (NNServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/09/01 01:30:58 | 000,318,520 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/04/13 17:12:02 | 000,105,472 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 17:11:55 | 000,035,328 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\iprip.dll -- (Iprip)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2003/03/03 11:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter)
DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys -- (PSI)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2010/02/11 05:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 11:36:39 | 000,043,008 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/08/03 22:29:54 | 001,897,408 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:29:49 | 000,019,455 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:26 | 000,701,440 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/05 20:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:52 | 000,060,949 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 20:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/05 23:04:00 | 000,100,373 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/05 23:04:00 | 000,098,068 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/05 23:04:00 | 000,083,284 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/05 23:04:00 | 000,034,837 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/05 23:04:00 | 000,025,685 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/05 23:04:00 | 000,014,229 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/05 23:04:00 | 000,006,357 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/05 23:04:00 | 000,004,117 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/05 23:04:00 | 000,002,233 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 01:21:00 | 000,084,576 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 09:28:40 | 000,005,621 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 09:28:22 | 000,023,219 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 00:56:00 | 000,040,448 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2002/11/08 11:45:06 | 000,017,217 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/06/21 17:42:50 | 000,008,224 | -H-- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [2001/08/17 12:07:44 | 000,019,072 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | -H-- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | -H-- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | -H-- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | -H-- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | -H-- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | -H-- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/10 01:03:00 | 000,070,084 | -H-- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {707E6F76-9FFB-4920-A976-EA101271BC25} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 99 54 62 DB FC 73 C7 48 7E BE 12 BE E1 AD BE 28 [binary data]
IE - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\..\URLSearchHook: {707E6F76-9FFB-4920-A976-EA101271BC25} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{f3ef049a-fd7e-11da-a72b-0800200c9a66}: c:\windows\system32 [2010/11/01 22:51:25 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge

[2009/03/12 12:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Mozilla\Extensions
[2009/03/12 12:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\default.1pe\extensions
[2009/03/12 12:19:47 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\default.1pe\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2004/07/03 06:57:00 | 000,000,000 | ---D | M] (googlebar) -- C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\default.1pe\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2009/03/12 12:19:03 | 000,000,000 | ---D | M] (Doodle (Classic)) -- C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\default.1pe\extensions\{9dd2ef0a-f6f2-4f54-ad61-611181226d56}
[2009/06/06 10:33:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/02 11:06:25 | 000,000,000 | ---D | M] (New.net Quick! Search) -- C:\Program Files\Mozilla Firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}
[2004/01/13 19:09:25 | 000,176,176 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

Hosts file not found
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\Mary\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1737454354-1932798780-2954916391-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288676904682 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk - C:\PROGRA~1\AMERIC~1.0\aoltray.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk - C:\PROGRA~1\FINEPI~1\QuickDCF.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Mary^Start Menu^Programs^Startup^OpenOffice.org 1.1.2.lnk - C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe - ()
MsConfig - StartUpReg: Dell Photo AIO Printer 922 - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe File not found
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: IntelMeM - hkey= - key= - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
MsConfig - StartUpReg: LXSUPMON - hkey= - key= - File not found
MsConfig - StartUpReg: MimBoot - hkey= - key= - C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe File not found
MsConfig - StartUpReg: nmapp - hkey= - key= - C:\Program Files\Pure Networks\Network Magic\nmapp.exe File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\Media Experience\PCMService.exe File not found
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: REGSHAVE - hkey= - key= - C:\Program Files\REGSHAVE\REGSHAVE.EXE File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
MsConfig - StartUpReg: TV Media - hkey= - key= - C:\Program Files\TV Media\Tvm.exe File not found
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: WheelMouse - hkey= - key= - File not found

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {79844cfb-ac65-4e10-a06a-c974234f40d0} - KB883939
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8ade8c02-8da6-4ec1-a9ee-ec00ff73ce98} - Internet Explorer Q903235
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DVSD - pdvcodec.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 23:50:58 | 002,826,192 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mary\Desktop\install_flash_player_ax.exe
[2010/11/01 22:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Local Settings\Application Data\Secunia PSI
[2010/11/01 22:31:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/01 22:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/11/01 22:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/11/01 22:23:28 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mary\Desktop\FileFormatConverters.exe
[2010/11/01 22:23:27 | 001,141,424 | ---- | C] (Secunia) -- C:\Documents and Settings\Mary\Desktop\PSI2SetupBeta.exe
[2010/11/01 22:23:26 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary\Desktop\OTL.exe
[2010/10/20 19:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Application Data\Apple Computer
[2010/10/20 19:33:10 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/10/20 19:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/20 19:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/20 19:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/20 19:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/20 19:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/10/20 19:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Local Settings\Application Data\Apple
[2010/10/20 19:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/10/20 19:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/20 19:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/10/20 19:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/10/20 19:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Local Settings\Application Data\Apple Computer
[2010/10/19 17:22:39 | 075,019,048 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Mary\Desktop\iTunesSetup.exe
[2010/10/19 15:16:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/10/19 13:45:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mary\Recent
[2010/10/19 09:51:21 | 000,590,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/10/19 09:50:03 | 000,974,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/19 09:50:03 | 000,954,368 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/19 09:50:03 | 000,953,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/19 09:46:38 | 000,617,472 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/19 09:43:46 | 000,357,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/10/19 09:37:07 | 000,730,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/10/19 09:37:05 | 002,146,304 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/10/19 09:37:02 | 002,189,952 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/10/19 09:37:00 | 002,024,448 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/10/19 09:34:52 | 000,337,408 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/10/19 09:32:23 | 000,272,128 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/10/19 09:32:15 | 000,203,136 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/10/19 08:52:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Prefetch
[2010/10/18 23:46:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\scripting
[2010/10/18 23:46:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\l2schemas
[2010/10/18 23:46:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\en
[2010/10/18 23:31:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\network diagnostic
[2010/10/18 23:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\My Documents\Downloads
[2010/10/18 23:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/18 22:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/18 22:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/10/18 22:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/10/18 22:35:26 | 000,073,728 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/18 22:35:24 | 000,472,808 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/18 22:35:24 | 000,153,376 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/18 22:35:22 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/18 22:35:21 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/18 22:03:55 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2010/10/18 11:23:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8updates
[2010/10/18 11:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Local Settings\Application Data\PCHealth
[2010/10/18 09:46:52 | 000,602,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/10/18 09:46:52 | 000,055,296 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/10/18 09:46:49 | 000,743,424 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/10/18 09:46:47 | 001,986,560 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/10/18 09:46:31 | 011,080,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/10/18 09:30:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mary\IECompatCache
[2010/10/18 09:30:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mary\PrivacIE
[2010/10/18 08:36:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mary\My Documents\My Music
[2010/10/18 08:36:43 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/10/18 08:36:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mary\IETldCache
[2010/10/18 08:31:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\WBEM
[2010/10/18 08:29:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/10/17 23:45:28 | 000,000,000 | -H-D | C] -- C:\8ed07238fb215d438f377f6340bcfc
[2010/10/17 23:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Local Settings\Application Data\Temp
[2010/10/17 19:24:29 | 000,136,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/10/17 19:23:07 | 000,233,472 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/10/17 19:23:01 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/10/17 19:21:53 | 000,048,640 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/10/17 19:21:46 | 000,039,936 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/10/17 19:21:35 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/10/17 19:21:34 | 000,057,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/10/17 19:21:34 | 000,039,936 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/10/17 19:21:34 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/10/17 19:21:33 | 000,056,320 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/10/17 19:21:32 | 000,650,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/10/17 19:21:12 | 000,184,832 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/10/17 19:21:12 | 000,126,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/10/17 19:21:12 | 000,030,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/10/17 19:21:11 | 000,180,224 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/10/17 19:21:11 | 000,094,208 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/10/17 19:21:11 | 000,040,960 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/10/17 19:21:10 | 000,059,392 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/10/17 19:20:31 | 000,144,384 | -H-- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/10/17 19:19:55 | 000,081,920 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/10/17 19:19:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/10/17 19:19:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/10/17 19:19:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/10/17 19:19:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/10/17 19:19:05 | 000,037,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/10/17 19:17:48 | 000,184,320 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/10/17 19:17:46 | 000,397,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/10/17 19:17:45 | 000,106,496 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/10/17 19:17:42 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/10/17 19:15:36 | 000,155,136 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/10/17 19:15:35 | 000,076,800 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/10/17 19:15:17 | 001,306,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/10/17 19:15:17 | 000,079,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010/10/17 19:15:17 | 000,079,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/10/17 19:15:10 | 000,193,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/10/17 19:15:10 | 000,030,208 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/10/17 19:15:09 | 000,176,640 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/10/17 19:13:54 | 000,144,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/10/17 19:13:13 | 000,150,528 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/10/17 19:13:10 | 000,062,464 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/10/17 19:12:59 | 000,076,800 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/10/17 19:12:54 | 000,061,952 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/10/17 19:12:43 | 000,290,304 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/10/17 19:12:13 | 000,032,768 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/10/17 19:10:49 | 000,053,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/10/17 19:09:41 | 000,069,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/10/17 17:53:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/10/17 17:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2010/10/17 16:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Desktop\Music
[2010/10/17 10:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/10/17 10:20:28 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/10/17 10:20:22 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/10/17 10:20:22 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/10/17 10:20:11 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/10/17 10:20:03 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/10/17 10:20:03 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/10/17 10:20:02 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/10/17 10:20:02 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/10/17 10:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/10/17 10:19:59 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/10/17 10:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/10/17 10:19:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/10/17 10:19:10 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/10/17 10:19:10 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/10/17 10:19:09 | 000,714,240 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/10/17 10:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/17 09:15:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\pss
[2010/10/17 09:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/17 09:03:42 | 003,430,224 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Mary\Desktop\ccsetup236.exe
[2010/10/17 03:19:10 | 000,455,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/10/17 03:18:58 | 000,471,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/10/17 03:18:31 | 000,744,448 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/10/17 01:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/17 01:01:14 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/10/17 01:01:13 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/17 01:01:11 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/17 01:01:08 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/17 01:01:02 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/17 01:01:02 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/17 01:01:01 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/17 01:00:19 | 000,038,848 | -H-- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/17 01:00:18 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/17 01:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/17 01:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/17 00:45:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/13 03:00:27 | 000,000,000 | -H-D | C] -- C:\7b6217acc894bddd51202c0d
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/02 00:14:32 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/02 00:00:44 | 000,000,922 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1737454354-1932798780-2954916391-1008Core.job
[2010/11/02 00:00:42 | 000,000,974 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1737454354-1932798780-2954916391-1008UA.job
[2010/11/01 23:51:00 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Mary\Desktop\install_flash_player_ax.exe
[2010/11/01 22:34:54 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Mary\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/11/01 22:20:59 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/01 22:20:38 | 000,001,170 | -H-- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/11/01 22:20:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/11/01 22:20:34 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 21:50:02 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary\Desktop\OTL.exe
[2010/10/31 22:53:10 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mary\Desktop\FileFormatConverters.exe
[2010/10/29 20:24:04 | 001,141,424 | ---- | M] (Secunia) -- C:\Documents and Settings\Mary\Desktop\PSI2SetupBeta.exe
[2010/10/20 19:33:49 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/20 19:27:43 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/20 19:26:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/20 17:19:38 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Mary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/19 17:23:15 | 075,019,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Mary\Desktop\iTunesSetup.exe
[2010/10/19 15:52:44 | 000,445,370 | -H-- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/10/19 15:52:44 | 000,072,576 | -H-- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/10/19 15:09:51 | 000,202,528 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/19 08:53:45 | 000,316,640 | -H-- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/18 23:30:59 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/10/18 23:04:02 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\Google Chrome.lnk
[2010/10/18 23:04:02 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 22:33:19 | 000,153,376 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/18 22:33:19 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/18 22:33:18 | 000,073,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/18 22:33:17 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/18 22:33:13 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/18 08:36:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/17 17:03:23 | 000,000,002 | -H-- | M] () -- C:\WINDOWS\msoffice.ini
[2010/10/17 10:27:08 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/17 10:22:24 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/17 10:20:37 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/17 10:20:32 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\ZoneAlarm Security.lnk
[2010/10/17 09:06:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\CCleaner.lnk
[2010/10/17 08:55:10 | 003,430,224 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Mary\Desktop\ccsetup236.exe
[2010/10/17 01:01:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/17 01:01:04 | 000,002,626 | -H-- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/15 18:05:50 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\gmer.exe
[2010/10/15 00:34:36 | 046,957,056 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\zaSetup_92_076_000_en.exe
[2010/10/15 00:32:12 | 050,594,264 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\setup_av_free.exe
[2010/10/09 12:48:44 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\dds.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/01 22:34:49 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Mary\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/20 19:33:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/20 19:27:43 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/20 19:26:36 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/19 10:26:22 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/18 23:04:02 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\Google Chrome.lnk
[2010/10/18 23:04:02 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 22:49:40 | 000,000,974 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1737454354-1932798780-2954916391-1008UA.job
[2010/10/18 22:49:37 | 000,000,922 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1737454354-1932798780-2954916391-1008Core.job
[2010/10/17 19:20:07 | 000,001,261 | -H-- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/10/17 17:51:35 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\gmer.exe
[2010/10/17 17:51:27 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\dds.scr
[2010/10/17 17:03:23 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2010/10/17 10:20:37 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/17 10:20:32 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\ZoneAlarm Security.lnk
[2010/10/17 10:19:59 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/17 09:06:42 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\CCleaner.lnk
[2010/10/17 01:01:42 | 000,000,882 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/17 01:01:41 | 000,000,878 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 01:01:15 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/17 00:58:20 | 050,594,264 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\setup_av_free.exe
[2010/10/17 00:58:18 | 046,957,056 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\zaSetup_92_076_000_en.exe
[2010/10/08 20:31:45 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/03/08 21:01:19 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/05/29 21:39:02 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\Title.INI
[2007/05/19 17:06:59 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2005/09/03 14:13:28 | 000,000,775 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2004/10/20 16:44:47 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A6W.INI
[2004/09/24 18:05:07 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Mary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/02 22:23:08 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/07/01 21:31:36 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\sversion.ini
[2004/06/16 18:13:30 | 000,030,208 | -H-- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/06/16 18:13:30 | 000,000,296 | -H-- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/05/31 13:20:33 | 000,003,894 | -H-- | C] () -- C:\WINDOWS\bsx32.ini
[2004/04/26 15:39:50 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\PFP110JPR.{PB
[2004/04/26 15:39:50 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\PFP110JCM.{PB
[2004/04/26 11:59:19 | 000,013,087 | -H-- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/25 23:03:42 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/25 22:54:36 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\EPSC82.ini
[2004/04/19 09:12:21 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/19 09:01:39 | 000,000,138 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/19 08:49:15 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/19 08:43:46 | 000,000,550 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/22 14:59:18 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/22 14:58:10 | 000,000,839 | -H-- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/03 06:59:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/02/04 09:46:26 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\lxazlcnp.dll
[1979/12/31 22:00:00 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:57 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002/08/29 03:00:00 | 000,516,608 | -H-- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 06:47:18 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 06:47:18 | 000,602,112 | -H-- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 06:47:18 | 000,380,928 | -H-- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys
[2010/09/07 07:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
[2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys
[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
[2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys
[2010/08/26 06:39:50 | 000,357,248 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys

< End of report >










Extras


OTL Extras logfile created on: 11/1/2010 11:46:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Mary\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 26.00% Memory free
746.00 Mb Paging File | 211.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 23.97 Gb Free Space | 64.42% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 0.77 Gb Free Space | 20.65% Space Free | Partition Type: FAT32

Computer Name: DB5TBQ41 | User Name: Mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\support.com\bin\tgcmd.exe" = C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- File not found
"C:\Documents and Settings\Spencer\Local Settings\Temp\~os31.tmp\ossproxy.exe" = C:\Documents and Settings\Spencer\Local Settings\Temp\~os31.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Documents and Settings\Spencer\Local Settings\Temp\~os3C.tmp\ossproxy.exe" = C:\Documents and Settings\Spencer\Local Settings\Temp\~os3C.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"c:\Documents and Settings\Spencer\Local Settings\Temp\~os25.tmp\ossproxy.exe" = c:\Documents and Settings\Spencer\Local Settings\Temp\~os25.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Documents and Settings\Spencer\Local Settings\Temp\~os2F.tmp\ossproxy.exe" = C:\Documents and Settings\Spencer\Local Settings\Temp\~os2F.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found
"C:\WINDOWS\SYSTEM32\mrkscr.exe" = C:\WINDOWS\SYSTEM32\mrkscr.exe:*:Enabled:mrkscr.exe -- File not found
"C:\Documents and Settings\Spencer\Local Settings\Temp\~os22F4.tmp\ossproxy.exe" = C:\Documents and Settings\Spencer\Local Settings\Temp\~os22F4.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Documents and Settings\Spencer\Local Settings\Temp\~os94CD.tmp\ossproxy.exe" = C:\Documents and Settings\Spencer\Local Settings\Temp\~os94CD.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- File not found
"C:\WINDOWS\Temp\~os4990.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os4990.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"C:\Documents and Settings\Spencer\Local Settings\Temp\~os5FD.tmp\rlvknlg.exe" = C:\Documents and Settings\Spencer\Local Settings\Temp\~os5FD.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" = C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service -- File not found
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z45" = Lexmark Z45
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MWASPINT" = MicroStaff WINASPI NT
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Network Adapters and Drivers
"Q903235" = Internet Explorer Q903235
"Secunia PSI" = Secunia PSI (1.9.0.4001)
"Shockwave" = Shockwave
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1737454354-1932798780-2954916391-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"OpenOffice.org 1.1.2" = OpenOffice.org 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2010 4:36:13 PM | Computer Name = DB5TBQ41 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2905. The arguments are: C:\WINDOWS\Installer\MSI19B.tmp,
,

Error - 10/19/2010 4:36:29 PM | Computer Name = DB5TBQ41 | Source = MsiInstaller | ID = 11712
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1712.One
or more of the files required to restore your computer to its previous state could
not be found. Restoration will not be possible.

Error - 10/19/2010 4:58:57 PM | Computer Name = DB5TBQ41 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2418241'
could not be installed. Error code 1603. Additional information is available in
the log file .

Error - 10/19/2010 4:58:57 PM | Computer Name = DB5TBQ41 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB980773'
could not be installed. Error code 1603. Additional information is available in
the log file .

Error - 10/19/2010 4:59:43 PM | Computer Name = DB5TBQ41 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2418241,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
1712.

Error - 10/19/2010 6:56:07 PM | Computer Name = DB5TBQ41 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2416473,
P2 1033, P3 1618, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/20/2010 12:48:59 AM | Computer Name = DB5TBQ41 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2010 2:12:38 AM | Computer Name = DB5TBQ41 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2010 2:12:46 AM | Computer Name = DB5TBQ41 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2010 10:10:25 PM | Computer Name = DB5TBQ41 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/19/2010 3:15:37 PM | Computer Name = DB5TBQ41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2360937).

Error - 10/19/2010 3:15:42 PM | Computer Name = DB5TBQ41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 and
3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).

Error - 10/19/2010 3:15:43 PM | Computer Name = DB5TBQ41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5 SP1 on
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473).

Error - 10/19/2010 3:15:43 PM | Computer Name = DB5TBQ41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).

Error - 10/19/2010 3:20:38 PM | Computer Name = DB5TBQ41 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/19/2010 3:20:44 PM | Computer Name = DB5TBQ41 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10/19/2010 3:42:50 PM | Computer Name = DB5TBQ41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB983583).

Error - 10/19/2010 5:00:31 PM | Computer Name = DB5TBQ41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and
3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).

Error - 10/19/2010 6:56:15 PM | Computer Name = DB5TBQ41 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on
Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473).

Error - 11/2/2010 1:29:08 AM | Computer Name = DB5TBQ41 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:37 AM

Posted 03 November 2010 - 08:21 AM

Hi,

after buying a used PC I would highly recommend a reformat and reinstall. You don't know what has been previously installed on this pc or what was stored there. If in addition you are left with pictures from him, there is obviously a lot of personal data you won't necessarily want to intrude on you.

If you decide against, please run Rootkit Unhooker next:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Quiott

Quiott
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 03 November 2010 - 10:47 AM

Thank you for responding:

Here is the Report Log>


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF8D83000 C:\WINDOWS\System32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xF8CEE000 C:\WINDOWS\System32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xF8C28000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF9144000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF04AF000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xBF06F000 C:\WINDOWS\System32\ialmdd5.DLL 483328 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF0352000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF8ADE000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF0590000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEF6BF000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEF246000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF0530000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xF9277000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 188416 bytes (Intel Corporation, Component GHAL Driver)
0xEF857000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF9117000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEEE73000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF03C2000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF0568000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF02DD000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xF032C000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF8CCA000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF01FC000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF8C04000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8EAA000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF8ECD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF048D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF01F000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF920F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF9247000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF09F5000 C:\WINDOWS\system32\drivers\ialmsbw.sys 114688 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™)
0xF90FD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF0036000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF922F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF01E4000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF004F000 C:\WINDOWS\system32\dla\tfsnudf.sys 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xEFCD7000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF8F04000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 94208 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF91D1000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8BED000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF91E8000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xF008F000 C:\WINDOWS\system32\dla\tfsnifs.sys 86016 bytes (Sonic Solutions, Drive Letter Access Component)
0xEFB32000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF0A11000 C:\WINDOWS\system32\drivers\ialmkchw.sys 81920 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™)
0xF8CB6000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF8EF0000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF05E9000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF91FD000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF9266000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8BDC000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEF36F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF94C6000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF94B6000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF94F6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF9496000 C:\WINDOWS\System32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xF94D6000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF040D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF9376000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF9306000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF94A6000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 53248 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF9506000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF92E6000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF9526000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF9326000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF9406000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF94E6000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF92D6000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF9516000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF93C6000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF9476000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF9356000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF9346000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF92F6000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF9456000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF9486000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF9416000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF92C6000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF9536000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF93D6000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF61F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF9316000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8B8C000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF9426000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF95D6000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF9676000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF95C6000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF95DE000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF967E000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF9546000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF959E000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF968E000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF969E000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF95F6000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF95E6000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF95CE000 C:\WINDOWS\System32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF961E000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF965E000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF9666000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF95EE000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF964E000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF966E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF9626000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF954E000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF960E000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF9616000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF95FE000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF95BE000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF9586000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF975A000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF97AE000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF00EC000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF978A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF01D0000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF00F4000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF96D6000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF061C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8AB9000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF976A000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xEFC37000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 12288 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
0xF8AB1000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF979E000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEEFC2000 C:\WINDOWS\system32\DRIVERS\psi_mf.sys 12288 bytes (Secunia, Secunia PSI Driver)
0xF976E000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF9782000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF97F6000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF9806000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF987A000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF982E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF9804000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF97C6000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF9808000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF9874000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF980A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF97F2000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF97FA000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF97F4000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF97FE000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF97C8000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF9997000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF9902000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF98E3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF988E000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF99AD000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF99AC000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [ADPU160M.SYS]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [a308.sys]
WARNING: Virus alike driver modification [a314.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [a302.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [ACPIEC.SYS]
WARNING: Virus alike driver modification [wadv05nt.sys]
WARNING: Virus alike driver modification [CPQDAP01.SYS]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [a305.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [AMSINT.SYS]
WARNING: Virus alike driver modification [NIKEDRV.SYS]
WARNING: Virus alike driver modification [RIO8DRV.SYS]
WARNING: Virus alike driver modification [RIODRV.SYS]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [wsiintxx.sys]
WARNING: Virus alike driver modification [wadv02nt.sys]
WARNING: Virus alike driver modification [FSVGA.SYS]
WARNING: Virus alike driver modification [wadv01nt.sys]
WARNING: Virus alike driver modification [NWLNKFLT.SYS]
WARNING: Virus alike driver modification [FTDISK.SYS]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [AHA154X.SYS]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [CBIDF2K.SYS]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [SMCLIB.SYS]
WARNING: Virus alike driver modification [DAC960NT.SYS]
WARNING: Virus alike driver modification [ASC3550.SYS]
WARNING: Virus alike driver modification [CPQARRAY.SYS]
WARNING: Virus alike driver modification [INI910U.SYS]
WARNING: Virus alike driver modification [i81xnt5.sys]
WARNING: Virus alike driver modification [SYMC810.SYS]
WARNING: Virus alike driver modification [a306.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [MRAID35X.SYS]
WARNING: Virus alike driver modification [DAC2W2K.SYS]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [SPARROW.SYS]
WARNING: Virus alike driver modification [wvchntxx.sys]
WARNING: Virus alike driver modification [watv02nt.sys]
WARNING: Virus alike driver modification [DPTI2O.SYS]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [vch.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [TSBVCAP.SYS]
WARNING: Virus alike driver modification [a307.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [ASC3350P.SYS]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [wch7xxnt.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [a309.sys]
WARNING: Virus alike driver modification [HPN.SYS]
WARNING: Virus alike driver modification [CINEMST2.SYS]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [ASC.SYS]
WARNING: Virus alike driver modification [PERC2.SYS]
WARNING: Virus alike driver modification [SYM_HI.SYS]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [a303.sys]
WARNING: Virus alike driver modification [watv01nt.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [SYM_U3.SYS]
WARNING: Virus alike driver modification [ATMEPVC.SYS]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [NWLNKFWD.SYS]
WARNING: Virus alike driver modification [SYMC8XX.SYS]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [a311.sys]
WARNING: Virus alike driver modification [IPFLTDRV.SYS]
WARNING: Virus alike driver modification [QL10WNT.SYS]
WARNING: Virus alike driver modification [a310.sys]
WARNING: Virus alike driver modification [wa301a.sys]
WARNING: Virus alike driver modification [wa301b.sys]
WARNING: Virus alike driver modification [watv04nt.sys]
WARNING: Virus alike driver modification [RAWWAN.SYS]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [ATMUNI.SYS]
WARNING: Virus alike driver modification [ISAPNP.SYS]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [ULTRA.SYS]
WARNING: Virus alike driver modification [a313.sys]
WARNING: Virus alike driver modification [QL1080.SYS]
WARNING: Virus alike driver modification [QL1240.SYS]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [QL12160.SYS]
WARNING: Virus alike driver modification [a304.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [QL1280.SYS]
WARNING: Virus alike driver modification [TOSIDE.SYS]
WARNING: Virus alike driver modification [TOSDVD.SYS]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [ALIIDE.SYS]
WARNING: Virus alike driver modification [PERC2HIB.SYS]
WARNING: Virus alike driver modification [AIC78U2.SYS]
WARNING: Virus alike driver modification [NWLNKSPX.SYS]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [AIC78XX.SYS]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [VDMINDVD.SYS]
WARNING: Virus alike driver modification [DMLOAD.SYS]
WARNING: Virus alike driver modification [ROOTMDM.SYS]
WARNING: Virus alike driver modification [NWLNKNB.SYS]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [CMDIDE.SYS]
WARNING: Virus alike driver modification [EL90XBC5.SYS]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [CD20XRNT.SYS]
WARNING: Virus alike driver modification [MCD.SYS]
WARNING: Virus alike driver modification [drvmcdb.sys]
WARNING: Virus alike driver modification [slnthal.sys]

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:37 AM

Posted 04 November 2010 - 02:25 AM

Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Quiott

Quiott
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 04 November 2010 - 07:09 PM

Just a note when running Combofix and while it was restarting Windows This alert came catchme.cfxxe failed to initialize because windows is reloading.

Here is the log.

ComboFix 10-11-03.04 - Mary 11/04/2010 16:20:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.1 [GMT -7:00]
Running from: c:\documents and settings\Mary\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\bsx32.ini
c:\windows\system32\components
c:\windows\system32\comrepl.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))))
.

2010-11-04 06:23 . 2010-11-04 06:24 -------- d-----w- c:\documents and settings\Mary\.FamilySearchIndexing
2010-11-04 02:02 . 2010-11-04 02:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-11-04 00:38 . 2010-10-27 04:49 249856 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
2010-11-04 00:38 . 2010-10-27 06:10 912344 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2010-11-04 00:38 . 2010-10-27 06:09 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2010-11-04 00:38 . 2010-10-27 06:09 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2010-11-03 23:42 . 2010-11-03 23:42 -------- d-----w- c:\program files\FamilySearch Indexing
2010-11-02 08:25 . 2010-11-02 08:25 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-02 07:25 . 2010-11-02 07:32 -------- d-----w- c:\windows\system32\Adobe
2010-11-02 05:31 . 2010-11-02 05:31 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\Secunia PSI
2010-11-02 05:30 . 2010-11-02 05:30 -------- d-----w- c:\program files\Secunia
2010-11-02 05:24 . 2010-11-02 05:24 -------- d-----w- c:\program files\MSECache
2010-10-21 02:35 . 2010-11-04 23:42 -------- d-----w- c:\documents and settings\Mary\Application Data\Apple Computer
2010-10-21 02:33 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-21 02:33 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-21 02:30 . 2010-10-21 02:30 -------- d-----w- c:\program files\iPod
2010-10-21 02:30 . 2010-10-21 02:32 -------- d-----w- c:\program files\iTunes
2010-10-21 02:30 . 2010-10-21 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-21 02:28 . 2010-10-21 02:28 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-21 02:27 . 2010-10-21 02:28 -------- d-----w- c:\program files\QuickTime
2010-10-21 02:27 . 2010-10-21 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-10-21 02:26 . 2010-10-21 02:26 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\Apple
2010-10-21 02:26 . 2010-10-21 02:26 -------- d-----w- c:\program files\Apple Software Update
2010-10-21 02:24 . 2010-10-21 02:24 -------- d-----w- c:\program files\Bonjour
2010-10-21 02:24 . 2010-10-21 02:30 -------- d-----w- c:\program files\Common Files\Apple
2010-10-21 02:24 . 2010-10-21 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-21 02:23 . 2010-10-21 02:35 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\Apple Computer
2010-10-19 22:16 . 2010-10-19 22:16 -------- d--h--w- c:\windows\PIF
2010-10-19 17:07 . 2010-10-19 17:10 -------- d-----w- c:\documents and settings\Administrator
2010-10-19 16:51 . 2010-08-16 08:45 590848 ---h--w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-19 16:50 . 2010-09-18 06:53 974848 ---h--w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 16:50 . 2010-09-18 06:53 954368 ---h--w- c:\windows\system32\dllcache\mfc40.dll
2010-10-19 16:50 . 2010-09-18 06:53 953856 ---h--w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 16:46 . 2010-08-23 16:12 617472 ---h--w- c:\windows\system32\dllcache\comctl32.dll
2010-10-19 16:43 . 2010-08-26 13:39 357248 ---h--w- c:\windows\system32\dllcache\srv.sys
2010-10-19 16:37 . 2009-03-06 14:22 284160 ---h--w- c:\windows\system32\dllcache\pdh.dll
2010-10-19 16:37 . 2009-02-09 12:10 473600 ---h--w- c:\windows\system32\dllcache\fastprox.dll
2010-10-19 16:37 . 2009-02-09 12:10 401408 ---h--w- c:\windows\system32\dllcache\rpcss.dll
2010-10-19 16:37 . 2009-02-06 11:11 110592 ---h--w- c:\windows\system32\dllcache\services.exe
2010-10-19 16:37 . 2009-02-06 10:10 227840 ---h--w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-19 16:37 . 2009-02-09 12:10 453120 ---h--w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-19 16:37 . 2009-06-25 08:25 730112 ---h--w- c:\windows\system32\dllcache\lsasrv.dll
2010-10-19 16:37 . 2009-02-09 12:10 714752 ---h--w- c:\windows\system32\dllcache\ntdll.dll
2010-10-19 16:37 . 2009-02-09 12:10 617472 ---h--w- c:\windows\system32\dllcache\advapi32.dll
2010-10-19 16:37 . 2010-04-27 13:59 2146304 ---h--w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-19 16:37 . 2010-04-28 02:25 2189952 ---h--w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-19 16:37 . 2010-04-27 13:05 2024448 ---h--w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-19 16:34 . 2008-10-15 16:34 337408 ---h--w- c:\windows\system32\dllcache\netapi32.dll
2010-10-19 16:32 . 2008-06-13 11:05 272128 ---h--w- c:\windows\system32\dllcache\bthport.sys
2010-10-19 16:32 . 2008-05-08 14:02 203136 ---h--w- c:\windows\system32\dllcache\rmcast.sys
2010-10-19 15:50 . 2010-10-19 15:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-10-19 06:46 . 2010-10-19 06:46 -------- d--h--w- c:\windows\system32\scripting
2010-10-19 06:46 . 2010-10-19 06:46 -------- d--h--w- c:\windows\l2schemas
2010-10-19 06:46 . 2010-10-19 06:46 -------- d--h--w- c:\windows\system32\en
2010-10-19 05:38 . 2010-11-02 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-10-19 05:38 . 2010-10-19 05:38 -------- d-----w- c:\program files\NOS
2010-10-19 05:35 . 2010-10-19 05:33 73728 ---ha-w- c:\windows\system32\javacpl.cpl
2010-10-19 05:35 . 2010-10-19 05:33 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2010-10-19 05:03 . 2002-08-29 10:00 18944 ---ha-w- c:\windows\system32\simptcp.dll
2010-10-18 18:18 . 2010-10-18 18:18 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\PCHealth
2010-10-18 16:46 . 2010-09-10 05:58 602112 ---h--w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-18 16:46 . 2010-09-10 05:58 55296 ---h--w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-18 16:46 . 2010-09-10 05:58 12800 ---h--w- c:\windows\system32\dllcache\xpshims.dll
2010-10-18 16:46 . 2010-09-10 05:58 743424 ---h--w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-18 16:46 . 2010-09-10 05:58 247808 ---h--w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-18 16:46 . 2010-09-10 05:58 1986560 ---h--w- c:\windows\system32\dllcache\iertutil.dll
2010-10-18 16:46 . 2010-09-10 05:58 11080192 ---h--w- c:\windows\system32\dllcache\ieframe.dll
2010-10-18 16:30 . 2010-10-18 16:30 -------- d-sh--w- c:\documents and settings\Mary\IECompatCache
2010-10-18 16:30 . 2010-10-18 16:30 -------- d-sh--w- c:\documents and settings\Mary\PrivacIE
2010-10-18 15:36 . 2010-10-18 15:36 -------- d-sh--w- c:\documents and settings\Mary\IETldCache
2010-10-18 15:29 . 2010-10-18 15:32 -------- dc-h--w- c:\windows\ie8
2010-10-18 06:45 . 2010-10-18 06:45 -------- d-----w- C:\8ed07238fb215d438f377f6340bcfc
2010-10-18 06:10 . 2010-11-02 11:11 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\Temp
2010-10-18 02:24 . 2008-04-14 00:11 136192 ---h--w- c:\windows\system32\aaclient.dll
2010-10-18 02:23 . 2008-04-14 00:11 233472 ---h--w- c:\windows\system32\azroles.dll
2010-10-18 02:23 . 2008-04-14 00:11 7168 ---h--w- c:\windows\system32\bitsprx4.dll
2010-10-18 02:22 . 2008-04-14 00:11 12800 ---h--w- c:\windows\system32\credssp.dll
2010-10-18 02:20 . 2008-04-13 16:36 144384 ---h--w- c:\windows\system32\drivers\hdaudbus.sys
2010-10-18 02:19 . 2008-04-14 00:11 81920 ---h--w- c:\windows\system32\ieencode.dll
2010-10-18 02:19 . 2008-04-14 00:09 6144 ---h--w- c:\windows\system32\kbdbhc.dll
2010-10-18 02:19 . 2008-04-14 00:09 6144 ---h--w- c:\windows\system32\kbdiultn.dll
2010-10-18 02:19 . 2008-04-14 00:09 6144 ---h--w- c:\windows\system32\kbdnepr.dll
2010-10-18 02:19 . 2008-04-14 00:09 6144 ---h--w- c:\windows\system32\kbdpash.dll
2010-10-18 02:19 . 2008-04-14 00:11 61440 ---h--w- c:\windows\system32\kmsvc.dll
2010-10-18 02:19 . 2008-04-14 00:11 37376 ---h--w- c:\windows\system32\l2gpstore.dll
2010-10-18 02:17 . 2008-04-14 00:11 184320 ---h--w- c:\windows\system32\microsoft.managementconsole.dll
2010-10-18 02:17 . 2008-04-14 00:11 397312 ---h--w- c:\windows\system32\mmcex.dll
2010-10-18 02:17 . 2008-04-14 00:11 106496 ---h--w- c:\windows\system32\mmcfxcommon.dll
2010-10-18 02:17 . 2008-04-14 00:12 33792 ---h--w- c:\windows\system32\mmcperf.exe
2010-10-18 02:15 . 2008-04-14 00:12 155136 ---h--w- c:\windows\system32\mssha.dll
2010-10-18 02:15 . 2008-04-13 18:14 76800 ---h--w- c:\windows\system32\msshavmsg.dll
2010-10-18 02:15 . 2008-04-14 00:12 1306624 ---h--w- c:\windows\system32\dllcache\msxml6.dll
2010-10-18 02:15 . 2008-04-13 17:27 79872 ---ha-w- c:\windows\system32\msxml6r.dll
2010-10-18 02:15 . 2008-04-13 17:27 79872 ---h--w- c:\windows\system32\dllcache\msxml6r.dll
2010-10-18 02:15 . 2008-04-14 00:12 30208 ---h--w- c:\windows\system32\napipsec.dll
2010-10-18 02:15 . 2008-04-14 00:12 193024 ---h--w- c:\windows\system32\napmontr.dll
2010-10-18 02:15 . 2008-04-14 00:12 176640 ---h--w- c:\windows\system32\napstat.exe
2010-10-18 02:13 . 2008-04-14 00:12 144384 ---h--w- c:\windows\system32\onex.dll
2010-10-18 02:13 . 2008-04-14 00:12 150528 ---h--w- c:\windows\system32\qagent.dll
2010-10-18 02:13 . 2008-04-14 00:12 291328 ---h--w- c:\windows\system32\qagentrt.dll
2010-10-18 02:13 . 2008-04-14 00:12 62464 ---h--w- c:\windows\system32\qcliprov.dll
2010-10-18 02:12 . 2008-04-14 00:12 76800 ---h--w- c:\windows\system32\qutil.dll
2010-10-18 02:12 . 2008-04-14 00:12 61952 ---h--w- c:\windows\system32\rasqec.dll
2010-10-18 02:12 . 2008-04-14 00:12 290304 ---h--w- c:\windows\system32\rhttpaa.dll
2010-10-18 02:12 . 2008-04-14 00:12 32768 ---h--w- c:\windows\system32\setupn.exe
2010-10-18 02:12 . 2008-04-13 18:40 10240 ---h--w- c:\windows\system32\drivers\sffp_mmc.sys
2010-10-18 02:10 . 2008-04-14 00:12 53248 ---h--w- c:\windows\system32\tsgqec.dll
2010-10-18 02:10 . 2008-04-14 00:12 50688 ---h--w- c:\windows\system32\tspkg.dll
2010-10-18 02:09 . 2008-04-14 00:12 69120 ---h--w- c:\windows\system32\wlanapi.dll
2010-10-17 17:20 . 2010-10-17 17:20 -------- d-----w- c:\program files\CheckPoint
2010-10-17 17:20 . 2010-09-02 16:20 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-10-17 17:20 . 2010-09-02 16:20 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-10-17 17:20 . 2010-09-02 16:20 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-10-17 17:20 . 2010-10-17 17:21 -------- d-----w- c:\windows\system32\ZoneLabs
2010-10-17 17:19 . 2010-10-17 17:19 -------- d-----w- c:\program files\Zone Labs
2010-10-17 17:19 . 2010-11-04 23:03 -------- d-----w- c:\windows\Internet Logs
2010-10-17 17:12 . 2010-10-17 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-10-17 16:06 . 2010-10-17 16:06 -------- d-----w- c:\program files\CCleaner
2010-10-17 10:19 . 2010-02-24 13:11 455680 ---h--w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-17 10:18 . 2009-11-21 15:51 471552 ---h--w- c:\windows\system32\dllcache\aclayers.dll
2010-10-17 10:18 . 2010-06-14 14:31 744448 ---h--w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-17 08:01 . 2010-10-17 08:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-10-17 08:01 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-17 08:01 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-17 08:01 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2002-08-29 10:00 974848 ---ha-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-08-29 10:00 974848 ---ha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-29 10:00 954368 ---ha-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-29 10:00 953856 ---ha-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-06-18 05:49 916480 ---ha-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2002-08-29 10:00 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2002-08-29 10:00 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2002-08-29 10:00 285824 ---ha-w- c:\windows\system32\atmfd.dll
2010-09-01 08:30 . 2010-09-01 08:30 15544 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-08-31 13:42 . 2003-07-15 21:01 1852800 ---ha-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2002-08-29 10:00 119808 ---ha-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2002-08-29 10:00 99840 ---ha-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2002-08-29 10:00 357248 ---ha-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-14 19:59 5120 ---ha-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2002-08-29 10:00 617472 ---ha-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-06-10 23:55 58880 ---ha-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-04-19 15:55 590848 ---ha-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
[-] 2003-04-23 . E52B3B3F78C9AE85806CE49DCDD80C18 . 87296 . . [5.1.2600.1211] . . c:\windows\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[-] 2003-04-23 . E52B3B3F78C9AE85806CE49DCDD80C18 . 87296 . . [5.1.2600.1211] . . c:\windows\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[-] 2004-09-23 01:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-09-23 01:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\SYSTEM32\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{A0000BA0-97AD-43FB-8A05-3542C3AB99CD}\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Mary\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-9-29 1712696]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^OpenOffice.org 1.1.2.lnk]
path=c:\documents and settings\Mary\Start Menu\Programs\Startup\OpenOffice.org 1.1.2.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-17 08:01 136176 ----atw- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
2002-02-04 16:29 886272 ---ha-w- c:\windows\SYSTEM32\LXSUPMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [10/17/2010 1:01 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [10/17/2010 1:01 AM 17744]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/29/2002 3:00 AM 14336]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe --start-service --> c:\program files\Secunia\PSI\sua.exe --start-service [?]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/17/2010 1:01 AM 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 3:00 AM 14336]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 1:30 AM 15544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 08:01]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 08:01]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737454354-1932798780-2954916391-1008Core.job
- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-19 08:01]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737454354-1932798780-2954916391-1008UA.job
- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-19 08:01]

2004-04-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://server224.smartbotpro.net/7search/?new-hklm
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mary\Application Data\Mozilla\Firefox\Profiles\default.1pe\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\NOS\bin\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Dell Photo AIO Printer 922 - c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe
MSConfigStartUp-nmapp - c:\program files\Pure Networks\Network Magic\nmapp.exe
MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
MSConfigStartUp-REGSHAVE - c:\program files\REGSHAVE\REGSHAVE.EXE
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-TV Media - c:\program files\TV Media\Tvm.exe
MSConfigStartUp-WheelMouse - Amoumain.exe
AddRemove-EPSON Printer and Utilities - c:\program files\EPSON\PrinterDriverTemp\SC82\EPUPDATE.EXE
AddRemove-Shockwave - c:\windows\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-04 16:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2064)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-04 16:54:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-04 23:54

Pre-Run: 24,634,703,872 bytes free
Post-Run: 24,676,585,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 81A7B4CA74BB501BF3D1D2880A337E92

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:37 AM

Posted 05 November 2010 - 05:57 AM

How is the PC doing?

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Quiott

Quiott
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 09 November 2010 - 05:12 PM

seemes pretty good just some little things that seem messed up with windows itself or how it's displayed. Right now if you do save or save as there there is where My Computer sits usually on the left (along with My Documents etc)just a blank space and it is not clickable the My Documents is fine along with the others. Not sure if that has any bearing with my security or anything

Thanks,
Quiott

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:37 AM

Posted 10 November 2010 - 04:55 AM

Hi,

do you mean the layout has changed, or is it only the "My Documents" that have changed?

If it is the layout, then this is a change done by ComboFix that will be undone once we uninstall it.

Please run a scan with Kaspersky for leftovers:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users