Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware harvested address book, gmer shuts down


  • This topic is locked This topic is locked
20 replies to this topic

#1 mwarrior

mwarrior

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 23 February 2011 - 05:15 AM

Sometime last night malware sent emails with links to malicious sites to everyone in my address book. My cousin, a computer guy, alerted me that I must have been hacked: "Just FYI, I checked it out, and that link will totally hack a windows PC. It contains some type of Win32 dropper. Do NOT visit it (unless you're using Linux or something like that). One more thing - that email was sent by someone in the Czech Republic (101.66.broadband7.iol.cz [88.102.66.101]) ."

I just recently restored my computer. I had a heck of a time updating windows and installing Commodo Internet Security (firewall and virus). A few times while surfing I get a pop up that says it found a bug in the commodo internet security, it needs to close, and to send a report. When I check in my tray, commodo is still running. When I try to send the report, it always fails. It says to go to some place on my hard drive and send the log in an email. That place does not exist on my hard drive. (I have hidden files showing.)

One of the last things I installed was a firefox addon that translates highlighted text to English, so maybe that's the culprit. I also installed Lightroom presets from Matt Kloskowski of Lightroom Killer Tips or recommended by him.

After my cousin's email, I started going through the Preparation Guide here. I was able to download and run DDS. When I tried to move dds from my downloads folder to my desktop, it didn't show up on my desktop! However, when I looked at it in the tree format hierarchy folder view (I hope that makes sense), it was there. I clicked it from there. I'll paste that log below.

Whenever gmer was running I decided to switch off my wireless antenna so that no internet connection would be open. I *immediately* got the blue screen of death and the computer restarted. I'm sorry. It happened so fast that I don't remember exactly what it said. I chose to boot into safe mode and scan from there. Gmer wasn't able to do a full scan, but it did some kind of scan and said everything was fine. Malwarebytes scanned and said everything was fine. I rebooted normally and ran gmer. I could see DDS now on the desktop. Gmer was scanning and on something called Shadowdisk when I got a pop up that said something caused it to stop working and it had to close.

I'm sure it's unrelated: my control key quit working.

Thank you for your help.



DDS (Ver_10-12-12.02) - NTFSx86
Run by Marcy at 0:20:43.10 on Wed 02/23/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.813 [GMT -6:00]

AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Users\Marcy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [EPSON NX300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieja.exe /fu "c:\windows\temp\E_SDBFC.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\marcy\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: {0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} = 156.154.70.22,156.154.71.22
TCP: {D2DC0B68-5A58-4833-8649-A675F738D88A} = 156.154.70.22,156.154.71.22
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\marcy\appdata\roaming\mozilla\firefox\profiles\ru9rf1qf.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

============= SERVICES / DRIVERS ===============

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 17256]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 34744]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-2-6 20384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2011-2-6 954368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-12 21:15:42 -------- d-----w- c:\program files\Defraggler
2011-02-12 21:11:21 -------- d-----w- c:\program files\CCleaner
2011-02-10 13:26:04 -------- d-----w- c:\program files\Windows Portable Devices
2011-02-10 13:23:43 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-02-10 13:23:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-10 13:23:39 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-10 13:23:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-02-10 13:21:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-02-10 13:21:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-02-10 13:21:04 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-02-09 08:43:54 -------- d-----w- c:\program files\ZipGenius 6
2011-02-09 01:03:12 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 01:03:06 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 01:03:05 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 01:03:04 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 01:03:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-09 01:01:59 834048 ----a-w- c:\windows\system32\wininet.dll
2011-02-09 01:01:58 389632 ----a-w- c:\windows\system32\html.iec
2011-02-09 01:01:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-09 01:01:36 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 01:01:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 01:01:00 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-02-08 14:39:53 -------- d-----w- c:\users\marcy\appdata\roaming\Malwarebytes
2011-02-08 14:39:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 14:39:33 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-08 14:39:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 14:39:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 08:06:16 -------- d-----w- c:\users\marcy\appdata\local\Apple Computer
2011-02-08 08:04:37 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-08 08:04:37 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-08 08:03:25 -------- d-----w- c:\program files\iPod
2011-02-08 08:03:22 -------- d-----w- c:\program files\iTunes
2011-02-08 08:03:22 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-08 08:00:24 -------- d-----w- c:\users\marcy\appdata\local\Apple
2011-02-08 07:56:16 -------- d-----w- c:\program files\Bonjour
2011-02-08 01:41:51 -------- d-----w- c:\windows\system32\eu-ES
2011-02-08 01:41:51 -------- d-----w- c:\windows\system32\ca-ES
2011-02-08 01:41:49 -------- d-----w- c:\windows\system32\vi-VN
2011-02-08 01:13:03 -------- d-----w- c:\windows\system32\EventProviders
2011-02-08 01:09:41 -------- d--h--w- C:\VritualRoot
2011-02-08 00:14:59 758784 ----a-w- c:\windows\system32\qmgr.dll
2011-02-08 00:13:51 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-02-08 00:03:23 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-08 00:03:23 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-02-08 00:03:23 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-08 00:03:16 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-02-08 00:03:11 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-08 00:03:11 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-08 00:03:11 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-08 00:03:11 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-08 00:03:11 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-08 00:03:07 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-07 23:20:28 -------- d-----w- c:\program files\COMODO
2011-02-07 22:12:23 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-02-07 22:06:37 116472 ------w- c:\windows\system32\pxcpyi64.exe
2011-02-07 22:06:36 129784 ------w- c:\windows\system32\pxafs.dll
2011-02-07 22:06:36 118520 ------w- c:\windows\system32\pxinsi64.exe
2011-02-07 21:40:12 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2011-02-07 21:39:13 -------- d-----w- c:\progra~2\UDL
2011-02-07 21:38:37 -------- d-----w- c:\program files\Epson Software
2011-02-07 21:34:34 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-02-07 21:34:33 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-02-07 21:34:33 51360 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-02-07 21:34:33 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-02-07 21:34:32 51360 ----a-w- c:\windows\system32\EpPicMgr.dll
2011-02-07 21:32:33 86528 ----a-w- c:\windows\system32\E_FLBEJA.DLL
2011-02-07 21:32:29 78848 ----a-w- c:\windows\system32\E_FD4BEJA.DLL
2011-02-07 21:32:10 -------- d-----w- c:\progra~2\EPSON
2011-02-07 21:30:47 71680 ----a-w- c:\windows\system32\escwiad.dll
2011-02-07 21:30:32 -------- d-----w- c:\program files\epson
2011-02-07 14:40:29 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-02-07 09:08:46 -------- d-----w- c:\users\marcy\appdata\roaming\OpenOffice.org
2011-02-07 09:02:36 -------- d-----w- c:\program files\OpenOffice.org 3
2011-02-07 07:24:36 -------- d-----w- c:\users\marcy\appdata\local\Adobe
2011-02-07 07:23:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-07 07:23:58 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-07 07:16:50 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-07 07:16:50 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-07 07:16:50 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-07 07:16:50 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-07 07:16:50 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-07 06:56:24 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-02-07 06:49:50 -------- d-----w- c:\users\marcy\appdata\local\Microsoft Games
2011-02-07 06:29:12 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-02-07 05:03:38 -------- d-----w- C:\DOCS
2011-02-07 05:00:06 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-02-07 05:00:06 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-02-07 05:00:05 274944 ----a-w- c:\windows\system32\schannel.dll
2011-02-07 04:59:54 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-07 04:59:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-07 04:59:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-07 04:59:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-07 04:59:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-02-07 04:59:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-07 04:59:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-07 04:59:53 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-07 04:59:37 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-02-07 04:59:35 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-02-07 04:59:18 -------- d-----w- c:\program files\common files\Toshiba Shared
2011-02-07 04:58:41 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-02-07 04:58:41 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-02-07 04:58:41 2048 ----a-w- c:\windows\system32\mferror.dll
2011-02-07 04:58:03 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-07 04:56:50 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-02-07 04:55:59 502272 ----a-w- c:\windows\system32\usp10.dll
2011-02-07 04:55:58 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-02-07 04:55:56 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-07 04:55:52 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-02-07 04:55:52 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-02-07 04:55:52 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-02-07 04:55:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-07 04:55:44 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-07 04:55:44 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-02-07 04:54:39 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-07 04:53:56 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-07 04:53:56 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-07 04:53:56 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-07 04:53:55 471552 ----a-w- c:\windows\system32\secproc.dll
2011-02-07 04:53:55 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-07 04:53:55 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-07 04:53:55 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-02-07 04:53:55 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-07 04:53:55 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-07 04:52:38 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2011-02-07 04:52:30 -------- d-----w- c:\program files\Jumpstart
2011-02-07 04:50:45 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2011-02-07 04:50:45 53248 ----a-w- c:\windows\system32\athihvui.dll
2011-02-07 04:50:45 516096 ----a-w- c:\windows\system32\S64CPA.exe
2011-02-07 04:50:45 -------- d-----w- c:\windows\system32\nn-NO
2011-02-07 04:50:44 393216 ----a-w- c:\windows\system32\athihvs.dll
2011-02-07 04:50:24 -------- d-----w- c:\program files\Cisco
2011-02-07 04:50:24 -------- d-----w- c:\program files\Atheros
2011-02-07 04:50:20 -------- d-----w- c:\progra~2\Atheros
2011-02-07 04:48:41 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-07 04:48:39 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-07 04:48:39 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-07 04:46:58 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-02-07 04:46:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-07 04:46:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-02-07 04:46:52 243712 ----a-w- c:\windows\system32\rastls.dll
2011-02-07 04:45:33 -------- d-----w- c:\windows\system32\ENU
2011-02-07 04:45:32 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2011-02-07 04:45:26 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-02-07 04:43:55 77824 ----a-w- c:\windows\system32\tosmreg.exe
2011-02-07 04:43:55 491520 ----a-w- c:\windows\system32\cselect.exe
2011-02-07 04:43:55 45056 ----a-w- c:\windows\system32\csellang.dll
2011-02-07 04:43:54 -------- d-----w- c:\program files\ltmoh
2011-02-07 04:43:22 -------- d-----w- c:\windows\Options
2011-02-07 04:43:16 -------- d-----w- c:\progra~2\Comodo
2011-02-07 04:43:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-07 04:43:12 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-02-07 04:43:12 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-02-07 04:42:07 -------- d-----w- c:\windows\system32\RTCOM
2011-02-07 04:38:47 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-02-07 04:38:47 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-02-07 04:38:47 -------- d-----w- c:\windows\system32\Lang
2011-02-07 04:34:19 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-02-07 04:34:09 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-02-07 04:34:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-02-07 04:34:02 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-02-07 04:26:07 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-07 04:20:41 -------- d-----w- c:\users\marcy\appdata\local\Toshiba
2011-02-07 04:20:35 -------- d-----w- c:\users\marcy\appdata\local\Google
2011-02-07 04:20:32 -------- d-----w- c:\users\marcy\appdata\roaming\Symantec
2011-02-07 04:20:02 -------- d-----w- c:\users\marcy\appdata\local\VirtualStore
2011-02-07 04:20:01 17 --sh--r- c:\windows\system32\drivers\fbd.sys

==================== Find3M ====================

2011-02-07 04:41:32 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-02-07 04:41:30 315392 ----a-w- c:\windows\HideWin.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-29 07:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 0:23:26.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 PM

Posted 28 February 2011 - 10:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mwarrior

mwarrior
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 28 February 2011 - 02:48 PM

Hello Gringo, Thank you very much for your help.

Should I reinstall via the partition back to factory defaults? Can I ever trust this computer again, like to do

taxes or banking? I'm really concerned since Malwarebytes didn't catch anything? Also, should I have AVG as well

as Comodo AV (in the Firewall pkg)?

I forgot to include this last time. A Windows screen comes up when the computer has been idle for long periods

even though the box is not checked in the personalize > screen saver area

After I type my password, the computer freezes for awhile. I once clicked off the internet (by turning off my

wireless), and the computer was immediately available.


Many times when I get on my computer first thing in the morning, I get this report:

Ooops! You have have just found a bug in Comodo Internet Security. It needs to close. We are sorry for the

inconvenience.

Please tell us about this problem to improve our software. We have created an error report that you can send to

us. We will treat this report as confidential and anonymous. Describe what you were doing when the error occurred

(optional).

I clicked through to see the info:

Crash.dmp Crash Dump DMP File 22kb

0x00000000: 504d444d 6071a793 00000008 00000020 MDMP..q`.... ...
0x00000010: 00000000 4d66a192 00000000 00000000 ......fM........
0x00000020: 00000003 00000064 0000018c 00000004 ....d...........
0x00000030: 00001294 000001fc 00000005 00000044 ............D...
0x00000040: 000030c4 00000006 000000a8 000000e4 .0..............
0x00000050: 00000007 00000038 00000080 0000000f ....8...........
0x00000060: 0000002c 000000b8 00000000 00000000 ,...............
0x00000070: 00000000 00000000 00000000 00000000 ................
0x00000080: 00060000 01010f0d 00000006 00000000 ................
0x00000090: 00001772 00000002 00001490 00000300 r...............
0x000000a0: 756e6547 49656e69 6c65746e 000006fd GenuineIntel....
0x000000b0: afebfbff 71bb2ecd 0000002c 00000007 .......q,.......
0x000000c0: 00000a5c 4d66a190 00000000 00000000 \.....fM........
0x000000d0: 00000871 00000871 00000871 00000002 q...q...q.......
0x000000e0: 00000002 00000e08 00000000 c0000005 ................
0x000000f0: 00000000 00000000 00000000 71bd203e ............> .q
0x00000100: 00000000 00000002 00000000 00000000 ................
0x00000110: 00000000 70c80014 00000000 0001003f .......p....?...
0x00000120: 00000000 00000000 00000000 00000000 ................
0x00000130: 00000000 00000000 00000000 00000000 ................
0x00000140: 00000000 00000000 00000000 00000000 ................
0x00000150: 00000000 ffff027f ffffffff ffff0020 ............ ...
0x00000160: ffffffff ffffffff ffffffff 004ab06c ............l.J.
0x00000170: 00000000 0159001b 00000000 00627ed4 ......Y......~b.
0x00000180: 00000000 000002cc 00002208 00000002 ........."......
0x00000190: 00000e08 00000000 00000020 00000000 ........ .......
0x000001a0: 7ffdf000 00000000 0012dbc8 00000000 ................
0x000001b0: 00002438 00003308 000002cc 000024d4 8$...3.......$..
0x000001c0: 00000128 00000000 00000020 00000000 (....... .......
0x000001d0: 7ffdd000 00000000 0243fe2c 00000000 ........,.C.....
0x000001e0: 000001d4 00005740 000002cc 000027a0 ....@W.......'..
0x000001f0: 00000000 00000000 00000000 0000002c ............,...
0x00000200: 00400000 00000000 002b8000 002b180a ..@.......+...+.
0x00000210: 4d1a8a2a 000014b2 feef04bd 00010000 *..M............
0x00000220: 00050003 aa1e04c0 00050003 aa1e04c0 ................
0x00000230: 0000003f 00000000 00000004 00000001 ?...............
0x00000240: 00000000 00000000 00000000 00000059 ............Y...
0x00000250: 00002a6c 00000000 00000000 00000000 l*..............
0x00000260: 00000000 00000000 00000000 76ec0000 ...............v
0x00000270: 00000000 00128000 0012f237 4cb73436 ........7...64.L
0x00000280: 00001532 feef04bd 00010000 00060000 2...............
0x00000290: 17724797 00060000 17724797 0000003f .Gr......Gr.?...
0x000002a0: 00000000 00040004 00000002 00000000 ................
0x000002b0: 00000000 00000000 00000022 00002ac5 ........"....*..
0x000002c0: 00000000 00000000 00000000 00000000 ................
0x000002d0: 00000000 00000000 76de0000 00000000 ...........v....
0x000002e0: 000dc000 000dbe01 49e037dd 00001572 .........7.Ir...
0x000002f0: feef04bd 00010000 00060000 17724655 ............UFr.
0x00000300: 00060000 17724655 0000003f 00000000 ....UFr.?.......
0x00000310: 00040004 00000002 00000000 00000000 ................
0x00000320: 00000000 00000025 00002ae7 00000000 ....%....*......
0x00000330: 00000000 00000000 00000000 00000000 ................
0x00000340: 00000000 76cf0000 00000000 0009d000 .......v........
0x00000350: 000a7bc2 49e0380e 000015b8 feef04bd .{...8.I........
0x00000360: 00010000 00060000 17724655 00060000 ........UFr.....
0x00000370: 17724655 0000003f 00000000 00040004 UFr.?...........
0x00000380: 00000002 00000000 00000000 00000000 ................
0x00000390: 00000023 00002b0c 00000000 00000000 #....+..........
0x000003a0: 00000000 00000000 00000000 00000000 ................
0x000003b0: 75cb0000 00000000 0004b000 00056c31 ...u........1l..
0x000003c0: 49e03728 000015fa feef04bd 00010000 (7.I............
0x000003d0: 00060000 17724655 00060000 17724655 ....UFr.....UFr.
0x000003e0: 0000003f 00000000 00040004 00000002 ?...............
0x000003f0: 00000000 00000000 00000000 00000022 ............"...
0x00000400: 00002b2f 00000000 00000000 00000000 /+..............
0x00000410: 00000000 00000000 00000000 77030000 ...............w
0x00000420: 00000000 000c6000 000c9b73 49e03717 .....`..s....7.I
0x00000430: 0000163a feef04bd 00010000 00060000 :...............
0x00000440: 17724655 00060000 17724655 0000003f UFr.....UFr.?...
0x00000450: 00000000 00040004 00000002 00000000 ................
0x00000460: 00000000 00000000 00000025 00002b51 ........%...Q+..
0x00000470: 00000000 00000000 00000000 00000000 ................
0x00000480: 00000000 00000000 75f40000 00000000 ...........u....
0x00000490: 000c3000 000c0b7d 49f05bcc 00001680 .0..}....[.I....
0x000004a0: feef04bd 00010000 00060000 17724668 ............hFr.
0x000004b0: 00060000 17724668 0000003f 00000000 ....hFr.?.......
0x000004c0: 00040004 00000002 00000000 00000000 ................
0x000004d0: 00000000 00000023 00002b76 00000000 ....#...v+......
0x000004e0: 00000000 00000000 00000000 00000000 ................
0x000004f0: 00000000 76bc0000 00000000 00073000 .......v.....0..
0x00000500: 00076549 49e03809 000016c2 feef04bd Ie...8.I........
0x00000510: 00010000 00060000 17724655 00060000 ........UFr.....
0x00000520: 17724655 0000003f 00000000 00040004 UFr.?...........
0x00000530: 00000002 00000000 00000000 00000000 ................
0x00000540: 00000025 00002b99 00000000 00000000 %....+..........
0x00000550: 00000000 00000000 00000000 00000000 ................
0x00000560: 76c40000 00000000 000aa000 000b2bf2 ...v.........+..
0x00000570: 49e0379e 00001708 feef04bd 00010000 .7.I............
0x00000580: 00070000 17724655 00060001 21be4655 ....UFr.....UF.!
0x00000590: 0000003f 00000000 00040004 00000001 ?...............
0x000005a0: 00000000 00000000 00000000 00000023 ............#...
0x000005b0: 00002bbe 00000000 00000000 00000000 .+..............
0x000005c0: 00000000 00000000 00000000 75c50000 ...............u
0x000005d0: 00000000 00059000 0006506c 4d39b5cc ........lP....9M
0x000005e0: 0000174a feef04bd 00010000 00060000 J...............
0x000005f0: 177247d9 00060000 177247d9 0000003f .Gr......Gr.?...
0x00000600: 00000000 00040004 00000002 00000000 ................
0x00000610: 00000000 00000000 00000024 00002be1 ........$....+..
0x00000620: 00000000 00000000 00000000 00000000 ................
0x00000630: 00000000 00000000 746f0000 00000000 ..........ot....
0x00000640: 0019e000 0019f971 4c7d2463 0000178e ....q...c$}L....
0x00000650: feef04bd 00010000 0006000a 17724781 .............Gr.
0x00000660: 00060000 17724781 0000003f 00000000 .....Gr.?.......
0x00000670: 00040004 00000002 00000000 00000000 ................
0x00000680: 00000000 00000025 00002c05 00000000 ....%....,......
0x00000690: 00000000 00000000 00000000 00000000 ................
0x000006a0: 00000000 760a0000 00000000 00b11000 .......v........
0x000006b0: 00b19e00 4d39b5c7 00001888 feef04bd ......9M........
0x000006c0: 00010000 00060000 177247d9 00060000 .........Gr.....
0x000006d0: 177247d9 0000003f 00000000 00040004 .Gr.?...........
0x000006e0: 00000002 00000000 00000000 00000000 ................
0x000006f0: 00000024 00002c2a 00000000 00000000 $...*,..........
0x00000700: 00000000 00000000 00000000 00000000 ................
0x00000710: 71880000 00000000 00042000 00046620 ...q..... .. f..
0x00000720: 4d385e1e 000018cc feef04bd 00010000 .^8M............
0x00000730: 00060000 177247d8 00060000 177247d8 .....Gr......Gr.
0x00000740: 0000003f 00000000 00040004 00000003 ?...............
0x00000750: 00000001 00000000 00000000 00000025 ............%...
0x00000760: 00002c4e 00000000 00000000 00000000 N,..............
0x00000770: 00000000 00000000 00000000 69e20000 ...............i
0x00000780: 00000000 0001c000 0001d905 4791a753 ............S..G
0x00000790: 00001912 feef04bd 00010000 00060000 ................
0x000007a0: 17714650 00060000 17714650 0000003f PFq.....PFq.?...
0x000007b0: 00000000 00040004 00000002 00000000 ................
0x000007c0: 00000000 00000000 00000023 00002c73 ........#...s,..
0x000007d0: 00000000 00000000 00000000 00000000 ................
0x000007e0: 00000000 00000000 75900000 00000000 ...........u....
0x000007f0: 00145000 0014fcdf 4c28d53e 00001954 .P......>.(LT...
0x00000800: feef04bd 00010000 00060000 17724765 ............eGr.
0x00000810: 00060000 17724765 0000003f 00000000 ....eGr.?.......
0x00000820: 00040004 00000002 00000000 00000000 ................
0x00000830: 00000000 00000022 00002c96 00000000 ...."....,......
0x00000840: 00000000 00000000 00000000 00000000 ................
0x00000850: 00000000 75740000 00000000 0008d000 ......tu........
0x00000860: 00095471 49e037da 00001994 feef04bd qT...7.I........
0x00000870: 00010000 00060000 17724655 00060000 ........UFr.....
0x00000880: 17724655 0000003f 00000000 00040004 UFr.?...........
0x00000890: 00000002 00000000 00000000 00000000 ................
0x000008a0: 00000025 00002cb8 00000000 00000000 %....,..........
0x000008b0: 00000000 00000000 00000000 00000000 ................
0x000008c0: 71bb0000 00000000 000dc000 000cc71f ...q............
0x000008d0: 4791a665 000019da feef04bd 00010000 e..G............
0x000008e0: 00060000 17714650 00060000 17714650 ....PFq.....PFq.
0x000008f0: 0000003f 00000000 00040004 00000002 ?...............
0x00000900: 00000000 00000000 00000000 00000024 ............$...
0x00000910: 00002cdd 00000000 00000000 00000000 .,..............
0x00000920: 00000000 00000000 00000000 75590000 ..............Yu
0x00000930: 00000000 00007000 00011cc7 4549bcd0 .....p........IE
0x00000940: 00001a1e feef04bd 00010000 00060000 ................
0x00000950: 17704002 00060000 17704002 0000003f .@p......@p.?...
0x00000960: 00000000 00040004 00000002 00000000 ................
0x00000970: 00000000 00000000 00000023 00002d01 ........#....-..
0x00000980: 00000000 00000000 00000000 00000000 ................
0x00000990: 00000000 00000000 76ff0000 00000000 ...........v....
0x000009a0: 00029000 0002ba6f 4791a709 00001a60 ....o......G`...
0x000009b0: feef04bd 00010000 00060000 17714650 ............PFq.
0x000009c0: 00060000 17714650 0000003f 00000000 ....PFq.?.......
0x000009d0: 00040004 00000002 00000000 00000000 ................
0x000009e0: 00000000 00000025 00002d24 00000000 ....%...$-......
0x000009f0: 00000000 00000000 00000000 00000000 ................
0x00000a00: 00000000 75050000 00000000 000f2000 .......u..... ..
0x00000a10: 000f3209 49e03824 00001aa6 feef04bd .2..$8.I........
0x00000a20: 00010000 00060000 17724655 00060000 ........UFr.....
0x00000a30: 17724655 0000003f 00000000 00040004 UFr.?...........
0x00000a40: 00000002 00000000 00000000 00000000 ................
0x00000a50: 00000024 00002d49 00000000 00000000 $...I-..........
0x00000a60: 00000000 00000000 00000000 00000000 ................
0x00000a70: 751b0000 00000000 00012000 0001a021 ...u..... ..!...
0x00000a80: 4aa0fd15 00001aea feef04bd 00010000 ...J............
0x00000a90: 00060000 177246ba 00060000 177246ba .....Fr......Fr.
0x00000aa0: 0000003f 00000000 00040004 00000002 ?...............
0x00000ab0: 00000000 00000000 00000000 00000023 ............#...
0x00000ac0: 00002d6d 00000000 00000000 00000000 m-..............
0x00000ad0: 00000000 00000000 00000000 755d0000 ..............]u
0x00000ae0: 00000000 0001e000 000292a0 49e03810 .............8.I
0x00000af0: 00001b2c feef04bd 00010000 00060000 ,...............
0x00000b00: 17724655 00060000 17724655 0000003f UFr.....UFr.?...
0x00000b10: 00000000 00040004 00000001 00000000 ................
0x00000b20: 00000000 00000000 00000024 00002d90 ........$....-..
0x00000b30: 00000000 00000000 00000000 00000000 ................
0x00000b40: 00000000 00000000 755b0000 00000000 ..........[u....
0x00000b50: 00014000 00020fd0 4a366084 00001b70 .@.......`6Jp...
0x00000b60: feef04bd 00010000 00060000 17724683 .............Fr.
0x00000b70: 00060000 17724683 0000003f 00000000 .....Fr.?.......
0x00000b80: 00040004 00000002 00000000 00000000 ................
0x00000b90: 00000000 00000024 00002db4 00000000 ....$....-......
0x00000ba0: 00000000 00000000 00000000 00000000 ................
0x00000bb0: 00000000 71b80000 00000000 0002d000 .......q........
0x00000bc0: 00039fcd 4b320061 00001bb4 feef04bd ....a.2K........
0x00000bd0: 00010000 00060000 177246f9 00060000 .........Fr.....
0x00000be0: 177246f9 0000003f 00000000 00040004 .Fr.?...........
0x00000bf0: 00000002 00000000 00000000 00000000 ................
0x00000c00: 00000025 00002dd8 00000000 00000000 %....-..........
0x00000c10: 00000000 00000000 00000000 00000000 ................
0x00000c20: 71950000 00000000 00227000 0023111e ...q.....p"...#.
0x00000c30: 49e037d3 00001bfa feef04bd 00010000 .7.I............
0x00000c40: 00040005 17724655 00040005 17724655 ....UFr.....UFr.
0x00000c50: 0000003f 00000008 00040004 00000002 ?...............
0x00000c60: 00000000 00000000 00000000 00000020 ............ ...
0x00000c70: 00002dfd 00000000 00000000 00000000 .-..............
0x00000c80: 00000000 00000000 00000000 71910000 ...............q
0x00000c90: 00000000 00032000 000322ef 49e03856 ..... ..."..V8.I
0x00000ca0: 00001c36 feef04bd 00010000 00060000 6...............
0x00000cb0: 17724655 00060000 17724655 0000003f UFr.....UFr.?...
0x00000cc0: 00000000 00040004 00000002 00000000 ................
0x00000cd0: 00000000 00000000 00000022 00002e1d ........".......
0x00000ce0: 00000000 00000000 00000000 00000000 ................
0x00000cf0: 00000000 00000000 718d0000 00000000 ...........q....
0x00000d00: 0003d000 00045dd4 4ace54b1 00001c76 .....]...T.Jv...
0x00000d10: feef04bd 00010000 00070000 177246eb .............Fr.
0x00000d20: 00060000 177246eb 0000003f 00000008 .....Fr.?.......
0x00000d30: 00040004 00000002 00000000 00000000 ................
0x00000d40: 00000000 00000023 00002e3f 00000000 ....#...?.......
0x00000d50: 00000000 00000000 00000000 00000000 ................
0x00000d60: 00000000 75d00000 00000000 0002d000 .......u........
0x00000d70: 0002e055 4791a798 00001cb8 feef04bd U......G........
0x00000d80: 00010000 00060000 17714650 00060000 ........PFq.....
0x00000d90: 17714650 0000003f 00000000 00040004 PFq.?...........
0x00000da0: 00000002 00000000 00000000 00000000 ................
0x00000db0: 00000023 00002e62 00000000 00000000 #...b...........
0x00000dc0: 00000000 00000000 00000000 00000000 ................
0x00000dd0: 77020000 00000000 00006000 000074ae ...w.....`...t..
0x00000de0: 4791a7a4 00001cfa feef04bd 00010000 ...G............
0x00000df0: 00060000 17714650 00060000 17714650 ....PFq.....PFq.
0x00000e00: 0000003f 00000000 00040004 00000003 ?...............
0x00000e10: 00000006 00000000 00000000 00000020 ............ ...
0x00000e20: 00002e85 00000000 00000000 00000000 ................
0x00000e30: 00000000 00000000 00000000 75150000 ...............u
0x00000e40: 00000000 00014000 0001ac44 49e0375d .....@..D...]7.I
0x00000e50: 00001d36 feef04bd 00010000 00060000 6...............
0x00000e60: 17724655 00060000 17724655 0000003f UFr.....UFr.?...
0x00000e70: 00000000 00040004 00000002 00000000 ................
0x00000e80: 00000000 00000000 00000020 00002ea5 ........ .......
0x00000e90: 00000000 00000000 00000000 00000000 ................
0x00000ea0: 00000000 00000000 71380000 00000000 ..........8q....
0x00000eb0: 001ab000 001b926e 49e036f1 00001d72 ....n....6.Ir...
0x00000ec0: feef04bd 00010000 00050002 17724655 ............UFr.
0x00000ed0: 00050002 17724655 0000003f 00000000 ....UFr.?.......
0x00000ee0: 00040004 00000002 00000000 00000000 ................
0x00000ef0: 00000000 00000024 00002ec5 00000000 ....$...........
0x00000f00: 00000000 00000000 00000000 00000000 ................
0x00000f10: 00000000 75b70000 00000000 000d1000 .......u........
0x00000f20: 000cd2db 4d0f8644 00001e5a feef04bd ....D..MZ.......
0x00000f30: 00010000 00070000 177247b5 00070000 .........Gr.....
0x00000f40: 177247b5 0000003f 00000000 00040004 .Gr.?...........
0x00000f50: 00000002 00000000 00000000 00000000 ................
0x00000f60: 00000024 00002ee9 00000000 00000000 $...............
0x00000f70: 00000000 00000000 00000000 00000000 ................
0x00000f80: 75730000 00000000 00003000 0000c7ad ..su.....0......
0x00000f90: 4549ad42 00001e9e feef04bd 00010000 B.IE............
0x00000fa0: 00060000 17704002 00060000 17704002 .....@p......@p.
0x00000fb0: 0000003f 00000000 00040004 00000002 ?...............
0x00000fc0: 00000000 00000000 00000000 00000025 ............%...
0x00000fd0: 00002f0d 00000000 00000000 00000000 ./..............
0x00000fe0: 00000000 00000000 00000000 76d90000 ...............v
0x00000ff0: 00000000 00045000 0004b2d6 49e03758 .....P......X7.I
0x00001000: 00001ee4 feef04bd 00010000 00070000 ................
0x00001010: 17724655 00070000 17724655 0000003f UFr.....UFr.?...
0x00001020: 00000000 00040004 00000002 00000000 ................
0x00001030: 00000000 00000000 00000025 00002f32 ........%...2/..
0x00001040: 00000000 00000000 00000000 00000000 ................
0x00001050: 00000000 00000000 77100000 00000000 ...........w....
0x00001060: 0001e000 00028c67 49e0378e 00001f2a ....g....7.I*...
0x00001070: feef04bd 00010000 00060000 17724655 ............UFr.
0x00001080: 00060000 17724655 0000003f 00000000 ....UFr.?.......
0x00001090: 00040004 00000002 00000000 00000000 ................
0x000010a0: 00000000 00000022 00002f57 00000000 ...."...W/......
0x000010b0: 00000000 00000000 00000000 00000000 ................
0x000010c0: 00000000 75a50000 00000000 000c8000 .......u........
0x000010d0: 000c9534 49e03793 00001f6a feef04bd 4....7.Ij.......
0x000010e0: 00010000 00060000 17724655 00060000 ........UFr.....
0x000010f0: 17724655 0000003f 00000000 00040004 UFr.?...........
0x00001100: 00000002 00000000 00000000 00000000 ................
0x00001110: 00000022 00002f79 00000000 00000000 "...y/..........
0x00001120: 00000000 00000000 00000000 00000000 ................
0x00001130: 75720000 00000000 00009000 0000e857 ..ru........W...
0x00001140: 4a36603f 00001faa feef04bd 00010000 ?`6J............
0x00001150: 00060000 17724683 00060000 17724683 .....Fr......Fr.
0x00001160: 0000003f 00000000 00040004 00000002 ?...............
0x00001170: 00000000 00000000 00000000 00000020 ............ ...
0x00001180: 00002f9b 00000000 00000000 00000000 ./..............
0x00001190: 00000000 00000000 00000000 75ec0000 ...............u
0x000011a0: 00000000 0007d000 0008a5c6 4bc89484 ...............K
0x000011b0: 00001fe6 feef04bd 00010000 00010272 ............r...
0x000011c0: 17724744 00010272 17724744 0000003f DGr.r...DGr.?...
0x000011d0: 00000000 00040004 00000002 00000000 ................
0x000011e0: 00000000 00000000 00000022 00002fbb ........"..../..
0x000011f0: 00000000 00000000 00000000 00000000 ................
0x00001200: 00000000 00000000 10000000 00000000 ................
0x00001210: 00048000 000533b9 4d1a8a4f 00002026 .....3..O..M& ..
0x00001220: feef04bd 00010000 00050003 aa1e04c0 ................
0x00001230: 00050003 aa1e04c0 0000003f 00000000 ........?.......
0x00001240: 00000004 00000001 00000000 00000000 ................
0x00001250: 00000000 00000058 00002fdd 00000000 ....X..../......
0x00001260: 00000000 00000000 00000000 00000000 ................
0x00001270: 00000000 755a0000 00000000 00008000 ......Zu........
0x00001280: 00006dda 49e03812 0000206a feef04bd .m...8.Ij ......
0x00001290: 00010000 00060000 17724655 00060000 ........UFr.....
0x000012a0: 17724655 0000003f 00000000 00040004 UFr.?...........
0x000012b0: 00000002 00000000 00000000 00000000 ................
0x000012c0: 00000024 00003035 00000000 00000000 $...50..........
0x000012d0: 00000000 00000000 00000000 00000000 ................
0x000012e0: 71530000 00000000 0003f000 0004868f ..Sq............
0x000012f0: 4791a77a 000020ae feef04bd 00010000 z..G. ..........
0x00001300: 00060000 17714650 00060000 17714650 ....PFq.....PFq.
0x00001310: 0000003f 00000000 00040004 00000002 ?...............
0x00001320: 00000000 00000000 00000000 00000024 ............$...
0x00001330: 00003059 00000000 00000000 00000000 Y0..............
0x00001340: 00000000 00000000 00000000 75680000 ..............hu
0x00001350: 00000000 00007000 00009ac8 4549bd99 .....p........IE
0x00001360: 000020f2 feef04bd 00010000 00060000 . ..............
0x00001370: 17704002 00060000 17704002 0000003f .@p......@p.?...
0x00001380: 00000000 00040004 00000002 00000000 ................
0x00001390: 00000000 00000000 00000022 0000307d ........"...}0..
0x000013a0: 00000000 00000000 00000000 00000000 ................
0x000013b0: 00000000 00000000 02250000 00000000 ..........%.....
0x000013c0: 00063000 00064210 4d1a8947 00002132 .0...B..G..M2!..
0x000013d0: feef04bd 00010000 00050003 aa1e04c0 ................
0x000013e0: 00050003 aa1e04c0 0000003f 00000000 ........?.......
0x000013f0: 00000004 00000001 00000000 00000000 ................
0x00001400: 00000000 00000000 00000000 00000000 ................
0x00001410: 00000000 00000000 00000000 00000000 ................
0x00001420: 00000000 749d0000 00000000 0001a000 .......t........
0x00001430: 000207db 49e03812 000021c2 feef04bd .....8.I.!......
0x00001440: 00010000 00060000 17724655 00060000 ........UFr.....
0x00001450: 17724655 0000003f 00000000 00040004 UFr.?...........
0x00001460: 00000002 00000000 00000000 00000000 ................
0x00001470: 00000025 0000309f 00000000 00000000 %....0..........
0x00001480: 00000000 00000000 00000000 00000000 ................
0x00001490: 0000001c 00650053 00760072 00630069 ....S.e.r.v.i.c.
0x000014a0: 00200065 00610050 006b0063 00320020 e. .P.a.c.k. .2.
0x000014b0: 007a0000 00430000 005c003a 00720050 ..z...C.:.\.P.r.
0x000014c0: 0067006f 00610072 0020006d 00690046 o.g.r.a.m. .F.i.
0x000014d0: 0065006c 005c0073 004f0043 004f004d l.e.s.\.C.O.M.O.
0x000014e0: 004f0044 0043005c 004d004f 0044004f D.O.\.C.O.M.O.D.
0x000014f0: 0020004f 006e0049 00650074 006e0072 O. .I.n.t.e.r.n.
0x00001500: 00740065 00530020 00630065 00720075 e.t. .S.e.c.u.r.
0x00001510: 00740069 005c0079 00660063 00750070 i.t.y.\.c.f.p.u.
0x00001520: 00640070 00740061 0065002e 00650078 p.d.a.t...e.x.e.
0x00001530: 003a0000 00430000 005c003a 00690057 ..:...C.:.\.W.i.
0x00001540: 0064006e 0077006f 005c0073 00790053 n.d.o.w.s.\.S.y.
0x00001550: 00740073 006d0065 00320033 006e005c s.t.e.m.3.2.\.n.
0x00001560: 00640074 006c006c 0064002e 006c006c t.d.l.l...d.l.l.
0x00001570: 00400000 00430000 005c003a 00690057 ..@...C.:.\.W.i.
0x00001580: 0064006e 0077006f 005c0073 00790053 n.d.o.w.s.\.S.y.
0x00001590: 00740073 006d0065 00320033 006b005c s.t.e.m.3.2.\.k.
0x000015a0: 00720065 0065006e 0033006c 002e0032 e.r.n.e.l.3.2...
0x000015b0: 006c0064 0000006c 0000003c 003a0043 d.l.l...<...C.:.
0x000015c0: 0057005c 006e0069 006f0064 00730077 \.W.i.n.d.o.w.s.
0x000015d0: 0053005c 00730079 00650074 0033006d \.S.y.s.t.e.m.3.
0x000015e0: 005c0032 00730075 00720065 00320033 2.\.u.s.e.r.3.2.
0x000015f0: 0064002e 006c006c 003a0000 00430000 ..d.l.l...:...C.
0x00001600: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001610: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001620: 00320033 0067005c 00690064 00320033 3.2.\.g.d.i.3.2.
0x00001630: 0064002e 006c006c 00400000 00430000 ..d.l.l...@...C.
0x00001640: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001650: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001660: 00320033 0061005c 00760064 00700061 3.2.\.a.d.v.a.p.
0x00001670: 00330069 002e0032 006c0064 0000006c i.3.2...d.l.l...
0x00001680: 0000003c 003a0043 0057005c 006e0069 <...C.:.\.W.i.n.
0x00001690: 006f0064 00730077 0053005c 00730079 d.o.w.s.\.S.y.s.
0x000016a0: 00650074 0033006d 005c0032 00700072 t.e.m.3.2.\.r.p.
0x000016b0: 00720063 00340074 0064002e 006c006c c.r.t.4...d.l.l.
0x000016c0: 00400000 00430000 005c003a 00690057 ..@...C.:.\.W.i.
0x000016d0: 0064006e 0077006f 005c0073 00790053 n.d.o.w.s.\.S.y.
0x000016e0: 00740073 006d0065 00320033 0063005c s.t.e.m.3.2.\.c.
0x000016f0: 006d006f 006c0064 00330067 002e0032 o.m.d.l.g.3.2...
0x00001700: 006c0064 0000006c 0000003c 003a0043 d.l.l...<...C.:.
0x00001710: 0057005c 006e0069 006f0064 00730077 \.W.i.n.d.o.w.s.
0x00001720: 0053005c 00730079 00650074 0033006d \.S.y.s.t.e.m.3.
0x00001730: 005c0032 0073006d 00630076 00740072 2.\.m.s.v.c.r.t.
0x00001740: 0064002e 006c006c 003e0000 00430000 ..d.l.l...>...C.
0x00001750: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001760: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001770: 00320033 0073005c 006c0068 00610077 3.2.\.s.h.l.w.a.
0x00001780: 00690070 0064002e 006c006c 00f40000 p.i...d.l.l.....
0x00001790: 00430000 005c003a 00690057 0064006e ..C.:.\.W.i.n.d.
0x000017a0: 0077006f 005c0073 00690077 0073006e o.w.s.\.w.i.n.s.
0x000017b0: 00730078 0078005c 00360038 006d005f x.s.\.x.8.6._.m.
0x000017c0: 00630069 006f0072 006f0073 00740066 i.c.r.o.s.o.f.t.
0x000017d0: 0077002e 006e0069 006f0064 00730077 ..w.i.n.d.o.w.s.
0x000017e0: 0063002e 006d006f 006f006d 002d006e ..c.o.m.m.o.n.-.
0x000017f0: 006f0063 0074006e 006f0072 0073006c c.o.n.t.r.o.l.s.
0x00001800: 0036005f 00390035 00620035 00340036 _.6.5.9.5.b.6.4.
0x00001810: 00340031 00630034 00660063 00640031 1.4.4.c.c.f.1.d.
0x00001820: 005f0066 002e0036 002e0030 00300036 f._.6...0...6.0.
0x00001830: 00320030 0031002e 00330038 00350030 0.2...1.8.3.0.5.
0x00001840: 006e005f 006e006f 005f0065 00630035 _.n.o.n.e._.5.c.
0x00001850: 00370062 00660032 00610032 00380030 b.7.2.f.2.a.0.8.
0x00001860: 00620038 00650030 00330064 0063005c 8.b.0.e.d.3.\.c.
0x00001870: 006d006f 00740063 0033006c 002e0032 o.m.c.t.l.3.2...
0x00001880: 006c0064 0000006c 0000003e 003a0043 d.l.l...>...C.:.
0x00001890: 0057005c 006e0069 006f0064 00730077 \.W.i.n.d.o.w.s.
0x000018a0: 0053005c 00730079 00650074 0033006d \.S.y.s.t.e.m.3.
0x000018b0: 005c0032 00680073 006c0065 0033006c 2.\.s.h.e.l.l.3.
0x000018c0: 002e0032 006c0064 0000006c 00000040 2...d.l.l...@...
0x000018d0: 003a0043 0057005c 006e0069 006f0064 C.:.\.W.i.n.d.o.
0x000018e0: 00730077 0053005c 00730079 00650074 w.s.\.S.y.s.t.e.
0x000018f0: 0033006d 005c0032 00690077 0073006e m.3.2.\.w.i.n.s.
0x00001900: 006f0070 006c006f 0064002e 00760072 p.o.o.l...d.r.v.
0x00001910: 003c0000 00430000 005c003a 00690057 ..<...C.:.\.W.i.
0x00001920: 0064006e 0077006f 005c0073 00790053 n.d.o.w.s.\.S.y.
0x00001930: 00740073 006d0065 00320033 006f005c s.t.e.m.3.2.\.o.
0x00001940: 0065006c 006c0064 002e0067 006c0064 l.e.d.l.g...d.l.
0x00001950: 0000006c 0000003a 003a0043 0057005c l...:...C.:.\.W.
0x00001960: 006e0069 006f0064 00730077 0053005c i.n.d.o.w.s.\.S.
0x00001970: 00730079 00650074 0033006d 005c0032 y.s.t.e.m.3.2.\.
0x00001980: 006c006f 00330065 002e0032 006c0064 o.l.e.3.2...d.l.
0x00001990: 0000006c 00000040 003a0043 0057005c l...@...C.:.\.W.
0x000019a0: 006e0069 006f0064 00730077 0053005c i.n.d.o.w.s.\.S.
0x000019b0: 00730079 00650074 0033006d 005c0032 y.s.t.e.m.3.2.\.
0x000019c0: 006c006f 00610065 00740075 00320033 o.l.e.a.u.t.3.2.
0x000019d0: 0064002e 006c006c 003e0000 00430000 ..d.l.l...>...C.
0x000019e0: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x000019f0: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001a00: 00320033 0064005c 00670062 00650068 3.2.\.d.b.g.h.e.
0x00001a10: 0070006c 0064002e 006c006c 003c0000 l.p...d.l.l...<.
0x00001a20: 00430000 005c003a 00690057 0064006e ..C.:.\.W.i.n.d.
0x00001a30: 0077006f 005c0073 00790053 00740073 o.w.s.\.S.y.s.t.
0x00001a40: 006d0065 00320033 0066005c 0074006c e.m.3.2.\.f.l.t.
0x00001a50: 0069004c 002e0062 006c0064 0000006c L.i.b...d.l.l...
0x00001a60: 00000040 003a0043 0057005c 006e0069 @...C.:.\.W.i.n.
0x00001a70: 006f0064 00730077 0053005c 00730079 d.o.w.s.\.S.y.s.
0x00001a80: 00650074 0033006d 005c0032 006d0069 t.e.m.3.2.\.i.m.
0x00001a90: 00670061 00680065 0070006c 0064002e a.g.e.h.l.p...d.
0x00001aa0: 006c006c 003e0000 00430000 005c003a l.l...>...C.:.\.
0x00001ab0: 00690057 0064006e 0077006f 005c0073 W.i.n.d.o.w.s.\.
0x00001ac0: 00790053 00740073 006d0065 00320033 S.y.s.t.e.m.3.2.
0x00001ad0: 0063005c 00790072 00740070 00320033 \.c.r.y.p.t.3.2.
0x00001ae0: 0064002e 006c006c 003c0000 00430000 ..d.l.l...<...C.
0x00001af0: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001b00: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001b10: 00320033 006d005c 00610073 006e0073 3.2.\.m.s.a.s.n.
0x00001b20: 002e0031 006c0064 0000006c 0000003e 1...d.l.l...>...
0x00001b30: 003a0043 0057005c 006e0069 006f0064 C.:.\.W.i.n.d.o.
0x00001b40: 00730077 0053005c 00730079 00650074 w.s.\.S.y.s.t.e.
0x00001b50: 0033006d 005c0032 00730075 00720065 m.3.2.\.u.s.e.r.
0x00001b60: 006e0065 002e0076 006c0064 0000006c e.n.v...d.l.l...
0x00001b70: 0000003e 003a0043 0057005c 006e0069 >...C.:.\.W.i.n.
0x00001b80: 006f0064 00730077 0053005c 00730079 d.o.w.s.\.S.y.s.
0x00001b90: 00650074 0033006d 005c0032 00650073 t.e.m.3.2.\.s.e.
0x00001ba0: 00750063 00330072 002e0032 006c0064 c.u.r.3.2...d.l.
0x00001bb0: 0000006c 00000040 003a0043 0057005c l...@...C.:.\.W.
0x00001bc0: 006e0069 006f0064 00730077 0053005c i.n.d.o.w.s.\.S.
0x00001bd0: 00730079 00650074 0033006d 005c0032 y.s.t.e.m.3.2.\.
0x00001be0: 00690077 0074006e 00750072 00740073 w.i.n.t.r.u.s.t.
0x00001bf0: 0064002e 006c006c 00360000 00430000 ..d.l.l...6...C.
0x00001c00: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001c10: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001c20: 00320033 006d005c 00690073 0064002e 3.2.\.m.s.i...d.
0x00001c30: 006c006c 003a0000 00430000 005c003a l.l...:...C.:.\.
0x00001c40: 00690057 0064006e 0077006f 005c0073 W.i.n.d.o.w.s.\.
0x00001c50: 00790053 00740073 006d0065 00320033 S.y.s.t.e.m.3.2.
0x00001c60: 0077005c 006e0069 006d006d 0064002e \.w.i.n.m.m...d.
0x00001c70: 006c006c 003c0000 00430000 005c003a l.l...<...C.:.\.
0x00001c80: 00690057 0064006e 0077006f 005c0073 W.i.n.d.o.w.s.\.
0x00001c90: 00790053 00740073 006d0065 00320033 S.y.s.t.e.m.3.2.
0x00001ca0: 006f005c 0065006c 00630061 002e0063 \.o.l.e.a.c.c...
0x00001cb0: 006c0064 0000006c 0000003c 003a0043 d.l.l...<...C.:.
0x00001cc0: 0057005c 006e0069 006f0064 00730077 \.W.i.n.d.o.w.s.
0x00001cd0: 0053005c 00730079 00650074 0033006d \.S.y.s.t.e.m.3.
0x00001ce0: 005c0032 00730077 005f0032 00320033 2.\.w.s.2._.3.2.
0x00001cf0: 0064002e 006c006c 00360000 00430000 ..d.l.l...6...C.
0x00001d00: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001d10: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001d20: 00320033 006e005c 00690073 0064002e 3.2.\.n.s.i...d.
0x00001d30: 006c006c 00360000 00430000 005c003a l.l...6...C.:.\.
0x00001d40: 00690057 0064006e 0077006f 005c0073 W.i.n.d.o.w.s.\.
0x00001d50: 00790053 00740073 006d0065 00320033 S.y.s.t.e.m.3.2.
0x00001d60: 006d005c 00720070 0064002e 006c006c \.m.p.r...d.l.l.
0x00001d70: 00e20000 00430000 005c003a 00690057 ......C.:.\.W.i.
0x00001d80: 0064006e 0077006f 005c0073 00690077 n.d.o.w.s.\.w.i.
0x00001d90: 0073006e 00730078 0078005c 00360038 n.s.x.s.\.x.8.6.
0x00001da0: 006d005f 00630069 006f0072 006f0073 _.m.i.c.r.o.s.o.
0x00001db0: 00740066 0077002e 006e0069 006f0064 f.t...w.i.n.d.o.
0x00001dc0: 00730077 0067002e 00690064 006c0070 w.s...g.d.i.p.l.
0x00001dd0: 00730075 0036005f 00390035 00620035 u.s._.6.5.9.5.b.
0x00001de0: 00340036 00340031 00630034 00660063 6.4.1.4.4.c.c.f.
0x00001df0: 00640031 005f0066 002e0031 002e0030 1.d.f._.1...0...
0x00001e00: 00300036 00320030 0031002e 00300038 6.0.0.2...1.8.0.
0x00001e10: 00350030 006e005f 006e006f 005f0065 0.5._.n.o.n.e._.
0x00001e20: 00650039 00300035 00330062 00360039 9.e.5.0.b.3.9.6.
0x00001e30: 00610063 00370031 00650061 00370030 c.a.1.7.a.e.0.7.
0x00001e40: 0047005c 00690064 006c0050 00730075 \.G.d.i.P.l.u.s.
0x00001e50: 0064002e 006c006c 003e0000 00430000 ..d.l.l...>...C.
0x00001e60: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001e70: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001e80: 00320033 0077005c 006e0069 006e0069 3.2.\.w.i.n.i.n.
0x00001e90: 00740065 0064002e 006c006c 00400000 e.t...d.l.l...@.
0x00001ea0: 00430000 005c003a 00690057 0064006e ..C.:.\.W.i.n.d.
0x00001eb0: 0077006f 005c0073 00790053 00740073 o.w.s.\.S.y.s.t.
0x00001ec0: 006d0065 00320033 006e005c 0072006f e.m.3.2.\.n.o.r.
0x00001ed0: 0061006d 0069006c 002e007a 006c0064 m.a.l.i.z...d.l.
0x00001ee0: 0000006c 00000040 003a0043 0057005c l...@...C.:.\.W.
0x00001ef0: 006e0069 006f0064 00730077 0053005c i.n.d.o.w.s.\.S.
0x00001f00: 00730079 00650074 0033006d 005c0032 y.s.t.e.m.3.2.\.
0x00001f10: 00650069 00740072 00740075 006c0069 i.e.r.t.u.t.i.l.
0x00001f20: 0064002e 006c006c 003a0000 00430000 ..d.l.l...:...C.
0x00001f30: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001f40: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001f50: 00320033 0069005c 006d006d 00320033 3.2.\.i.m.m.3.2.
0x00001f60: 0064002e 006c006c 003a0000 00430000 ..d.l.l...:...C.
0x00001f70: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001f80: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001f90: 00320033 006d005c 00630073 00660074 3.2.\.m.s.c.t.f.
0x00001fa0: 0064002e 006c006c 00360000 00430000 ..d.l.l...6...C.
0x00001fb0: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00001fc0: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00001fd0: 00320033 006c005c 006b0070 0064002e 3.2.\.l.p.k...d.
0x00001fe0: 006c006c 003a0000 00430000 005c003a l.l...:...C.:.\.
0x00001ff0: 00690057 0064006e 0077006f 005c0073 W.i.n.d.o.w.s.\.
0x00002000: 00790053 00740073 006d0065 00320033 S.y.s.t.e.m.3.2.
0x00002010: 0075005c 00700073 00300031 0064002e \.u.s.p.1.0...d.
0x00002020: 006c006c 003e0000 00430000 005c003a l.l...>...C.:.\.
0x00002030: 00690057 0064006e 0077006f 005c0073 W.i.n.d.o.w.s.\.
0x00002040: 00790053 00740073 006d0065 00320033 S.y.s.t.e.m.3.2.
0x00002050: 0067005c 00610075 00640072 00320033 \.g.u.a.r.d.3.2.
0x00002060: 0064002e 006c006c 003e0000 00430000 ..d.l.l...>...C.
0x00002070: 005c003a 00690057 0064006e 0077006f :.\.W.i.n.d.o.w.
0x00002080: 005c0073 00790053 00740073 006d0065 s.\.S.y.s.t.e.m.
0x00002090: 00320033 0076005c 00720065 00690073 3.2.\.v.e.r.s.i.
0x000020a0: 006e006f 0064002e 006c006c 003e0000 o.n...d.l.l...>.
0x000020b0: 00430000 005c003a 00690057 0064006e ..C.:.\.W.i.n.d.
0x000020c0: 0077006f 005c0073 00790053 00740073 o.w.s.\.S.y.s.t.
0x000020d0: 006d0065 00320033 0075005c 00740078 e.m.3.2.\.u.x.t.
0x000020e0: 00650068 0065006d 0064002e 006c006c h.e.m.e...d.l.l.
0x000020f0: 003a0000 00430000 005c003a 00690057 ..:...C.:.\.W.i.
0x00002100: 0064006e 0077006f 005c0073 00790053 n.d.o.w.s.\.S.y.
0x00002110: 00740073 006d0065 00320033 0070005c s.t.e.m.3.2.\.p.
0x00002120: 00610073 00690070 0064002e 006c006c s.a.p.i...d.l.l.
0x00002130: 008a0000 00430000 005c003a 00720050 ......C.:.\.P.r.
0x00002140: 0067006f 00610072 0020006d 00690046 o.g.r.a.m. .F.i.
0x00002150: 0065006c 005c0073 004f0043 004f004d l.e.s.\.C.O.M.O.
0x00002160: 004f0044 0043005c 004d004f 0044004f D.O.\.C.O.M.O.D.
0x00002170: 0020004f 006e0049 00650074 006e0072 O. .I.n.t.e.r.n.
0x00002180: 00740065 00530020 00630065 00720075 e.t. .S.e.c.u.r.
0x00002190: 00740069 005c0079 00680074 006d0065 i.t.y.\.t.h.e.m.
0x000021a0: 00730065 0064005c 00660065 00750061 e.s.\.d.e.f.a.u.
0x000021b0: 0074006c 0074002e 00650068 0065006d l.t...t.h.e.m.e.
0x000021c0: 00400000 00430000 005c003a 00690057 ..@...C.:.\.W.i.
0x000021d0: 0064006e 0077006f 005c0073 00790053 n.d.o.w.s.\.S.y.
0x000021e0: 00740073 006d0065 00320033 0070005c s.t.e.m.3.2.\.p.
0x000021f0: 0077006f 00700072 006f0072 002e0066 o.w.r.p.r.o.f...
0x00002200: 006c0064 0000006c 0001003f 00000000 d.l.l...?.......
0x00002210: 00000000 00000000 00000000 00000000 ................
0x00002220: 00000000 ffff027f ffff0020 ffffffff ........ .......
0x00002230: 004ab06c 0159001b 00627ed4 ffff0023 l.J...Y..~b.#...
0x00002240: 00000000 82000000 00004005 a69b0000 .........@......
0x00002250: 40069537 00000000 c3e54900 f8003ffe 7..@.....I...?..
0x00002260: fafafafa 400580fa 00000000 c3000000 .......@........
0x00002270: f0004007 d2ec4ec4 4006a9a0 00000000 .@...N.....@....
0x00002280: c0000000 00004006 00000000 3ffe8000 .....@.........?
0x00002290: 00000000 00000000 0000003b 00000023 ........;...#...
0x000022a0: 00000023 01e0d558 70c80000 70c80000 #...X......p...p
0x000022b0: 00000000 70c80000 70c80014 0012f014 .......p...p....
0x000022c0: 71bd203e 0000001b 00010246 0012f010 > .q....F.......
0x000022d0: 00000023 0020027f 01590000 004ab06c #..... ...Y.l.J.
0x000022e0: 0000001b 00627ed4 00000023 00001fa0 .....~b.#.......
0x000022f0: 0000ffff 00000000 82000000 00004005 .............@..
0x00002300: 00000000 00000000 9537a69b 00004006 ..........7..@..
0x00002310: 00000000 00000000 c3e54900 00003ffe .........I...?..
0x00002320: 00000000 fafaf800 80fafafa 00004005 .............@..
0x00002330: 00000000 00000000 c3000000 00004007 .............@..
0x00002340: 00000000 4ec4f000 a9a0d2ec 00004006 .......N.....@..
0x00002350: 00000000 00000000 c0000000 00004006 .............@..
0x00002360: 00000000 00000000 80000000 00003ffe .............?..
0x00002370: 00000000 00000000 00000000 00000000 ................
0x00002380: 00000000 00000000 00000000 00000000 ................
0x00002390: 00000000 00000000 00000000 00000000 ................
0x000023a0: 00000000 00000000 00000000 00000000 ................
0x000023b0: 00000000 00000000 00000000 00000000 ................
0x000023c0: 00000000 00000000 00000000 00000000 ................
0x000023d0: 00000000 00000000 00000000 00000000 ................
0x000023e0: 00000000 00000000 00000000 00000000 ................
0x000023f0: 00000000 00000000 00000000 00000000 ................
0x00002400: 00000000 00000000 00000000 00000000 ................
0x00002410: 00000000 00000000 00000000 00000000 ................
0x00002420: 00000000 00000000 00000000 00000000 ................
0x00002430: 00000000 00000000 00000000 00000000 ................
0x00002440: 00000000 00000000 00000000 00000000 ................
0x00002450: 00000000 00000000 00000000 00000000 ................
0x00002460: 00000000 00000000 00000000 00000000 ................
0x00002470: 00000000 00000000 00000000 00000000 ................
0x00002480: 00000000 00000000 00000000 00000000 ................
0x00002490: 00000000 00000000 00000000 00000000 ................
0x000024a0: 00000000 00000000 00000000 00000000 ................
0x000024b0: 00000000 00000000 00000000 00000000 ................
0x000024c0: 00000000 00000000 00000000 00000000 ................
0x000024d0: 00000000 0001003f 00000000 00000000 ....?...........
0x000024e0: 00000000 00000000 00000000 00000000 ................
0x000024f0: ffff027f ffff0020 ffffffff 004ab06c .... .......l.J.
0x00002500: 0159001b 00627ed4 ffff0023 00000000 ..Y..~b.#.......
0x00002510: 82000000 00004005 a69b0000 40069537 .....@......7..@
0x00002520: 00000000 c3e54900 f8003ffe fafafafa .....I...?......
0x00002530: 400580fa 00000000 c3000000 f0004007 ...@.........@..
0x00002540: d2ec4ec4 4006a9a0 00000000 c0000000 .N.....@........
0x00002550: 00004006 00000000 3ffe8000 00000000 .@.........?....
0x00002560: 00000000 0000003b 00000023 00000023 ....;...#...#...
0x00002570: 0012df0c 01bc0fd8 01bc1018 76f25ca4 .............\.v
0x00002580: 0012de50 01bc0fa0 0012dbdc 76f25ca4 P............\.v
0x00002590: 0000001b 00000246 0012dbcc 00000023 ....F.......#...
0x000025a0: 0020027f 01590000 004ab06c 0000001b .. ...Y.l.J.....
0x000025b0: 00627ed4 00000023 00001fa0 0000ffff .~b.#...........
0x000025c0: 00000000 82000000 00004005 00000000 .........@......
0x000025d0: 00000000 9537a69b 00004006 00000000 ......7..@......
0x000025e0: 00000000 c3e54900 00003ffe 00000000 .....I...?......
0x000025f0: fafaf800 80fafafa 00004005 00000000 .........@......
0x00002600: 00000000 c3000000 00004007 00000000 .........@......
0x00002610: 4ec4f000 a9a0d2ec 00004006 00000000 ...N.....@......
0x00002620: 00000000 c0000000 00004006 00000000 .........@......
0x00002630: 00000000 80000000 00003ffe 00000000 .........?......
0x00002640: 00000000 00000000 00000000 00000000 ................
0x00002650: 00000000 00000000 00000000 00000000 ................
0x00002660: 00000000 00000000 00000000 00000000 ................
0x00002670: 00000000 00000000 00000000 00000000 ................
0x00002680: 00000000 00000000 00000000 00000000 ................
0x00002690: 00000000 00000000 00000000 00000000 ................
0x000026a0: 00000000 00000000 00000000 00000000 ................
0x000026b0: 00000000 00000000 00000000 00000000 ................
0x000026c0: 00000000 00000000 00000000 00000000 ................
0x000026d0: 00000000 00000000 00000000 00000000 ................
0x000026e0: 00000000 00000000 00000000 00000000 ................
0x000026f0: 00000000 00000000 00000000 00000000 ................
0x00002700: 00000000 00000000 00000000 00000000 ................
0x00002710: 00000000 00000000 00000000 00000000 ................
0x00002720: 00000000 00000000 00000000 00000000 ................
0x00002730: 00000000 00000000 00000000 00000000 ................
0x00002740: 00000000 00000000 00000000 00000000 ................
0x00002750: 00000000 00000000 00000000 00000000 ................
0x00002760: 00000000 00000000 00000000 00000000 ................
0x00002770: 00000000 00000000 00000000 00000000 ................
0x00002780: 00000000 00000000 00000000 00000000 ................
0x00002790: 00000000 00000000 00000000 00000000 ................
0x000027a0: 0001003f 00000000 00000000 00000000 ?...............
0x000027b0: 00000000 00000000 00000000 ffff027f ................
0x000027c0: ffff0000 ffffffff 00000000 00000000 ................
0x000027d0: 00000000 ffff0000 00000000 00000000 ................
0x000027e0: 00000000 00000000 00000000 00000000 ................
0x000027f0: 00000000 00000000 00000000 00000000 ................
0x00002800: 00000000 00000000 00000000 00000000 ................
0x00002810: 00000000 00000000 00000000 00000000 ................
0x00002820: 00000000 00000000 00000000 00000000 ................
0x00002830: 0000003b 00000023 00000023 00000000 ;...#...#.......
0x00002840: 00000000 00000002 00000000 76d00a51 ............Q..v
0x00002850: 0243f988 0243fecc 76f25ca4 0000001b ..C...C..\.v....
0x00002860: 00000246 0243fe30 00000023 0000027f F...0.C.#.......
0x00002870: 00000000 00000000 00000000 00000000 ................
0x00002880: 00000000 00001f80 00000000 00000000 ................
0x00002890: 00000000 00000000 00000000 00000000 ................
0x000028a0: 00000000 00000000 00000000 00000000 ................
0x000028b0: 00000000 00000000 00000000 00000000 ................
0x000028c0: 00000000 00000000 00000000 00000000 ................
0x000028d0: 00000000 00000000 00000000 00000000 ................
0x000028e0: 00000000 00000000 00000000 00000000 ................
0x000028f0: 00000000 00000000 00000000 00000000 ................
0x00002900: 00000000 00000000 00000000 00000000 ................
0x00002910: 00000000 00000000 00000000 00000000 ................
0x00002920: 00000000 00000000 00000000 00000000 ................
0x00002930: 00000000 00000000 00000000 00000000 ................
0x00002940: 00000000 00000000 00000000 00000000 ................
0x00002950: 00000000 00000000 00000000 00000000 ................
0x00002960: 00000000 00000000 00000000 00000000 ................
0x00002970: 00000000 00000000 00000000 00000000 ................
0x00002980: 00000000 00000000 00000000 00000000 ................
0x00002990: 00000000 00000000 00000000 00000000 ................
0x000029a0: 00000000 00000000 00000000 00000000 ................
0x000029b0: 00000000 00000000 00000000 00000000 ................
0x000029c0: 00000000 00000000 00000000 00000000 ................
0x000029d0: 00000000 00000000 00000000 00000000 ................
0x000029e0: 00000000 00000000 00000000 00000000 ................
0x000029f0: 00000000 00000000 00000000 00000000 ................
0x00002a00: 00000000 00000000 00000000 00000000 ................
0x00002a10: 00000000 00000000 00000000 00000000 ................
0x00002a20: 00000000 00000000 00000000 00000000 ................
0x00002a30: 00000000 00000000 00000000 00000000 ................
0x00002a40: 00000000 00000000 00000000 00000000 ................
0x00002a50: 00000000 00000000 00000000 00000000 ................
0x00002a60: 00000000 00000000 00000000 53445352 ............RSDS
0x00002a70: eaa58548 4ec1c548 5d28f0b8 505701f5 H...H..N..(]..WP
0x00002a80: 00000001 535c3a44 74534e56 6761726f ....D:\SVNStorag
0x00002a90: 72505c65 63656a6f 435c7374 325f5349 e\Projects\CIS_2
0x00002aa0: 5c313130 656c6552 5c657361 5c323378 011\Release\x32\
0x00002ab0: 626d7953 5c736c6f 75706663 74616470 Symbols\cfpupdat
0x00002ac0: 6264702e 44535200 05a3b653 736ed6b0 .pdb.RSDS.....ns
0x00002ad0: 5124b044 c0ef7d20 00000280 64746e00 D.$Q }.......ntd
0x00002ae0: 702e6c6c 52006264 ac534453 80fccf6f ll.pdb.RSDS.o...
0x00002af0: a44d4909 776a25bb 025719f5 6b000000 .IM..%jw..W....k
0x00002b00: 656e7265 2e32336c 00626470 53445352 ernel32.pdb.RSDS
0x00002b10: cfd2c4c8 406deb9c 95c26d8b 6a17eb12 ......m@.m.....j
0x00002b20: 00000002 72657375 702e3233 52006264 ....user32.pdb.R
0x00002b30: f6534453 d808eb4d bd40a5e5 63939511 SDS.M.....@....c
0x00002b40: 0289ae5b 67000000 32336964 6264702e [......gdi32.pdb
0x00002b50: 44535200 a66dbc53 888b0e66 474ab54d .RSDS.m.f...M.JG
0x00002b60: 03d80d51 0000029b 76646100 33697061 Q........advapi3
0x00002b70: 64702e32 53520062 1a555344 6a3e30b7 2.pdb.RSDSU..0>j
0x00002b80: e6bb4491 807b67b3 00020f7c 70720000 .D...g{.|.....rp
0x00002b90: 34747263 6264702e 44535200 0a2d8c53 crt4.pdb.RSDS.-.
0x00002ba0: 260738d5 e720ad44 f0c897fc 00000243 .8.&D. .....C...
0x00002bb0: 6d6f6300 33676c64 64702e32 53520062 .comdlg32.pdb.RS
0x00002bc0: 19f75344 bfb97f80 48854686 88a56a03 DS.......F.H.j..
0x00002bd0: 00024c1b 736d0000 74726376 6264702e .L....msvcrt.pdb
0x00002be0: 44535200 c74d4353 be6b45e5 d35b8d44 .RSDSCM..Ek.D.[.
0x00002bf0: 99742f16 0000021d 6c687300 69706177 ./t......shlwapi
0x00002c00: 6264702e 44535200 5f251953 72121de4 .pdb.RSDS.%_...r
0x00002c10: 43c1ae4a 62d6697b 00000211 6d6f6300 J..C{i.b.....com
0x00002c20: 336c7463 64702e32 53520062 8ee95344 ctl32.pdb.RSDS..
0x00002c30: 5268d0e9 38bf439d 1845303e 0002f3db ..hR.C.8>0E.....
0x00002c40: 68730000 336c6c65 64702e32 53520062 ..shell32.pdb.RS
0x00002c50: fff05344 65fda335 4e80409c b2d408f2 DS..5..e.@.N....
0x00002c60: 0001ab47 69770000 6f70736e 702e6c6f G.....winspool.p
0x00002c70: 52006264 29534453 1bd5ee66 a24613db db.RSDS)f.....F.
0x00002c80: 65410f87 02fdafc5 6f000000 6c64656c ..Ae.......oledl
0x00002c90: 64702e67 53520062 02195344 d571ede3 g.pdb.RSDS....q.
0x00002ca0: 83ac44fa 73655a67 000298d1 6c6f0000 .D..gZes......ol
0x00002cb0: 2e323365 00626470 53445352 0bd45944 e32.pdb.RSDSDY..
0x00002cc0: 461a7a41 886054ac d69aa598 00000002 Az.F.T`.........
0x00002cd0: 61656c6f 32337475 6264702e 44535200 oleaut32.pdb.RSD
0x00002ce0: fa621853 cdac625a 7564a844 5c65237c S.b.Zb..D.du|#e\
0x00002cf0: 00000232 67626400 706c6568 6264702e 2....dbghelp.pdb
0x00002d00: 44535200 5a81ac53 76822e00 9195814b .RSDS..Z...vK...
0x00002d10: d7340ae4 000001d3 746c6600 2e62694c ..4......fltLib.
0x00002d20: 00626470 53445352 83857ab5 42f44af2 pdb.RSDS.z...J.B
0x00002d30: 44544491 5073a744 00000002 67616d69 .DTDD.sP....imag
0x00002d40: 706c6865 6264702e 44535200 dd584453 ehlp.pdb.RSDSDX.
0x00002d50: a8c045cb bceb8541 68baae54 00000241 .E..A...T..hA...
0x00002d60: 79726300 32337470 6264702e 44535200 .crypt32.pdb.RSD
0x00002d70: 66fd6553 e0babe31 a753b346 60ff87a5 Se.f1...F.S....`
0x00002d80: 0000025d 61736d00 2e316e73 00626470 ]....msasn1.pdb.
0x00002d90: 53445352 b6d4a656 472d1b0a d403cbb2 RSDSV.....-G....
0x00002da0: d8e9af40 00000002 72657375 2e766e65 @.......userenv.
0x00002db0: 00626470 53445352 af08dbd2 48f9fc4c pdb.RSDS....L..H
0x00002dc0: 1f8cf988 531fae8b 00000002 75636573 .......S....secu
0x00002dd0: 2e323372 00626470 53445352 c9337737 r32.pdb.RSDS7w3.
0x00002de0: 419f9275 37f37381 a0194691 00000002 u..A.s.7.F......
0x00002df0: 746e6977 74737572 6264702e 44535200 wintrust.pdb.RSD
0x00002e00: 1b4d4353 59f6acdf 7d2cab49 9012613b SCM....YI.,};a..
0x00002e10: 0000029e 69736d00 6264702e 44535200 .....msi.pdb.RSD
0x00002e20: 24a2b353 3f85bb86 dec6ba48 6f56ee9d S..$...?H.....Vo
0x00002e30: 000002ea 6e697700 702e6d6d 52006264 .....winmm.pdb.R
0x00002e40: 83534453 d780d69e bb4c9e19 5d328500 SDS.......L...2]
0x00002e50: 01ccf1d2 6f000000 6361656c 64702e63 .......oleacc.pd
0x00002e60: 53520062 b77b5344 4689a004 8888467d b.RSDS{....F}F..
0x00002e70: ddc54db4 0002d75d 73770000 32335f32 .M..].....ws2_32
0x00002e80: 6264702e 44535200 d074df53 5fca5d37 .pdb.RSDS.t.7]._
0x00002e90: b71eb54b 2bf2398b 000002f1 69736e00 K....9.+.....nsi
0x00002ea0: 6264702e 44535200 53b73753 d6ff35ff .pdb.RSDS7.S.5..
0x00002eb0: 204bbc45 03fe0a76 000002b4 72706d00 E.K v........mpr
0x00002ec0: 6264702e 44535200 a6dae453 3031e788 .pdb.RSDS.....10
0x00002ed0: c3448e4d d02b5fcb 00000261 69646700 M.D.._+.a....gdi
0x00002ee0: 73756c70 6264702e 44535200 b86b4d53 plus.pdb.RSDSMk.
0x00002ef0: 9129478f 04eabf4c 5d9bdf59 00000211 .G).L...Y..]....
0x00002f00: 6e697700 74656e69 6264702e 44535200 .wininet.pdb.RSD
0x00002f10: 99361753 c05b9ad8 eec6be40 2acf0a98 S.6...[.@......*
0x00002f20: 00000149 726f6e00 696c616d 64702e7a I....normaliz.pd
0x00002f30: 53520062 6d1f5344 5e130ece b690496f b.RSDS.m...^oI..
0x00002f40: 8950d624 0002ac75 65690000 74757472 $.P.u.....iertut
0x00002f50: 702e6c69 52006264 21534453 cfd1f13c il.pdb.RSDS!<...
0x00002f60: 874f0ccb 0b1caf0f 02c8fb6d 69000000 ..O.....m......i
0x00002f70: 32336d6d 6264702e 44535200 86659053 mm32.pdb.RSDS.e.
0x00002f80: 8973a9c5 faeeb24b fc3777aa 00000209 ..s.K....w7.....
0x00002f90: 63736d00 702e6674 52006264 32534453 .msctf.pdb.RSDS2
0x00002fa0: 6b60147f 90430095 98ad31ee 02b2f627 ..`k..C..1..'...
0x00002fb0: 6c000000 702e6b70 52006264 36534453 ...lpk.pdb.RSDS6
0x00002fc0: 8686f619 8f493b09 489ff0e5 02d9df26 .....;I....H&...
0x00002fd0: 75000000 30317073 6264702e 44535200 ...usp10.pdb.RSD
0x00002fe0: a3140a53 34b2e0fd 5c8ab946 8e517730 S......4F..\0wQ.
0x00002ff0: 00000135 5c3a4400 534e5653 61726f74 5....D:\SVNStora
0x00003000: 505c6567 656a6f72 5c737463 5f534943 ge\Projects\CIS_
0x00003010: 31313032 6c65525c 65736165 3233785c 2011\Release\x32
0x00003020: 6d79535c 736c6f62 6175675c 32336472 \Symbols\guard32
0x00003030: 6264702e 44535200 d7bf0f53 dfb8a697 .pdb.RSDS.......
0x00003040: d5368247 ae74f4d9 00000235 72657600 G.6...t.5....ver
0x00003050: 6e6f6973 6264702e 44535200 b5a4e853 sion.pdb.RSDS...
0x00003060: 4699afd6 466eba49 0984d511 000002c0 ...FI.nF........
0x00003070: 54785500 656d6568 6264702e 44535200 .UxTheme.pdb.RSD
0x00003080: 39819153 9cd257fa 5a79ba46 d904b786 S..9.W..F.yZ....
0x00003090: 000002b9 61737000 702e6970 52006264 .....psapi.pdb.R
0x000030a0: 85534453 22753f43 b8490ded c4bc77bc SDS.C?u"..I..w..
0x000030b0: 02a0f8d6 70000000 7072776f 2e666f72 .......powrprof.
0x000030c0: 00626470 00000004 76f25c24 00000000 pdb.....$\.v....
0x000030d0: 00000100 00003108 71bd1fbe 00000000 .....1.....q....
0x000030e0: 00000100 00003208 0012dbc8 00000000 .....2..........
0x000030f0: 00002438 00003308 0243fe2c 00000000 8$...3..,.C.....
0x00003100: 000001d4 00005740 240489ec 042444c7 ....@W.....$.D$.
0x00003110: 00000001 08245c89 102444c7 00000000 .....\$..D$.....
0x00003120: 0076e854 08c20000 00498d00 83ec8b55 T.v.......I.U...
0x00003130: 448950ec a1640c24 00000018 01a4808b .P.D$.d.........
0x00003140: 04890000 2444c724 00000004 2444c700 ....$.D$......D$
0x00003150: 00000008 2444c700 00000010 39e85400 ......D$.....T.9
0x00003160: 8b000000 e58b2404 ff8bc35d 04244489 .....$..]....D$.
0x00003170: 08245c89 fdb9e6e9 24a48dff 00000000 .\$........$....
0x00003180: 0024648d 340fd48b 24a48dc3 00000000 .d$....4...$....
0x00003190: 0024648d 0824548d 90c32ecd 8dec8b55 .d$..T$.....U...
0x000031a0: fd3024a4 e854ffff 00000153 8b04558b .$0...T.S....U..
0x000031b0: 84830845 0000c424 50890400 2404c70c E...$......P...$
0x000031c0: 00010007 016acc8b 0875ff51 fff177e8 ......j.Q.u..w..
0x000031d0: 02e850ff cc000000 ec8b5590 e024a48d .P.......U....$.
0x000031e0: 54fffffc 000116e8 24848300 000000c4 ...T.......$....
0x000031f0: 248c8d04 000002d0 c704458b 00072404 ...$.....E...$..
0x00003200: 41890001 1061830c fc45c7e4 fffffffe ...A..a...E.....
0x00003210: fdf3d2e8 0004c2ff fffe9090 0000ffff ................
0x00003220: ffd40000 0000ffff fffe0000 1faeffff ................
0x00003230: 1fb771bd 909071bd 8b909090 ec8b55ff .q...q.......U..
0x00003240: ff6ae95d 9090ffff 8b909090 ec8b55ff ].j..........U..
0x00003250: 085d8b53 0d75db85 15ff066a 71bb11f0 S.]...u.j......q
0x00003260: 000083e9 01c3f600 e3830774 0c45c6fe ........t.....E.
0x00003270: 39e85300 85ffffff 8d0874c0 c0830448 .S.9.....t..H...
0x00003280: 8b05eb18 14438dcb 6610b70f 010bfa81 ......C....f....
0x00003290: 51501675 ff1875ff 75ff1475 0c75ff10 u.PQ.u..u..u..u.
0x000032a0: fe69e853 42ebffff 0bfa8166 50167502 S.i....Bf....u.P
0x000032b0: 1875ff51 ff1475ff 75ff1075 abe8530c Q.u..u..u..u.S..
0x000032c0: ebfffffd fa816625 16750107 75ff5150 ....%f....u.PQ.u
0x000032d0: 1475ff18 ff1075ff e8530c75 fffffce3 ..u..u..u.S.....
0x000032e0: 458b08eb 00208314 5d5bc033 900014c2 ...E.. .3.[]....
0x000032f0: 90909090 8b55ff8b ff006aec 75ff1475 ......U..j..u..u
0x00003300: 0c75ff10 e80875ff 76e26955 00000180 ..u..u..Ui.v....
0x00003310: 01bb0048 0012e418 00000000 00000000 H...............
0x00003320: 0012dbf4 01bb0048 0012e418 00000000 ....H...........
0x00003330: 00000002 00000000 00000000 76f24170 ............pA.v
0x00003340: 76e2aeb6 0000017c 00000000 0012dda4 ...v|...........
0x00003350: 71bb2349 0000017c 01bc83d8 0012e418 I#.q|...........
0x00003360: 71bb2360 0012deec 025b07e0 00000180 `#.q......[.....
0x00003370: 01bc8440 0000017c 71bb579c 0012e068 @...|....W.qh...
0x00003380: 00000000 00000000 00000000 00000000 ................
0x00003390: 00000000 00000000 00000000 00000000 ................
0x000033a0: 00000000 00000000 00000000 00000000 ................
0x000033b0: 00000000 76f2673d 760e05ac 025b0000 ....=g.v...v..[.
0x000033c0: 00000000 025b01ac 007a0016 00000001 ......[...z.....
0x000033d0: 00000000 00000000 00740017 00000001 ..........t.....
0x000033e0: 00000000 00000000 025b9108 00000025 ..........[.%...
0x000033f0: 025b0000 00000000 00000000 025b8e08 ..[...........[.
0x00003400: 01bc6018 025b8f1c 01bc6790 025b9328 .`....[..g..(.[.
0x00003410: 0012dc78 00000000 0012defc 025b0000 x.............[.
0x00003420: 76f267a8 01bc6790 00000000 00000025 .g.v.g......%...
0x00003430: 01cc3070 0012e418 ffffffda 01bc83d8 p0..............
0x00003440: 025ba918 0012dcac 00730077 0012defc ..[.....w.s.....
0x00003450: 025b0000 76f267a8 01bc83d8 00000000 ..[..g.v........
0x00003460: 00000348 01bc83d8 0012e418 0012dd40 H...........@...
0x00003470: 71bb5b6d 01cb00e0 01cb0000 00013c70 m[.q........p<..
0x00003480: 0012dd54 71bb5b51 01cb00e0 01cb0000 T...Q[.q........
0x00003490: 00013c70 0012dd74 71bb5afa 01cb0000 p<..t....Z.q....
0x000034a0: 00000000 00000006 0012dd98 01cb00e0 ................
0x000034b0: 01bc842c 0012dd9c 71bb5a6e 01cb0000 ,.......nZ.q....
0x000034c0: 00000000 00000006 0000001c 01bc83d8 ................
0x000034d0: 0012e418 01bc842c 00000038 76f25430 ....,...8...0T.v
0x000034e0: 76e2a9a9 ffffffff 01cb0000 01bc83d8 ...v............
0x000034f0: 0012e418 00000000 025b09c8 025b0000 ..........[...[.
0x00003500: 6b01006a 01bb0048 0012e418 00000000 j..kH...........
0x00003510: 00004550 0004014c 00000002 025b0000 PE..L.........[.
0x00003520: 00000000 0012ded4 76f27373 025b0130 ........ss.v0.[.
0x00003530: 76f27352 760e0790 00000000 025b0000 Rs.v...v......[.
0x00003540: 025b09d0 00000000 00001000 00000200 ..[.............
0x00003550: 00000006 00000006 00000006 025b00c4 ..............[.
0x00003560: 025b50e8 00000400 025b0000 025b50e8 .P[.......[..P[.
0x00003570: 00040000 00000000 025b50e8 00000000 .........P[.....
0x00003580: 00100000 00000000 000002a1 00000000 ................
0x00003590: 00000000 00000003 00001148 000002a1 ........H.......
0x000035a0: 00013570 0000008c 82000280 00000221 p5..........!...
0x000035b0: 00000000 01bcabe8 00000000 00000000 ................
0x000035c0: 00019000 000002a1 00013c70 00000000 ........p<......
0x000035d0: 00000000 00000000 025b50e8 00000000 .........P[.....
0x000035e0: 025b09d0 025b00c4 00005408 00000040 ..[...[..T..@...
0x000035f0: 00000000 00001108 01010100 0012ddf4 ................
0x00003600: 000132a8 0012e550 76ec9ac2 00ed9504 .2..P......v....
0x00003610: fffffffe 76f27352 76f27385 00000000 ....Rs.v.s.v....
0x00003620: 00000000 025b08d4 025b07e0 00000000 ......[...[.....
0x00003630: 0012df04 76e29a26 025b0000 00000000 ....&..v..[.....
0x00003640: 025b09c8 0012df18 71bb2415 025b0000 ..[......$.q..[.
0x00003650: 0012df20 01bb0048 0012e418 00000000 ...H...........
0x00003660: 0012e33c 71bb2985 0012e418 01bb0048 <....).q....H...
0x00003670: 025b0900 00000000 71bb2f59 001a0018 ..[.....Y/.q....
0x00003680: 00000000 76f25c24 7ffdfc00 00000000 ....$\.v........
0x00003690: 0012df84 76f04cbc 00020000 0012df78 .....L.v....x...
0x000036a0: 0012e418 01bc100c 00000002 00000002 ................
0x000036b0: 00000000 760e063c 00000000 760e06c4 ....<..v.......v
0x000036c0: 76f85078 76f85078 0012e0e4 76f04fae xP.vxP.v.....O.v
0x000036d0: 0012dfbc 0012e140 00000001 025b0900 ....@.........[.
0x000036e0: 71bd1fbe 00000003 025b08f0 01bcb258 ...q......[.X...
0x000036f0: 01bcabf8 00000000 7ffd6000 0012e00c .........`......
0x00003700: 0012e020 0012dfe8 76ee9e35 0012e020 .......5..v ...
0x00003710: 00000100 7f6f05c2 0000011c 0012e00c ......o.........
0x00003720: 00000000 025b07e0 0012dffc 76e0347f ......[......4.v
0x00003730: 0012e00c 0012e1b8 71bb2e21 0012e210 ........!..q....
0x00003740: 0012e020 00000072 71bb2e2e 00000114 ...r......q....
0x00003750: 00000006 00000000 00001772 00000002 ........r.......
0x00003760: 00650053 00760072 00630069 00200065 S.e.r.v.i.c.e. .
0x00003770: 00610050 006b0063 00320020 00000000 P.a.c.k. .2.....
0x00003780: 71bb2e2e 00000114 00000006 00000000 ...q............
0x00003790: 00001772 00000002 00650053 00760072 r.......S.e.r.v.
0x000037a0: 00630069 00200065 00610050 006b0063 i.c.e. .P.a.c.k.
0x000037b0: 00320020 006f0000 00730077 0073005c .2...o.w.s.\.s.
0x000037c0: 00730079 00650074 0033006d 005c0032 y.s.t.e.m.3.2.\.
0x000037d0: 006f0070 00720077 00720070 0066006f p.o.w.r.p.r.o.f.
0x000037e0: 0064002e 006c006c 00740000 00720065 ..d.l.l...t.e.r.
0x000037f0: 0065006e 00200074 00650053 00750063 n.e.t. .S.e.c.u.
0x00003800: 00690072 76f24cb0 76e097b6 ffffffff r.i..L.v...v....
0x00003810: 00000025 0012e0e8 00000030 00000000 %.......0.......
0x00003820: 00000000 76f254a0 76e2d6d2 00000130 .....T.v...v0...
0x00003830: 00000000 00000000 00000000 0012e128 ............(...
0x00003840: 0012e1ac 76f254a0 76e2d6d2 00000130 .....T.v...v0...
0x00003850: 76f254a0 76e2d6d2 00000130 00000000 .T.v...v0.......
0x00003860: 00000000 00000000 0012e154 0012e1d4 ........T.......
0x00003870: 00000038 00000000 76e2aa36 765ba6fb 8.......6..v..[v
0x00003880: 00000000 0012e418 00000000 0000001e ................
0x00003890: 76e2aa36 00000000 00000038 00000000 6..v....8.......
0x000038a0: 00000000 0012e13c 00000000 0012e550 ....<.......P...
0x000038b0: 76e1fd89 00abedc7 fffffffe 76f254a0 ...v.........T.v
0x000038c0: 76f254a0 76e2d6d2 00000130 00000000 .T.v...v0.......
0x000038d0: 00000000 00000000 0012e1c4 0012e244 ............D...
0x000038e0: 00000010 00000000 76e2aa36 765ba66b ........6..vk.[v
0x000038f0: 00000000 0012e418 00002438 0012e264 ........8$..d...
0x00003900: 000000a8 00000000 00000010 00000000 ................
0x00003910: 00000000 0012e1ac 00000000 0012e550 ............P...
0x00003920: 76e1fd89 00abedc7 fffffffe 76e2aa36 ...v........6..v
0x00003930: 71bb3554 76f24ec0 76de1c90 ffffffff T5.q.N.v...v....
0x00003940: 0012e000 01bb13a0 00001000 0012e224 ............$...
0x00003950: 0012e238 71bb24e1 ffffffff 0012e000 8....$.q........
0x00003960: 01bb13a0 00001000 0012e250 00002438 ........P...8$..
0x00003970: 0012e418 00000000 0012e258 71bb248a ........X....$.q
0x00003980: ffffffff 0012e000 00000000 01bb13a0 ................
0x00003990: 00000438 0012e26c 0012e280 71bb3675 8...l.......u6.q
0x000039a0: ffffffff 0012dbc8 00000000 01bb0f68 ............h...
0x000039b0: 00002438 0012e418 01bc0f70 0012e358 8$......p...X...
0x000039c0: 0012e30c 71bb379f 00003308 0012e358 .....7.q.3..X...
0x000039d0: 01bb0048 0012dbc8 00000000 00002438 H...........8$..
0x000039e0: 00000000 00000002 00002438 0012e358 ........8$..X...
0x000039f0: 0012e418 01bb0048 01bb0f68 00000100 ....H...h.......
0x00003a00: 01bcb250 01bcabf8 01bb0d58 0012e30c P.......X.......
0x00003a10: 71bb35fe 00003308 0012e358 01bb0048 .5.q.3..X...H...
0x00003a20: 71bd20be 00000000 00000100 0012e30c . .q............
0x00003a30: 71bb35d6 0012e418 0012e358 00000000 .5.q....X.......
0x00003a40: 00000002 000024d4 00000397 0012e32c .....$......,...
0x00003a50: 71bb3905 00003308 01bc138c 01bb0048 .9.q.3......H...
0x00003a60: 00000000 025b0900 00000000 0012e4a0 ......[.........
0x00003a70: 71bb1bd8 0012e418 0012e358 01bb0048 ...q....X...H...
0x00003a80: 025b0928 00000000 00000000 0012e4d8 (.[.............
0x00003a90: 00000000 00000000 00000008 00000000 ................
0x00003aa0: 00000020 00000020 00000060 00000080 ... ...`.......
0x00003ab0: 00000038 0000001e 000000b8 000000e4 8...............
0x00003ac0: 000000a8 0000018c 00000064 00000190 ........d.......
0x00003ad0: 00000030 000001f0 0000000c 000001f0 0...............
0x00003ae0: 000001fc 00001294 000001fc 00001490 ................
0x00003af0: 00000000 00001490 00001490 00000000 ................
0x00003b00: 000030c4 00000044 000030f8 00003108 .0..D....0...1..
0x00003b10: 0000280c 00005740 00001490 00000d78 .(..@W......x...
0x00003b20: 000014b2 00002208 00000ebc 000027a0 .....".......'..
0x00003b30: 000030c4 00000000 00005914 00000000 .0.......Y......
0x00003b40: 00000000 00000000 00000000 00000000 ................
0x00003b50: 00000000 00000000 ffffffff 00000a5c ............\...
0x00003b60: 025b07e0 025b0900 025b07c8 025b0918 ..[...[...[...[.
0x00003b70: 00000000 00000000 00000000 00000000 ................
0x00003b80: 0000014c 71bb7ea4 00000000 00000002 L....~.q........
0x00003b90: 00000006 00000000 00000000 00001772 ............r...
0x00003ba0: 03000001 000002cc 0000009c 0000000b ................
0x00003bb0: 00000050 00000004 00001000 00000000 P...............
0x00003bc0: 00000000 00000100 00000000 00000000 ................
0x00003bd0: 00000001 00000000 00000000 025b0928 ............(.[.
0x00003be0: 0012e508 71bb2126 ffffffff 00000a5c ....&!.q....\...
0x00003bf0: 025b07e0 00000000 025b07c8 025b0918 ..[.......[...[.
0x00003c00: 01bb0048 0012e4d8 00000000 00000000 H...............
0x00003c10: 00000000 00000000 00000e08 0012ed28 ............(...
0x00003c20: 00000000 0012ed44 00000000 00000000 ....D...........
0x00003c30: 00000018 00000000 025b0918 025b0900 ..........[...[.
0x00003c40: 025b07e0 025b07c8 0012e560 005758ba ..[...[.`....XW.
0x00003c50: ffffffff 00000a5c 00000130 00000000 ....\...0.......
0x00003c60: 0012e53c 00000000 00000000 760acc1c <..............v
0x00003c70: 00000000 00000000 00000000 00000e08 ................
0x00003c80: 0012ec24 00000000 0012e52c 0012ebf0 $.......,.......
0x00003c90: 0012ec54 0045c330 767937bc fffffffe T...0.E..7yv....
0x00003ca0: 0012ebf0 00575a62 00000130 0012ec24 ....bZW.0...$...
0x00003cb0: 00000000 00061a00 00000000 00000000 ................
0x00003cc0: 00001000 00001000 10000000 00001000 ................
0x00003cd0: 00000200 00000005 00000000 00000005 ................
0x00003ce0: 00000000 00063000 760e3ce8 0012e680 .....0...<.v....
0x00003cf0: 76ef0460 02250000 00000000 00063000 `..v..%......0..
0x00003d00: 00000018 02251000 02251028 00001112 ......%.(.%.....
0x00003d10: 76ef0511 760e3fc4 02251000 00063000 ...v.?.v..%..0..
0x00003d20: 0012eb1c 00000000 00000000 00061c00 ................
0x00003d30: 00001148 00000000 00000000 00000000 H...............
0x00003d40: 00000000 00000000 00000000 00540052 ............R.T.
0x00003d50: 76f111fe 00560054 76f11252 00000002 ...vT.V.R..v....
0x00003d60: 02251020 02251028 00000000 00000010 .%.(.%.........
0x00003d70: 0012e91c 00000008 00000001 02251028 ............(.%.
0x00003d80: 00000000 00000000 00000018 00229a50 ............P.".
0x00003d90: 00000000 00000001 00000000 00000000 ................
0x00003da0: c000008a 00f112ec 0012e5d4 00440042 ............B.D.
0x00003db0: 0012ea18 76ec9ac2 00ed90cc fffffffe .......v........
0x00003dc0: 76ef0511 76eefe1f 02250000 00000000 ...v...v..%.....
0x00003dd0: 00063000 02251000 022500b0 00000000 .0....%...%.....
0x00003de0: 0112e918 00000002 0012e6cc 0012eb1c ................
0x00003df0: 00000000 76f27fba 76eefe9a 760e336c .......v...vl3.v
0x00003e00: 001ef8d0 00000000 00001112 001e0001 ................
0x00003e10: 00000000 ab0002a9 00000003 0012e61c ................
0x00003e20: 00000000 00000008 000000b2 00000000 ................
0x00003e30: 21000021 002296e8 0012e998 00000000 !..!..".........
0x00003e40: 00000000 000007ff 00000002 00000011 ................
0x00003e50: 00000001 0012e818 0012e800 00000000 ................
0x00003e60: 0012e800 00000002 0012e7cc 00000000 ................
0x00003e70: 0012eac8 76ee22ec 0012e990 0012e994 .....".v........
0x00003e80: 7ffd61f8 00140020 00000000 00020000 .a.. ...........
0x00003e90: 0012e7ac 76ef95f4 00000011 76ec9b80 .......v.......v
0x00003ea0: 0012e7ac 76ef9658 76ef9671 760e3ee8 ....X..vq..v.>.v
0x00003eb0: 00000001 0012e818 76f25dbd 00000000 .........].v....
0x00003ec0: 00400110 00000000 0012e770 76ec9b80 ..@.....p......v
0x00003ed0: 76ec0000 0012e76c 00ed8b14 0012ec1c ...vl...........
0x00003ee0: 76ec9ac2 00ed8a6c fffffffe 76f25da9 ...vl........].v
0x00003ef0: 0012e818 0012ec1c 0012e8c4 0012e8b8 ................
0x00003f00: 0012ec1c 76f25de4 0012ec1c 0012eb94 .....].v........
0x00003f10: 0012e816 00000000 003a0043 0050005c ........C.:.\.P.
0x00003f20: 006f0072 00720067 006d0061 00610044 r.o.g.r.a.m.D.a.
0x00003f30: 00610074 0043005c 006d006f 0064006f t.a.\.C.o.m.o.d.
0x00003f40: 005c006f 00690043 00440073 006d0075 o.\.C.i.s.D.u.m.
0x00003f50: 00730070 0043005c 00410052 00480053 p.s.\.C.R.A.S.H.
0x00003f60: 0044002e 0050004d 00000000 00000000 ..D.M.P.........
0x00003f70: 00000000 00000000 00000000 00000000 ................
0x00003f80: 00000000 00000000 00000000 00000000 ................
0x00003f90: 00000000 00000000 00000000 00000000 ................
0x00003fa0: 00000000 00000000 00000000 00000000 ................
0x00003fb0: 00000000 00000000 00000000 00000000 ................
0x00003fc0: 00000000 00000000 00000000 00000000 ................
0x00003fd0: 00000000 00000000 00000000 00000000 ................
0x00003fe0: 00000000 00000000 00000000 00000000 ................
0x00003ff0: 00000000 00000000 00000000 00000000 ................
0x00004000: 00000000 00000000 00000000 00000000 ................
0x00004010: 00000000 00000000 00000000 00000000 ................
0x00004020: 00000000 00000000 00000000 00000000 ................
0x00004030: 00000000 00000000 00000000 00000000 ................
0x00004040: 00000000 00000000 00000000 00000000 ................
0x00004050: 00000000 00000000 00000000 00000000 ................
0x00004060: 00000000 00000000 00000000 00000000 ................
0x00004070: 00000000 00000000 00000000 00000000 ................
0x00004080: 00000000 00000000 00000000 00000000 ................
0x00004090: 00000000 00000000 00000000 00000000 ................
0x000040a0: 00000000 00000000 00000000 00000000 ................
0x000040b0: 00000000 00000000 00000000 00000000 ................
0x000040c0: 00000000 00000000 00000000 00000000 ................
0x000040d0: 00000000 00000000 00000000 00000000 ................
0x000040e0: 00000000 00000000 00000000 00000000 ................
0x000040f0: 00000000 00000000 00000000 00000000 ................
0x00004100: 00000000 00000000 00000000 00000000 ................
0x00004110: 00000000 00000000 00000000 00000000 ................
0x00004120: 00000000 00000000 00000000 00000000 ................
0x00004130: 00000000 00000000 00000000 00000000 ................
0x00004140: 00000000 00000000 00000000 00000000 ................
0x00004150: 00000000 00000000 00000000 00000000 ................
0x00004160: 00000000 00000000 00000000 00000000 ................
0x00004170: 00000000 00000000 00000000 00000000 ................
0x00004180: 00000000 00000000 00000000 00000000 ................
0x00004190: 00000000 00000000 00000000 00000000 ................
0x000041a0: 00000000 00000000 00000000 00000000 ................
0x000041b0: 00000000 00000000 00000000 00000000 ................
0x000041c0: 00000000 00000000 00000000 00000000 ................
0x000041d0: 00000000 00000000 00000000 00000000 ................
0x000041e0: 00000000 00000000 00000000 00000000 ................
0x000041f0: 00000000 00000000 00000000 00000000 ................
0x00004200: 00000000 00000000 00000000 00000000 ................
0x00004210: 00000000 00000000 00000000 00000000 ................
0x00004220: 00000000 00000000 00000000 00000000 ................
0x00004230: 00000000 00000000 00000000 00000000 ................
0x00004240: 00000000 00000000 00000000 00000000 ................
0x00004250: 00000000 00000000 00000000 00000000 ................
0x00004260: 00000000 00000000 00000000 00000000 ................
0x00004270: 00000000 00000000 00000000 00000000 ................
0x00004280: 00000000 00000000 00000000 00000000 ................
0x00004290: 00000000 00000000 00000000 00000000 ................
0x000042a0: 00000000 00000000 00000000 00000000 ................
0x000042b0: 00000000 00000000 00000000 00000000 ................
0x000042c0: 00000000 00000000 00000000 00000000 ................
0x000042d0: 00000000 00000000 00000000 00000000 ................
0x000042e0: 00000000 00000000 00000000 00000000 ................
0x000042f0: 00000000 00000000 00000000 00000000 ................
0x00004300: 00000000 00000000 00000000 00000000 ................
0x00004310: 00000000 00000000 00000000 00000000 ................
0x00004320: 00000000 00000000 760ac28c 00000130 ...........v0...
0x00004330: 0012fef8 00580d07 0012ec24 005f0390 ......X.$....._.
0x00004340: 004677d0 00000000 0012fef8 00612408 .wF..........$a.
0x00004350: 0012ec3c 0045c3be 00000000 00000000 <.....E.........
0x00004360: 00000000 0012ed28 0012ed44 00612418 ....(...D....$a.
0x00004370: 00000001 fffffffe 00ed8a6c 0012ec60 ........l...`...
0x00004380: 76f25da9 0012ed28 0012fee8 0012ed44 .].v(.......D...
0x00004390: 0012ecfc 0012f080 76f25dbd 0012fee8 .........].v....
0x000043a0: 0012ed10 76f25d7b 0012ed28 0012fee8 ....{].v(.......
0x000043b0: 0012ed44 0012ecfc 0045c330 00000000 D.......0.E.....
0x000043c0: 0012ed28 0012fee8 76ef9502 0012ed28 (..........v(...
0x000043d0: 0012fee8 0012ed44 0012ecfc 0045c330 ....D.......0.E.
0x000043e0: 01e0d558 0012ed28 70c80000 02080000 X...(......p....
0x000043f0: 0012ecbc 00000000 76de0000 76e29270 ...........vp..v
0x00004400: 76e2a7b6 76e291fe 00000072 00130000 ...v...vr.......
0x00004410: 0012d000 00000054 0012f004 76f25c07 ....T........\.v
0x00004420: 0012ecf0 0012ed0c 0012ecf0 0012ed0c ................
0x00004430: c0000005 00000000 00000000 71bd1f83 ...............q
0x00004440: 00000072 00130000 0012d000 0001003f r...........?...
0x00004450: 0012f014 76f25c07 0012ed28 0012ed44 .....\.v(...D...
0x00004460: 0012ed28 0012ed44 c0000005 00000000 (...D...........
0x00004470: 00000000 71bd203e 00000002 00000000 ....> .q........
0x00004480: 70c80014 0001003f 00000000 00000000 ...p?...........
0x00004490: 00000000 00000000 00000000 00000000 ................
0x000044a0: ffff027f ffff0020 ffffffff 004ab06c .... .......l.J.
0x000044b0: 0159001b 00627ed4 ffff0023 00000000 ..Y..~b.#.......
0x000044c0: 82000000 00004005 a69b0000 40069537 .....@......7..@
0x000044d0: 00000000 c3e54900 f8003ffe fafafafa .....I...?......
0x000044e0: 400580fa 00000000 c3000000 f0004007 ...@.........@..
0x000044f0: d2ec4ec4 4006a9a0 00000000 c0000000 .N.....@........
0x00004500: 00004006 00000000 3ffe8000 00000000 .@.........?....
0x00004510: 00000000 0000003b 00000023 00000023 ....;...#...#...
0x00004520: 01e0d558 70c80000 70c80000 00000000 X......p...p....
0x00004530: 70c80000 70c80014 0012f014 71bd203e ...p...p....> .q
0x00004540: 0000001b 00010246 0012f010 00000023 ....F.......#...
0x00004550: 0020027f 01590000 004ab06c 0000001b .. ...Y.l.J.....
0x00004560: 00627ed4 00000023 00001fa0 0000ffff .~b.#...........
0x00004570: 00000000 82000000 00004005 00000000 .........@......
0x00004580: 00000000 9537a69b 00004006 00000000 ......7..@......
0x00004590: 00000000 c3e54900 00003ffe 00000000 .....I...?......
0x000045a0: fafaf800 80fafafa 00004005 00000000 .........@......
0x000045b0: 00000000 c3000000 00004007 00000000 .........@......
0x000045c0: 4ec4f000 a9a0d2ec 00004006 00000000 ...N.....@......
0x000045d0: 00000000 c0000000 00004006 00000000 .........@......
0x000045e0: 00000000 80000000 00003ffe 00000000 .........?......
0x000045f0: 00000000 00000000 00000000 00000000 ................
0x00004600: 00000000 00000000 00000000 00000000 ................
0x00004610: 00000000 00000000 00000000 00000000 ................
0x00004620: 00000000 00000000 00000000 00000000 ................
0x00004630: 00000000 00000000 00000000 00000000 ................
0x00004640: 00000000 00000000 00000000 00000000 ................
0x00004650: 00000000 00000000 00000000 00000000 ................
0x00004660: 00000000 00000000 00000000 00000000 ................
0x00004670: 00000000 00000000 00000000 00000000 ................
0x00004680: 00000000 00000000 00000000 00000000 ................
0x00004690: 00000000 00000000 00000000 00000000 ................
0x000046a0: 00000000 00000000 00000000 00000000 ................
0x000046b0: 00000000 00000000 00000000 00000000 ................
0x000046c0: 00000000 00000000 00000000 00000000 ................
0x000046d0: 00000000 00000000 00000000 00000000 ................
0x000046e0: 00000000 00000000 00000000 00000000 ................
0x000046f0: 00000000 00000000 00000000 00000000 ................
0x00004700: 00000000 00000000 00000000 00000000 ................
0x00004710: 00000000 00000000 00000000 00000000 ................
0x00004720: 00000000 00000000 00000000 00000000 ................
0x00004730: 00000000 00000000 00000000 00000000 ................
0x00004740: 00000000 00000000 00000000 00000000 ................
0x00004750: 76e2903b 0012f030 71bd20c2 70c80000 ;..v0.... .q...p
0x00004760: 00000001 00000001 0012f074 00000000 ........t.......
0x00004770: 0012f08c 00479cd5 70c80000 00000001 ......G....p....
0x00004780: 00000001 0012f074 760ad9f0 01e0d558 ....t......vX...
0x00004790: 70c80000 76e2903b 75ec1000 75ec0000 ...p;..v...u...u
0x000047a0: 00000080 00056000 00001000 00000020 .....`...... ...
0x000047b0: 01000000 760ad904 00627a78 0012f048 .......vxzb.H...
0x000047c0: 0012f0c4 00587188 00000001 01e0d564 .....qX.....d...
0x000047d0: 0047a542 01e0d564 76e2903b 0047c4e0 B.G.d...;..v..G.
0x000047e0: 70c80000 760ad9d4 006279a0 01e0d558 ...p...v.yb.X...
0x000047f0: 0012f140 00000004 00000001 005b284c @...........L([.
0x00004800: 0215b748 0012f0f8 005871f8 00000000 H........qX.....
0x00004810: 0047a6a6 01e0d564 00400000 0047c4e0 ..G.d.....@...G.
0x00004820: 01e0d558 0047aa5e 760ad990 005a9cdc X...^.G....v..Z.
0x00004830: 005a40ac 006279a0 0012f134 00589c4b .@Z..yb.4...K.X.
0x00004840: ffffffff 0047c660 01e0d558 005a40ac ....`.G.X....@Z.
0x00004850: 005a9cdc 76e2903b 0047c4e0 760ad83c ..Z.;..v..G.<..v
0x00004860: 01e0fb9c 006279a0 00000060 00000000 .....yb.`.......
0x00004870: 0012f11c 0012f1cc 005872e0 00000000 .........rX.....
0x00004880: 00000008 0047c753 00000004 005a40ac ....S.G......@Z.
0x00004890: 005a9cdc 0047c4e0 006279a0 0012f1d8 ..Z...G..yb.....
0x000048a0: 00000000 01e0fc20 00478353 fffffffe .... ...S.G.....
0x000048b0: 00000000 00000001 00423e39 0215bf98 ........9>B.....
0x000048c0: 02159e58 760ad8a4 00000001 0012f1a4 X......v........
0x000048d0: 0012f1a4 0012f1a8 0012f1a8 0062cd58 ............X.b.
0x000048e0: 01402dc3 02159ee8 0062cd58 fffffffe .-@.....X.b.....
0x000048f0: 00000000 0012f1c4 00408da0 00000007 ..........@.....
0x00004900: 02156de8 02159e58 00000000 0012f220 .m..X....... ...
0x00004910: 00583d73 00000000 0012f22c 00424018 s=X.....,....@B.
0x00004920: 0215c048 02159ee8 760adb50 0062cd58 H.......P..vX.b.
0x00004930: 0012f1dc 76e29a26 0012f280 0045c330 ....&..v....0.E.
0x00004940: 0215ad60 00000002 02156de8 0215ad30 `........m..0...
0x00004950: 00000005 00000005 00000000 00000005 ................
0x00004960: 0012f250 00583d9e 00000001 0012f25c P....=X.....\...
0x00004970: 00414afa 02156da0 760adb20 00000000 .JA..m.. ..v....
0x00004980: 00000001 0062cc80 0041484b 0215a338 ......b.KHA.8...
0x00004990: 0012f280 005816aa ffffffff 0012f28c ......X.........
0x000049a0: 004140e8 760adbf0 011e00c4 00000000 .@A....v........
0x000049b0: 0062cc80 00000000 0000010c 01e0e7a8 ..b.............
0x000049c0: 0012feb0 00581420 ffffffff 0012febc .... .X.........
0x000049d0: 0057c318 760ad7c0 fffffffe 00000000 ..W....v........
0x000049e0: 00000001 0062cc80 760e2acc 00000000 ......b..*.v....
0x000049f0: 001e0000 001e00c4 001e31b0 00c000a8 .........1......
0x00004a00: 001e0000 001e0148 00000bb0 00000440 ....H.......@...
0x00004a10: 001e31b0 ae0006a8 00010017 ae0006a8 .1..............
0x00004a20: 0000073b 00000041 00000000 00000003 ;...A...........
0x00004a30: ae0006a8 0000073b ae0006a8 00000045 ....;.......E...
0x00004a40: ae0006a8 000006bb 00000003 001e00c4 ................
0x00004a50: 00000045 0000026e 00000000 0000073b E...n.......;...
0x00004a60: 00000045 00000000 00000000 00000000 E...............
0x00004a70: 001e31b0 00000000 00222610 001e00c4 .1.......&".....
0x00004a80: 00000000 00000000 00000000 000035d8 .............5..
0x00004a90: 01010100 0012f28c 00222aa8 0012fee8 .........*".....
0x00004aa0: 76ec9ac2 00ed9504 fffffffe 76f27352 ...v........Rs.v
0x00004ab0: 76f27385 00000000 00222a08 00000000 .s.v.....*".....
0x00004ac0: 0012f4cc 76f27f46 0012f39c 76f28d78 ....F..v....x..v
0x00004ad0: 001e0000 00000000 00222a00 0012f3ac .........*".....
0x00004ae0: 76f27f5d 00222a08 00000000 0012f8dc ]..v.*".........
0x00004af0: 76dee907 0012f4cc 0000fffe 00000100 ...v............
0x00004b00: 76dfd672 d938c600 01cba72b 2eac3dc9 r..v..8.+....=..
0x00004b10: 01cbc72c d938c600 01cba72b 2eac3dc9 ,.....8.+....=..
0x00004b20: 01cbc72c 00000020 00000000 00000000 ,... ...........
0x00004b30: 00000000 00000000 00000000 00000000 ................
0x00004b40: 00000000 00000000 00000000 00000000 ................
0x00004b50: 00000000 00000000 00000000 00000041 ............A...
0x00004b60: 00000000 00140014 0012f648 00010101 ........H.......
0x00004b70: 007c007a 0012fb58 00000000 ffffffff z.|.X...........
0x00004b80: 00000000 006b7898 00000000 0000026e .....xk.....n...
0x00004b90: 00000000 00000000 00000000 00000000 ................
0x00004ba0: 00000000 00000000 00000000 00000000 ................
0x00004bb0: 00000000 00000000 00000000 00640062 ............b.d.
0x00004bc0: 0012fa58 00000000 00000000 d938c600 X.............8.
0x00004bd0: 01cba72b 00000001 0012f968 00000000 +.......h.......
0x00004be0: 00000000 00000000 00000000 00000000 ................
0x00004bf0: 00000000 00000000 00000000 00000000 ................
0x00004c00: 00000000 00000000 00000000 00000000 ................
0x00004c10: 00000000 00000000 00000028 0012f600 ........(.......
0x00004c20: 0012f5dc 021a0082 00222610 00000000 .........&".....
0x00004c30: 00000000 00140012 76dfd684 0012f560 ...........v`...
0x00004c40: 0012f570 00400110 0012f624 0012f5b8 p.....@.$.......
0x00004c50: 00000018 00000000 0012f570 00000040 ........p...@...
0x00004c60: 00000000 00000000 00000002 00000000 ................
0x00004c70: 00000001 00000000 00000001 021a0082 ................
0x00004c80: 00222610 00000000 00000000 0010000e .&".............
0x00004c90: 76dfd6a0 00000000 00000000 00000000 ...v............
0x00004ca0: 007c007a 0012fb58 760e2c28 00000000 z.|.X...(,.v....
0x00004cb0: 021a0082 00222610 0000000a 00000000 .....&".........
0x00004cc0: ffffffff 00000000 00000000 00400000 ..............@.
0x00004cd0: 00000000 0012f57c 0012f3ec 00000000 ....|...........
0x00004ce0: 0012f4dc 00000110 0012fbca 0012f648 ............H...
0x00004cf0: 00000001 0012f93c 00800000 0012f748 ....<.......H...
0x00004d00: 0012f748 0012f748 00000080 76f24be0 H...H........K.v
0x00004d10: 76ef7454 76f27fba 76ef7463 760e213c Tt.v...vct.v<!.v
0x00004d20: 003b0000 00000000 00000000 00000080 ..;.............
0x00004d30: 76f047ba 0012f610 76f068a1 0012f638 .G.v.....h.v8...
0x00004d40: 0012f614 76f06b1b 000004b4 00001738 .....k.v....8...
0x00004d50: 0012f620 0012f650 76f06acd 00001738 ...P....j.v8...
0x00004d60: 00001bec 000004b4 00003008 00130000 .........0......
0x00004d70: 0012f6c4 fffffffc 00000002 0012f690 ................
0x00004d80: 76efe54e 0012f664 00140ac0 00000000 N..vd...........
0x00004d90: 0012f680 76f0698f 00131738 c0150008 .....i.v8.......
0x00004da0: 00000000 0012f6e8 00000002 0012f6e4 ................
0x00004db0: c0150008 00000000 7ffd6000 7ffdf000 .........`......
0x00004dc0: 0012f6a0 76f06dac 0012f6c4 0012f6e8 .....m.v........
0x00004dd0: 0012f6ec 0012f69c 00131738 00000000 ........8.......
0x00004de0: 0012f6f4 76f04bf5 0012f6c4 0012f6e8 .....K.v........
0x00004df0: 0012f6ec 0012f6e4 0012f80c 0012f81c ................
0x00004e00: 00000000 00000018 00000003 00000000 ................
0x00004e10: 00000002 00000003 00000002 00000001 ................
0x00004e20: 0db00860 00000000 00131738 000004b4 `.......8.......
0x00004e30: 00000100 0012f7b4 76f050aa 00000003 .........P.v....
0x00004e40: 00000000 00000002 0012f778 0012f718 ........x.......
0x00004e50: 76f85078 76f0510a 00000040 00000000 xP.v.Q.v@.......
0x00004e60: 00000000 00000000 00000000 00000000 ................
0x00004e70: 00000000 00000000 00000000 00000000 ................
0x00004e80: 00000000 00000000 00000000 00000000 ................
0x00004e90: 00000000 00000000 0012f7f0 00000000 ................
0x00004ea0: 76ec9ac2 00ed9524 fffffffe 0012f7dc ...v$...........
0x00004eb0: 76f26c4c 00000000 00160014 005a2508 Ll.v.........%Z.
0x00004ec0: 00000000 0012f7b8 76f04cbc 00020000 .........L.v....
0x00004ed0: 0012f7ac 0012f7ac 0012f7ac 00000002 ................
0x00004ee0: 00000004 00222740 001e0000 00000000 ....@'".........
0x00004ef0: 760e2ef0 76f85078 00000000 0012f918 ...vxP.v........
0x00004f00: 00000710 0012f8b8 00000004 001e0000 ................
0x00004f10: 00222740 0012f8b8 76f26fea 76f27026 @'"......o.v&p.v
0x00004f20: 760e21fc 001e0000 00000000 001e019c .!.v............
0x00004f30: 00000000 00222740 001e0000 17000710 ....@'".........
0x00004f40: 0012f95c 001e00c4 001e00c4 001e00c4 \...............
0x00004f50: 00000710 00100000 001e0000 00000000 ................
0x00004f60: 0012f910 76f27373 001e0130 76f27352 ....ss.v0...Rs.v
0x00004f70: 760e2054 00000000 001e0000 00222748 T .v........H'".
0x00004f80: 76ef867b 760e2060 0012f9f4 005a2508 {..v` .v.....%Z.
0x00004f90: 00000000 0012f8f4 001e00c4 001e31b0 .............1..
0x00004fa0: 13000714 001e0000 001e0148 00000000 ........H.......
0x00004fb0: 00222748 001e31b0 00000002 00000000 H'"..1..........
0x00004fc0: 00000000 00000714 00222742 00500000 ........B'"...P.
0x00004fd0: 00000003 00000001 00000714 0012f980 ................
0x00004fe0: 0012f7e0 00222614 00000694 76ec9ac2 .....&"........v
0x00004ff0: 001e00c4 01fffffe 76f27026 76f26c4c ........&p.vLl.v
0x00005000: 00000714 00000020 00000000 00000000 .... ...........
0x00005010: 005a2508 001e31b0 00000000 00222748 .%Z..1......H'".
0x00005020: 001e00c4 0012f970 00000000 0012f9f4 ....p...........
0x00005030: 00000000 fffffffe 0012f930 76f04667 ........0...gF.v
0x00005040: 76f0466e 760e2074 0012f9f4 005a2508 nF.vt .v.....%Z.
0x00005050: 00000000 76f27385 0012f904 00222748 .....s.v....H'".
0x00005060: 0012f994 76ec9ac2 00ede60c fffffffe .......v........
0x00005070: 76f0466e 76f05312 00000001 0e080021 nF.v.S.v....!...
0x00005080: 76f052d5 760e20e0 00000000 76f057d7 .R.v. .v.....W.v
0x00005090: 00000001 00160014 005a2508 00000000 .........%Z.....
0x000050a0: 00000000 00160014 00000000 005a251c .............%Z.
0x000050b0: 0e080021 00000000 005a2516 0012f954 !........%Z.T...
0x000050c0: 001e27d8 00000000 00000000 0012f944 .'..........D...
0x000050d0: 01000000 0012fa00 76ec9ac2 00ede6ac ...........v....
0x000050e0: fffffffe 76f052d5 76f057ef 00000001 .....R.v.W.v....
0x000050f0: 00000001 00000000 0012fa2c 0012f9f4 ........,.......
0x00005100: 0012fa10 76e2925d 00000001 00000000 ....]..v........
0x00005110: 0012fa2c 76e29270 765bbd97 00000000 ,...p..v..[v....
0x00005120: 005a2508 00000002 00000000 00000000 .%Z.............
0x00005130: 00000000 76cf0000 0012f9d8 00000000 .......v........
0x00005140: 0012fe78 76e1fd89 00abd5ff fffffffe x......v........
0x00005150: 76e29270 76e2a7b6 76e291fe 765bb90f p..v...v...v..[v
0x00005160: fffffffe 00000000 00000001 00160014 ................
0x00005170: 005a2508 0012fea8 00000000 00000000 .%Z.............
0x00005180: 00000000 02080000 0012fc64 02080000 ........d.......
0x00005190: 0012fa5c 00000000 76cf0000 0050005c \..........v\.P.
0x000051a0: 006f0072 00720067 006d0061 00460020 r.o.g.r.a.m. .F.
0x000051b0: 006c0069 00730065 0043005c 004d004f i.l.e.s.\.C.O.M.
0x000051c0: 0044004f 005c004f 004f0043 00660063 O.D.O.\.C.O.c.f.
0x000051d0: 00750070 00640070 00740061 0049002e p.u.p.d.a.t...I.
0x000051e0: 0049004e 00200000 00650053 00750063 N.I... .S.e.c.u.
0x000051f0: 00690072 00790074 0000005c 00700066 r.i.t.y.\...f.p.
0x00005200: 00700075 00610064 002e0074 00780065 u.p.d.a.t...e.x.
0x00005210: 00000065 02000002 001e00c4 c90001c8 e...............
0x00005220: 00000005 08000000 76f047ba 760e2258 .........G.vX".v
0x00005230: 0012fb74 0012fc48 76de0000 76de00f0 t...H......v...v
0x00005240: 00000000 0012faec 001e0000 0012fbfc ................
0x00005250: 76ec9ac2 0012fc48 0012fb44 00000000 ...vH...D.......
0x00005260: 76de0000 00000000 00000000 0012fbb2 ...v............
0x00005270: 76de00f0 0012fac0 00000000 0012fbfc ...v............
0x00005280: 76ec9ac2 00ed9a64 fffffffe 76f054c8 ...vd........T.v
0x00005290: 76f055f8 76de0000 003a0000 0050005c .U.v...v..:.\.P.
0x000052a0: 006f0072 00720067 006d0061 00460020 r.o.g.r.a.m. .F.
0x000052b0: 006c0069 00730065 0043005c 004d004f i.l.e.s.\.C.O.M.
0x000052c0: 0044004f 005c004f 004f0043 004f004d O.D.O.\.C.O.M.O.
0x000052d0: 004f0044 00490020 0074006e 00720065 D.O. .I.n.t.e.r.
0x000052e0: 0065006e 00200074 00650053 00750063 n.e.t. .S.e.c.u.
0x000052f0: 00690072 00790074 0063005c 00700066 r.i.t.y.\.c.f.p.
0x00005300: 00700075 00610064 002e0074 00780065 u.p.d.a.t...e.x.
0x00005310: 00000065 00000000 00000000 00000000 e...............
0x00005320: 00000000 00000000 00000000 00000000 ................
0x00005330: 00000000 00000000 00000000 00000000 ................
0x00005340: 00000000 00000000 00000000 76cf87a5 ...............v
0x00005350: 76cf8790 00000000 0012fc2c 00000e08 ...v....,.......
0x00005360: ffffffff 004331b6 00000000 00000000 .....1C.........
0x00005370: 00000000 0012fc2c 00000000 0012fe70 ....,.......p...
0x00005380: 76cf8748 00000000 00000000 00000e08 H..v............
0x00005390: ffffffff 004331b6 00000000 fffffffe .....1C.........
0x000053a0: 76cf8754 0012fc70 fffffffe 0043cc23 T..vp.......#.C.
0x000053b0: 00000020 00000088 0012fc90 fffffffe ...............
0x000053c0: 0059ade4 00000001 0012fdc0 00400000 ..Y...........@.
0x000053d0: 003a0043 003a0043 0050005c 006f0072 C.:.C.:.\.P.r.o.
0x000053e0: 00720067 006d0061 00460020 006c0069 g.r.a.m. .F.i.l.
0x000053f0: 00730065 0043005c 004d004f 0044004f e.s.\.C.O.M.O.D.
0x00005400: 005c004f 004f0043 004f004d 004f0044 O.\.C.O.M.O.D.O.
0x00005410: 00490020 0074006e 00720065 0065006e .I.n.t.e.r.n.e.
0x00005420: 00200074 76d0a5d4 76d0b22c 76d0be58 t. ....v,..vX..v
0x00005430: 0012fd98 76f05479 0012fdfe 0000030b ....yT.v........
0x00005440: 76cf0000 76d0b22c 76f054c8 760e24dc ...v,..v.T.v.$.v
0x00005450: 00000000 00000000 0012fdfc 0025002b ............+.%.
0x00005460: 01e00148 00000000 00000001 00000010 H...............
0x00005470: 01e00148 76f047ba 760e242c 0012fdc0 H....G.v,$.v....
0x00005480: 0012fe94 76cf0000 76cf00e8 00000000 .......v...v....
0x00005490: 0012fd38 00000000 0012fe48 76ec9ac2 8.......H......v
0x000054a0: 0012feb0 0012fe28 c0000034 0012fda0 ....(...4.......
0x000054b0: 76f0074f 76f00754 760e24e4 c0000034 O..vT..v.$.v4...
0x000054c0: 0012fe28 0012feb0 0012fd78 76ec9ac2 (.......x......v
0x000054d0: 0012fde8 76ec9ac2 00ed8b74 fffffffe .......vt.......
0x000054e0: 76f00754 77077b3e 77077b7b 7631a07c T..v>{.w{{.w|.1v
0x000054f0: 005a11e0 80000001 000000e8 00000018 ..Z.............
0x00005500: 000000e8 0012fe28 00000040 00000000 ....(...@.......
0x00005510: 00000000 00780078 005a11e0 0012fe3c ....x.x...Z.<...
0x00005520: 0012fdac 001f3cc8 0012fe48 7703913d .....<..H...=..w
0x00005530: 01242604 fffffffe 770ca580 00000002 .&$........w....
0x00005540: 770ca580 000000e8 00000002 0012fe58 ...w........X...
0x00005550: 77077d9c 77077ce1 7631a3dc 00000000 .}.w.|.w..1v....
0x00005560: 0062cc80 0061c68c 00780078 005a11e0 ..b...a.x.x...Z.
0x00005570: 00000000 01e0f940 001f3cc8 00000000 ....@....<......
0x00005580: 0012fe18 00221998 0012fee8 7703913d ......".....=..w
0x00005590: 0124216c fffffffe 77077ce1 77077bbc l!$......|.w.{.w
0x000055a0: 80000001 005a11e0 00000000 00000001 ......Z.........
0x000055b0: 0012feb0 00000000 0012feb4 00430ee1 ..............C.
0x000055c0: 80000001 005a11e0 00000000 760ad7c0 ......Z........v
0x000055d0: 0012feb0 0062cc80 fffffffe 00000001 ......b.........
0x000055e0: 00000004 0062cc80 00000000 0012f294 ......b.........
0x000055f0: 0012fee8 00593c45 ffffffff 0012fef8 ....E<Y.........
0x00005600: 00580c97 760ad784 fffffffe 00000000 ..X....v........
0x00005610: 00000001 00457436 0062cc80 ffffffff ....6tE...b.....
0x00005620: 0012fec4 0012ec24 0012ff78 0045c330 ....$...x...0.E.
0x00005630: 76790d74 00000000 0012ff88 00457292 t.yv.........rE.
0x00005640: 00400000 00000000 001e1ac4 00000004 ..@.............
0x00005650: 760ad6f4 00000000 00000000 7ffd6000 ...v.........`..
0x00005660: 00000044 001e1b6e 001e1b4e 001e1ad2 D...n...N.......
0x00005670: 00000000 00000000 00000000 00000000 ................
0x00005680: 00000000 00000000 00000000 00000001 ................
0x00005690: 00000004 00000000 00000000 0012ff84 ................
0x000056a0: 0045ea7d 0012ff74 00000000 00000000 }.E.t...........
0x000056b0: 0012ff10 ee56b768 0012ffc4 0045c330 ....h.V.....0.E.
0x000056c0: 767852e4 00000001 0012ff94 76e2d0e9 .Rxv...........v
0x000056d0: 7ffd6000 0012ffd4 76f016c3 7ffd6000 .`.........v.`..
0x000056e0: 760e2690 00000000 00000000 7ffd6000 .&.v.........`..
0x000056f0: 00000000 00000000 00000000 0012ffa0 ................
0x00005700: 00000000 ffffffff 76ec9ac2 00ed904c ...........vL...
0x00005710: 00000000 0012ffec 76f01696 004572fd ...........v.rE.
0x00005720: 7ffd6000 00000000 00000000 00000000 .`..............
0x00005730: 00000000 004572fd 7ffd6000 00000000 .....rE..`......
0x00005740: 00cc33cc 76f25460 76e2a5d7 00000002 .3..`T.v...v....
0x00005750: 0243fe80 00000001 00000000 00000000 ..C.............
0x00005760: 740ab94b 00000000 00000002 0243fef4 K..t..........C.
0x00005770: 00000024 00000001 00000000 00000000 $...............
0x00005780: 00000000 00000000 00000000 00000000 ................
0x00005790: 00000000 00000118 00000128 0099ffcc ........(.......
0x000057a0: 00ccffcc 00ffffcc 000000ff 003300ff ..............3.
0x000057b0: 006600ff 009900ff 00cc00ff 00ff00ff ..f.............
0x000057c0: 000033ff 00000002 0243fe4c 009933ff .3......L.C..3..
0x000057d0: 0243ffc4 76e1fd89 00abe20f 00000001 ..C....v........
0x000057e0: 0243ff20 76d10f8d 0243fe80 0243fef4 .C....v..C...C.
0x000057f0: 00000000 ffffffff 00000000 76d08343 ............C..v
0x00005800: 715072a4 00000000 00000118 00000128 .rPq........(...
0x00005810: 0066ccff 0099ccff 00ccccff 00ffccff ..f.............
0x00005820: 0000ffff 0033ffff 0066ffff 00000000 ......3...f.....
0x00005830: 00000000 0243ff3c 76d07f5a 00000128 ....<.C.Z..v(...
0x00005840: 0243ff80 ffffffff 000004ff 00000000 ..C.............
0x00005850: 0243ff88 713974b2 00000001 0243ff80 ..C..t9q......C.
0x00005860: 00000000 ffffffff 000004ff 00000000 ................
0x00005870: 00000000 00000000 00000000 00000000 ................
0x00005880: 00000000 00000000 00000000 00000000 ................
0x00005890: 00000000 00000118 00000000 0243ff94 ..............C.
0x000058a0: 76e2d0e9 00000000 0243ffd4 76f016c3 ...v......C....v
0x000058b0: 00000000 745f2690 00000000 00000000 .....&_t........
0x000058c0: 00000000 00000000 00000000 00000000 ................
0x000058d0: 0243ffa0 00000000 ffffffff 76ec9ac2 ..C............v
0x000058e0: 00ed904c 00000000 0243ffec 76f01696 L.........C....v
0x000058f0: 71397456 00000000 00000000 00000000 Vt9q............
0x00005900: 00000000 00000000 71397456 00000000 ........Vt9q....
0x00005910: 00000000 00000000 00000000 00000000 ................

When I clicked Send Error Report

It says: crashrep
The error report was not sent. Please send the file 'C:\ProgramData\Comodo\DisDumps\cfupdate.zip' to

cpfbugs@comodo.com

I was able to navigate to the folder this time, and all the files were there beginning with 3 zip files on Feb 7.

I attached all the files to an email and sent it to the address. There are about 17 files in that folder now.



Occasionally (in the days since I first posted here) I've been getting a Firewall Alert: System is trying to

receive a connection from the Internet Remote 192.168.1.67 UDP port nbname(137) I block those each time. Then I noticed that I get an update alert for something. Today it was Comodo that needed to update. I didn't update. What should I be doing in these instances (until I'm clean)?



Here are all the reports:

DDS report


DDS (Ver_10-12-12.02) - NTFSx86
Run by Marcy at 13:12:25.40 on Mon 02/28/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1116 [GMT -6:00]

AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\notepad.exe
C:\Users\Marcy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo

print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6

\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo

print\EPTBL.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [EPSON NX300 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieja.exe /fu

"c:\windows\temp\E_SDBFC.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\marcy\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program

files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: {0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} = 156.154.70.22,156.154.71.22
TCP: {D2DC0B68-5A58-4833-8649-A675F738D88A} = 156.154.70.22,156.154.71.22
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\marcy\appdata\roaming\mozilla\firefox\profiles\ru9rf1qf.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-

7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%

\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-

0a20203c1e17}

============= SERVICES / DRIVERS ===============

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 17256]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 34744]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-2-6 20384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-

20 21504]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe

[2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop

search\GoogleDesktop.exe [2008-9-30 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2011-2-6 954368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-23 06:44:11 94848 ----a-w- C:\kwdcyaob.sys
2011-02-12 21:15:42 -------- d-----w- c:\program files\Defraggler
2011-02-12 21:11:21 -------- d-----w- c:\program files\CCleaner
2011-02-10 13:26:04 -------- d-----w- c:\program files\Windows Portable Devices
2011-02-10 13:23:43 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-02-10 13:23:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-10 13:23:39 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-10 13:23:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-02-10 13:21:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-02-10 13:21:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-02-10 13:21:04 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-02-09 08:43:54 -------- d-----w- c:\program files\ZipGenius 6
2011-02-09 01:03:12 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 01:03:06 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 01:03:05 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 01:03:04 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 01:03:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-09 01:01:59 834048 ----a-w- c:\windows\system32\wininet.dll
2011-02-09 01:01:58 389632 ----a-w- c:\windows\system32\html.iec
2011-02-09 01:01:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-09 01:01:36 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 01:01:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 01:01:00 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-02-08 14:39:53 -------- d-----w- c:\users\marcy\appdata\roaming\Malwarebytes
2011-02-08 14:39:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 14:39:33 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-08 14:39:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 14:39:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 08:06:16 -------- d-----w- c:\users\marcy\appdata\local\Apple Computer
2011-02-08 08:04:37 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-08 08:04:37 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-08 08:03:25 -------- d-----w- c:\program files\iPod
2011-02-08 08:03:22 -------- d-----w- c:\program files\iTunes
2011-02-08 08:03:22 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-08 08:00:24 -------- d-----w- c:\users\marcy\appdata\local\Apple
2011-02-08 07:56:16 -------- d-----w- c:\program files\Bonjour
2011-02-08 01:41:51 -------- d-----w- c:\windows\system32\eu-ES
2011-02-08 01:41:51 -------- d-----w- c:\windows\system32\ca-ES
2011-02-08 01:41:49 -------- d-----w- c:\windows\system32\vi-VN
2011-02-08 01:13:03 -------- d-----w- c:\windows\system32\EventProviders
2011-02-08 01:09:41 -------- d--h--w- C:\VritualRoot
2011-02-08 00:14:59 758784 ----a-w- c:\windows\system32\qmgr.dll
2011-02-08 00:13:51 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-02-08 00:03:23 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-08 00:03:23 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-02-08 00:03:23 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-08 00:03:16 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-02-08 00:03:11 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-08 00:03:11 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-08 00:03:11 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-08 00:03:11 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-08 00:03:11 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-08 00:03:07 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-07 23:20:28 -------- d-----w- c:\program files\COMODO
2011-02-07 22:12:23 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-02-07 22:06:37 116472 ------w- c:\windows\system32\pxcpyi64.exe
2011-02-07 22:06:36 129784 ------w- c:\windows\system32\pxafs.dll
2011-02-07 22:06:36 118520 ------w- c:\windows\system32\pxinsi64.exe
2011-02-07 21:40:12 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2011-02-07 21:39:13 -------- d-----w- c:\progra~2\UDL
2011-02-07 21:38:37 -------- d-----w- c:\program files\Epson Software
2011-02-07 21:34:34 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-02-07 21:34:33 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-02-07 21:34:33 51360 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-02-07 21:34:33 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-02-07 21:34:32 51360 ----a-w- c:\windows\system32\EpPicMgr.dll
2011-02-07 21:32:33 86528 ----a-w- c:\windows\system32\E_FLBEJA.DLL
2011-02-07 21:32:29 78848 ----a-w- c:\windows\system32\E_FD4BEJA.DLL
2011-02-07 21:32:10 -------- d-----w- c:\progra~2\EPSON
2011-02-07 21:30:47 71680 ----a-w- c:\windows\system32\escwiad.dll
2011-02-07 21:30:32 -------- d-----w- c:\program files\epson
2011-02-07 14:40:29 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-02-07 09:08:46 -------- d-----w- c:\users\marcy\appdata\roaming\OpenOffice.org
2011-02-07 09:02:36 -------- d-----w- c:\program files\OpenOffice.org 3
2011-02-07 07:24:36 -------- d-----w- c:\users\marcy\appdata\local\Adobe
2011-02-07 07:23:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-07 07:23:58 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-07 07:16:50 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-07 07:16:50 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-07 07:16:50 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-07 07:16:50 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-07 07:16:50 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-07 06:56:24 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-02-07 06:49:50 -------- d-----w- c:\users\marcy\appdata\local\Microsoft Games
2011-02-07 06:29:12 119808 ----a-w- c:\program files\mozilla

firefox\components\GoogleDesktopMozilla.dll
2011-02-07 05:03:38 -------- d-----w- C:\DOCS
2011-02-07 05:00:06 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-02-07 05:00:06 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-02-07 05:00:05 274944 ----a-w- c:\windows\system32\schannel.dll
2011-02-07 04:59:54 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-07 04:59:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-07 04:59:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-07 04:59:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-07 04:59:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-02-07 04:59:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-07 04:59:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-07 04:59:53 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-07 04:59:37 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-02-07 04:59:35 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-02-07 04:59:18 -------- d-----w- c:\program files\common files\Toshiba Shared
2011-02-07 04:58:41 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-02-07 04:58:41 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-02-07 04:58:41 2048 ----a-w- c:\windows\system32\mferror.dll
2011-02-07 04:58:03 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-07 04:56:50 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-02-07 04:55:59 502272 ----a-w- c:\windows\system32\usp10.dll
2011-02-07 04:55:58 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-02-07 04:55:56 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-07 04:55:52 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-02-07 04:55:52 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-02-07 04:55:52 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-02-07 04:55:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-07 04:55:44 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-07 04:55:44 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-02-07 04:54:39 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-07 04:53:56 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-07 04:53:56 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-07 04:53:56 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-07 04:53:55 471552 ----a-w- c:\windows\system32\secproc.dll
2011-02-07 04:53:55 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-07 04:53:55 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-07 04:53:55 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-02-07 04:53:55 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-07 04:53:55 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-07 04:52:38 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2011-02-07 04:52:30 -------- d-----w- c:\program files\Jumpstart
2011-02-07 04:50:45 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2011-02-07 04:50:45 53248 ----a-w- c:\windows\system32\athihvui.dll
2011-02-07 04:50:45 516096 ----a-w- c:\windows\system32\S64CPA.exe
2011-02-07 04:50:45 -------- d-----w- c:\windows\system32\nn-NO
2011-02-07 04:50:44 393216 ----a-w- c:\windows\system32\athihvs.dll
2011-02-07 04:50:24 -------- d-----w- c:\program files\Cisco
2011-02-07 04:50:24 -------- d-----w- c:\program files\Atheros
2011-02-07 04:50:20 -------- d-----w- c:\progra~2\Atheros
2011-02-07 04:48:41 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-07 04:48:39 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-07 04:48:39 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-07 04:46:58 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-02-07 04:46:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-07 04:46:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-02-07 04:46:52 243712 ----a-w- c:\windows\system32\rastls.dll
2011-02-07 04:45:33 -------- d-----w- c:\windows\system32\ENU
2011-02-07 04:45:32 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2011-02-07 04:45:26 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-02-07 04:43:55 77824 ----a-w- c:\windows\system32\tosmreg.exe
2011-02-07 04:43:55 491520 ----a-w- c:\windows\system32\cselect.exe
2011-02-07 04:43:55 45056 ----a-w- c:\windows\system32\csellang.dll
2011-02-07 04:43:54 -------- d-----w- c:\program files\ltmoh
2011-02-07 04:43:22 -------- d-----w- c:\windows\Options
2011-02-07 04:43:16 -------- d-----w- c:\progra~2\Comodo
2011-02-07 04:43:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-07 04:43:12 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-02-07 04:43:12 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-02-07 04:42:07 -------- d-----w- c:\windows\system32\RTCOM
2011-02-07 04:38:47 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-02-07 04:38:47 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-02-07 04:38:47 -------- d-----w- c:\windows\system32\Lang
2011-02-07 04:34:19 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-02-07 04:34:09 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-02-07 04:34:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-02-07 04:34:02 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-02-07 04:26:07 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-07 04:20:41 -------- d-----w- c:\users\marcy\appdata\local\Toshiba
2011-02-07 04:20:35 -------- d-----w- c:\users\marcy\appdata\local\Google
2011-02-07 04:20:32 -------- d-----w- c:\users\marcy\appdata\roaming\Symantec
2011-02-07 04:20:02 -------- d-----w- c:\users\marcy\appdata\local\VirtualStore
2011-02-07 04:20:01 17 --sh--r- c:\windows\system32\drivers\fbd.sys

==================== Find3M ====================

2011-02-07 04:41:32 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-02-07 04:41:30 315392 ----a-w- c:\windows\HideWin.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-29 07:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 13:14:57.69 ===============

Attach DDS file


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 2/6/2011 10:23:44 PM
System Uptime: 2/28/2011 9:37:19 AM (4 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Genuine Intel® CPU 585 @ 2.16GHz | CPU | 2161/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 140 GiB total, 96.096 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 1.921 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 2.048 GiB free.
G: is FIXED (NTFS) - 297 GiB total, 204.959 GiB free.
H: is CDROM (UDF)
I: is FIXED (NTFS) - 466 GiB total, 81.625 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP136: 2/14/2011 1:22:26 PM - Scheduled Checkpoint
RP137: 2/15/2011 4:42:35 PM - Installed Windows Media Player Firefox Plugin
RP138: 2/16/2011 7:46:16 AM - Scheduled Checkpoint
RP139: 2/17/2011 5:03:54 PM - Scheduled Checkpoint
RP140: 2/19/2011 7:56:57 AM - Scheduled Checkpoint
RP141: 2/20/2011 3:28:50 AM - Scheduled Checkpoint
RP142: 2/21/2011 12:00:03 AM - Scheduled Checkpoint
RP143: 2/22/2011 7:48:02 AM - Scheduled Checkpoint
RP144: 2/23/2011 3:10:30 AM - Windows Update
RP145: 2/24/2011 12:21:24 AM - Scheduled Checkpoint
RP146: 2/25/2011 1:01:08 AM - Scheduled Checkpoint
RP147: 2/26/2011 1:05:17 AM - Scheduled Checkpoint
RP148: 2/27/2011 3:03:39 PM - Scheduled Checkpoint
RP149: 2/28/2011 10:49:38 AM - Scheduled Checkpoint

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop Elements 6.0
Adobe Photoshop Lightroom 3.3
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Bonjour
CCleaner
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Internet Security
Defraggler
DVD MovieFactory for TOSHIBA
Epson Easy Photo Print 2
EPSON NX300 Series Printer Uninstall
EPSON Scan
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 23
Java™ 6 Update 6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WildTangent Games
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
ZipGenius 6 (6.3.1.2617)

==== Event Viewer Messages From Past Week ========

2/28/2011 12:01:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while

waiting for a transaction response from the NlaSvc service.
2/24/2011 12:55:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the

computer AMANDA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2DC0B68-

5A58-4833-8649-A675F738. The master browser is stopping or an election is being forced.
2/23/2011 9:39:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/23/2011 9:38:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start

the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/23/2011 9:38:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start

the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/23/2011 9:38:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/23/2011 9:38:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start

the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/23/2011 6:50:05 AM, Error: EventLog [6008] - The previous system shutdown at 6:48:41 AM on 2/23/2011 was

unexpected.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s)

failed to load: AFD cmdGuard cmdHlp DfsC inspect jswpslwf NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx

Wanarpv6
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network

Store Interface Service service which failed to start because of the following error: The dependency service or

group failed to start.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends

on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device

attached to the system is not functioning.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client

Redirector Driver service which failed to start because of the following error: The dependency service or group

failed to start.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the

Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device

attached to the system is not functioning.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service

depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A

device attached to the system is not functioning.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the

SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency

service or group failed to start.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the

SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency

service or group failed to start.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends

on the NSI proxy service service which failed to start because of the following error: A device attached to the

system is not functioning.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on

the Network Store Interface Service service which failed to start because of the following error: The dependency

service or group failed to start.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the

Network Location Awareness service which failed to start because of the following error: The dependency service or

group failed to start.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store

Interface Service service which failed to start because of the following error: The dependency service or group

failed to start.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy

TDI Support Driver service which failed to start because of the following error: A device attached to the system

is not functioning.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary

Function Driver for Winsock service which failed to start because of the following error: A device attached to the

system is not functioning.
2/23/2011 12:44:22 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server

service which failed to start because of the following error: The dependency service or group failed to start.
2/23/2011 12:42:57 AM, Error: EventLog [6008] - The previous system shutdown at 12:41:32 AM on 2/23/2011 was

unexpected.
2/22/2011 2:15:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while

waiting for a transaction response from the PlugPlay service.

==== End Of File ===========================



RKunHooker report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x8B205000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode

Driver)
0x81E0E000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81E0E000 PnpManager 3907584 bytes
0x81E0E000 RAW 3907584 bytes
0x81E0E000 WMIxWDM 3907584 bytes
0x936C0000 Win32k 2109440 bytes
0x936C0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BE00000 C:\Windows\system32\drivers\RTKVHDA.sys 2093056 bytes (Realtek Semiconductor Corp., Realtek® High

Definition Audio Function Driver)
0x8C202000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x87A01000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82E07000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x87807000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8BCD7000 C:\Windows\system32\DRIVERS\athr.sys 946176 bytes (Atheros Communications, Inc., Atheros Extensible

Wireless LAN device driver)
0x804D2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA9457000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment

Authentication and Authorization Export Driver)
0x8C86F000 C:\Windows\System32\Drivers\dump_iaStor.sys 843776 bytes
0x82C05000 C:\Windows\system32\DRIVERS\iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager

driver - ia32)
0xA7804000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8B8E9000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BC09000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus

Driver)
0x80601000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82D4F000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support

Provider Interface)
0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode

Update Library)
0xA78B4000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA9409000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x80733000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension

Driver)
0x8C123000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for

WinSock)
0x8068A000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x87B4F000 C:\Windows\system32\DRIVERS\tos_sps32.sys 274432 bytes (TOSHIBA Corporation, tos_sps2)
0x80491000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8BC96000 C:\Windows\system32\DRIVERS\Rtlh86.sys 266240 bytes (Realtek

, Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x807A2000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port

Driver)
0x8B9A0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C333000 C:\Windows\System32\DRIVERS\cmdguard.sys 249856 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0x8C805000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering

SubSystem Driver)
0x82F3D000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA793E000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)
0x8796A000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel

SubRdr)
0x87B11000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C056000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x821C8000 ACPI_HAL 208896 bytes
0x821C8000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82D03000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter

Manager)
0x8C16B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x82F9A000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x82DC0000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator

Driver)
0x8C09C000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver

for Port/Miniport Devices))
0x82F12000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call

Provider)
0x8C015000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8792D000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x879A3000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x87BA9000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E1000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI

Enumerator)
0x8C0C9000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM

Descrambler Filter)
0x805B2000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver

(Strong Encryption))
0x8790C000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA79A7000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8C3A3000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA79C8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82CDB000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA7921000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x878F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8C97F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization

Filter Driver)
0xA7979000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram

Receiver Driver)
0x82FCA000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA79E7000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0

Redirector)
0x8C84B000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x82FE2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-

manager driver)
0xA9561000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic

Parent Driver)
0xA954B000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8C1B3000 C:\Windows\system32\DRIVERS\inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0x8C19D000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C0EE000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA7992000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service

Driver)
0x805E9000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call

Manager)
0x8C96A000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class

Driver)
0x805D5000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling

Protocol)
0x8C956000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass

Storage Driver for Vista)
0x8C10F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8BDBE000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x87957000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder

Driver for NDIS 6)
0x8C1D7000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing

ARP Driver)
0x87BD0000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8C08B000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80478000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error

Driver)
0x82D35000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8C9A3000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8C9EC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper

I/O Driver)
0x8077D000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C003000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x82F8B000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8C947000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87B9A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80708000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x807E3000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-

manager driver)
0x8B9DE000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80724000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x93900000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8C1C9000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C3DF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80794000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver

Extension)
0x8C862000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C31E000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8C049000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xA9578000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x8067D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA953F000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry

Compatibility Driver)
0x8C397000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B989000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8C104000 C:\Windows\System32\DRIVERS\cmdhlp.sys 45056 bytes (COMODO, COMODO Internet Security Helper Driver)
0x8BDD1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BDDE000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8C3D4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x82DEF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper

driver)
0x8B9ED000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x82F78000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface

Driver)
0x8B995000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071A000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8C93D000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82CF9000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8C03F000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS

Driver)
0x8C1EA000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8C841000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x82D45000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for

Windows 2000/XP)
0xA9535000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited,

and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8BDE9000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver

for x86.)
0xA9585000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x87BE1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification

Filter Driver)
0x8C370000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer

Driver)
0x8C99A000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input

Devices)
0xA9596000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8C3ED000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection

Driver)
0x938E0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87BF7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface

Driver)
0x806D0000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library

Dll)
0x82CD3000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80489000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C32B000 C:\Windows\System32\DRIVERS\cmderd.sys 32768 bytes (COMODO, COMODO Internet Security Eradication Driver)
0x82F83000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit

Driver)
0x8C9B3000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806D9000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C3C4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C3CC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87B92000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C380000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8C390000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA958F000 C:\Users\Marcy\AppData\Local\Temp\mbr.sys 28672 bytes
0x8C379000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8078D000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8BDF3000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8C3F6000 C:\Windows\system32\DRIVERS\jswpslwf.sys 20480 bytes (Atheros Communications, Inc., Atheros Security

NDIS 6.0 Filter Driver)
0x87B4A000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added

Logical and General Purpose Device Driver)
0x879FB000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery

Driver)
0x80717000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8C9BB000 C:\Windows\system32\DRIVERS\wdcsam.sys 12288 bytes (Western Digital Technologies, WD SCSI Architecture

Model (SAM) driver)
0x8C013000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device

Enumerator)
0x8BDDC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x044C0000 Hidden Image-->SwUpdates.dll [ EPROCESS 0x811CBD90 ] PID: 3500, 110592 bytes
0x04530000 Hidden Image-->FilterLib.dll [ EPROCESS 0x811CBD90 ] PID: 3500, 36864 bytes
0x00810000 Hidden Image-->PluginLib.dll [ EPROCESS 0x811CBD90 ] PID: 3500, 53248 bytes
0x00F40000 Hidden Image-->Alerts.dll [ EPROCESS 0x811CBD90 ] PID: 3500, 86016 bytes



Thanks!

Marcy

Edited by mwarrior, 28 February 2011 - 02:51 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 PM

Posted 28 February 2011 - 02:57 PM

Hello

what email got hacked - yahoo - hotmail (don't need your email address just what company) have you changed the password on your email account?

don't worry to much most of the time this happens from the server side not the computer

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mwarrior

mwarrior
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 28 February 2011 - 03:17 PM

Wow! That was fast! It was sbcglobal, so I guess that's yahoo or at&t. Ok, I'm going to download the programs now. Thanks!

Edited to add: I haven't changed my password because I thought I had a keylogger. If it's ok to do so, I will change it.

Edited by mwarrior, 28 February 2011 - 03:22 PM.


#6 mwarrior

mwarrior
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 28 February 2011 - 03:37 PM

I downloaded ComboFix, turned off internet, turned off Comodo and double clicked it. After clicking Allow, I got the the green ComboFix bar almost to the end and then I get three alerts that say the same thing: Windows cannot open this file: File: nircmd.cfxxe It asked if I wanted to look for a program or search the internet. I cancelled them and restarted. I got the same thing the next time.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 PM

Posted 28 February 2011 - 03:47 PM

Hello

change the passwords on the email account now and after we finish change them again to be sure

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mwarrior

mwarrior
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 28 February 2011 - 05:29 PM

Ok, I did it, but I don't think I did it right. I booted into safe mode. Comodo was not showing in the tray. (The pages you referenced said to right click on it in the tray and exit.) ComboFix alerted me that Comodo Antivirus and Comodo Defense+ were still running. I went to start, clicked on comodo to start it. It said the internet partt was trying to start. I then clicked x to close. Then it was in my tray and I right clicked and clicked exit. Then I clicked OK in comboFix but another alert said that they were still running and that combofix would still run and that I had been warned (or something similar). There was no other option but to click Ok, so I did. When scanning for infections, some of the sections said that Administrator permission was required. The log came up, but I didn't know if it was finished. I waited. Then I tried to pull up task manager to see if combofix was still running, but I got an alert that said: c:\windows\system32\taskmgr.exe illegal operation attempted on a registry key that has been marked for deletion. (I can pull up task manager now.) I rebooted into safe mode to make sure combofix was completely finished. Nothing happened, so I rebooted normally. When I opened Firefox, I was alerted that it wasn't the default browser. That is a first time for that alert since I made Firefox default as soon as I installed it. Ok, here is the log (I hope.)

ComboFix 11-02-28.02 - Marcy 02/28/2011 15:57:01.1.1 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1560 [GMT -6:00]
Running from: c:\users\Marcy\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-28 to 2011-02-28 )))))))))))))))))))))))))))))))
.

2011-02-28 21:49 . 2011-02-28 21:55 -------- d-----w- C:\32788R22FWJFW
2011-02-23 06:44 . 2011-02-23 06:44 94848 ----a-w- C:\kwdcyaob.sys
2011-02-12 21:15 . 2011-02-12 21:15 -------- d-----w- c:\program files\Defraggler
2011-02-12 21:11 . 2011-02-12 21:11 -------- d-----w- c:\program files\CCleaner
2011-02-10 13:26 . 2011-02-10 13:26 -------- d-----w- c:\program files\Windows Portable Devices
2011-02-10 13:23 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-02-10 13:23 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-10 13:23 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-10 13:23 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-02-10 13:21 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-02-10 13:21 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-02-10 13:21 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-02-09 08:43 . 2011-02-09 08:45 -------- d-----w- c:\program files\ZipGenius 6
2011-02-09 01:03 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 01:03 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 01:03 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 01:03 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 01:03 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-09 01:01 . 2010-12-20 16:36 834048 ----a-w- c:\windows\system32\wininet.dll
2011-02-09 01:01 . 2010-12-20 14:55 389632 ----a-w- c:\windows\system32\html.iec
2011-02-09 01:01 . 2010-12-20 15:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-09 01:01 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 01:01 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 01:01 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-02-08 14:39 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 14:39 . 2011-02-08 14:39 -------- d-----w- c:\programdata\Malwarebytes
2011-02-08 14:39 . 2011-02-08 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-08 14:39 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 08:04 . 2011-02-08 08:04 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-08 08:04 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-08 08:04 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-08 08:03 . 2011-02-08 08:03 -------- d-----w- c:\program files\iPod
2011-02-08 08:03 . 2011-02-08 08:04 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-08 07:55 . 2011-02-08 07:55 -------- d-----w- c:\programdata\Apple
2011-02-08 01:41 . 2011-02-08 01:42 -------- d-----w- c:\windows\system32\ca-ES
2011-02-08 01:41 . 2011-02-08 01:42 -------- d-----w- c:\windows\system32\eu-ES
2011-02-08 01:41 . 2011-02-08 01:42 -------- d-----w- c:\windows\system32\vi-VN
2011-02-08 01:13 . 2011-02-08 01:13 -------- d-----w- c:\windows\system32\EventProviders
2011-02-08 01:09 . 2011-02-08 01:09 -------- d-----w- C:\VritualRoot
2011-02-08 00:14 . 2009-04-11 06:28 758784 ----a-w- c:\windows\system32\qmgr.dll
2011-02-08 00:13 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-02-08 00:03 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-08 00:03 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-02-08 00:03 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-08 00:03 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-02-08 00:03 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-08 00:03 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-08 00:03 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-08 00:03 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-08 00:03 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-08 00:03 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-07 23:20 . 2011-02-07 23:20 -------- d-----w- c:\programdata\FLEXnet
2011-02-07 23:20 . 2011-02-08 01:04 -------- d-----w- c:\program files\COMODO
2011-02-07 22:12 . 2011-02-07 22:12 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-07 22:06 . 2011-02-07 22:06 116472 ------w- c:\windows\system32\pxcpyi64.exe
2011-02-07 22:06 . 2011-02-07 22:06 129784 ------w- c:\windows\system32\pxafs.dll
2011-02-07 22:06 . 2011-02-07 22:06 118520 ------w- c:\windows\system32\pxinsi64.exe
2011-02-07 21:40 . 2011-02-07 21:40 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2011-02-07 21:39 . 2011-02-07 21:39 -------- d-----w- c:\programdata\UDL
2011-02-07 21:38 . 2011-02-07 21:38 -------- d-----w- c:\program files\Epson Software
2011-02-07 21:34 . 2006-10-20 06:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-02-07 21:34 . 2006-10-31 06:10 51360 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-02-07 21:34 . 2006-10-20 06:10 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-02-07 21:34 . 2006-10-20 06:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-02-07 21:34 . 2006-10-31 06:10 51360 ----a-w- c:\windows\system32\EpPicMgr.dll
2011-02-07 21:32 . 2007-12-07 01:08 86528 ----a-w- c:\windows\system32\E_FLBEJA.DLL
2011-02-07 21:32 . 2007-12-07 01:01 78848 ----a-w- c:\windows\system32\E_FD4BEJA.DLL
2011-02-07 21:32 . 2011-02-07 21:59 -------- d-----w- c:\programdata\EPSON
2011-02-07 21:30 . 2007-07-13 06:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2011-02-07 21:30 . 2011-02-07 21:41 -------- d-----w- c:\program files\epson
2011-02-07 14:40 . 2011-02-07 14:40 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-02-07 09:02 . 2011-02-07 09:02 -------- d-----w- c:\program files\OpenOffice.org 3
2011-02-07 07:23 . 2011-02-07 07:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-07 07:19 . 2011-02-07 07:19 -------- d-----w- c:\program files\Microsoft.NET
2011-02-07 07:16 . 2009-11-08 16:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-07 07:16 . 2009-11-08 16:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-07 07:16 . 2009-11-08 16:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-07 07:16 . 2009-11-08 16:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-07 07:16 . 2009-11-08 16:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-07 06:56 . 2011-02-28 21:47 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-02-07 05:03 . 2011-02-07 05:03 -------- d-----w- C:\DOCS
2011-02-07 05:00 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-02-07 05:00 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-02-07 05:00 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2011-02-07 04:59 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-07 04:59 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-07 04:59 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-07 04:59 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-07 04:59 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-07 04:59 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-07 04:59 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-02-07 04:59 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-07 04:59 . 2008-07-19 02:52 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-02-07 04:59 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-02-07 04:59 . 2011-02-07 04:59 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2011-02-07 04:58 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-02-07 04:58 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-02-07 04:58 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2011-02-07 04:58 . 2009-04-11 04:36 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-07 04:56 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-02-07 04:55 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2011-02-07 04:55 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-02-07 04:55 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-07 04:55 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-02-07 04:55 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-02-07 04:55 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-02-07 04:55 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-07 04:55 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-07 04:55 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-02-07 04:54 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-07 04:53 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-07 04:53 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-07 04:53 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-07 04:53 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-07 04:53 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-07 04:53 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2011-02-07 04:53 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-02-07 04:53 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-07 04:53 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-07 04:52 . 2008-04-29 00:59 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2011-02-07 04:52 . 2011-02-07 04:52 -------- d-----w- c:\program files\Jumpstart
2011-02-07 04:50 . 2011-02-07 04:50 -------- d-----w- c:\windows\system32\nn-NO
2011-02-07 04:50 . 2008-07-28 23:53 919552 ----a-w- c:\windows\system32\drivers\athr.sys
2011-02-07 04:50 . 2008-07-28 22:31 516096 ----a-w- c:\windows\system32\S64CPA.exe
2011-02-07 04:50 . 2008-07-28 22:31 53248 ----a-w- c:\windows\system32\athihvui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 23:36 . 2011-01-06 23:36 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 23:36 . 2011-01-06 23:36 34744 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 23:36 . 2011-01-06 23:36 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 23:36 . 2011-01-06 23:36 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-29 07:42 . 2010-12-29 07:42 285480 ----a-w- c:\windows\system32\guard32.dll
2011-02-07 06:29 . 2011-02-07 06:29 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-07 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Marcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\guard32.dll

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-06 34744]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-07 30192]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-01-06 17256]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: {0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} = 156.154.70.22,156.154.71.22
TCP: {D2DC0B68-5A58-4833-8649-A675F738D88A} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Marcy\AppData\Roaming\Mozilla\Firefox\Profiles\ru9rf1qf.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-28 16:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-02-28 16:03:57
ComboFix-quarantined-files.txt 2011-02-28 22:03

Pre-Run: 104,890,482,688 bytes free
Post-Run: 104,795,799,552 bytes free

- - End Of File - - EDF3B94F7AE7396D0D6F6A8A0B068326

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 PM

Posted 01 March 2011 - 12:37 AM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9
Java™ 6 Update 22
Java™ 6 Update 6


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mwarrior

mwarrior
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 03 March 2011 - 06:24 AM

I'm sorry for the delay. I did the things you suggested right away, so I'm including 2 MWBAM logs. I had some problems that I was working through when I got delayed.

I had an issue with HJT because when I right click to run as administrator that option isn't available. When run normally, it tells me "For some reason your system denied write access to the Hosts file..." Then after it runs, a blank Notepad doc will open with a warning box that says "Cannot find the C:\ProgamFiles\Trend Micro\HiJackThis\hijackthis.log file. Do you want to create a new file?" When I say yes, the box goes away and I'm left with an empty notepad doc. Ok, now I remember...When I went to install HiJackThis there wasn't an option to install as administrator when I right clicked. Ok makes more sense now. I have hijackthis, maybe an older version, on my backup hard drive. I was able to run that one just now
as administrator, so I'll attach that file.

When I updated Firefox yesterday, it recommended that I update Flash at the same time. I clicked through the link to update it since I didn't know where else to go to get it. I guess I should have went to the Adobe site instead.

Comodo keeps asking me to update. Should I? I guess I don't trust that program now.

I also continue to get the alerts that System wants to access my computer. I haven't received any in the last 24 hours, maybe since you told me to update Adobe Reader.

I'm still getting a freeze after I sign in to my computer. It's not loading (no swirling cursor), it just freezes for about 3 seconds.

I still have the computer "signing off" when it's left for long periods of time, even though that option is not checked. If the computer has just recently went into the screen saver mode, then I can just move the mouse or touch a key and the screen will return. If it's been awhile, then all that will wake it up is multiple mouse clicks and movements. Then I have to sign in again.

I would like to not have the Adobe Photo Downloader since I use Lightroom, but I don't know how to disable that. I see it in the Startup items.

Should I have to sign in here after being absent for over 24 hours? I didn't have to sign in to leave this reply. I used to have to sign in to my email and google every time, now it seems like everything is always signed in already though I haven't checked any different boxes (keep me signed in, etc.). When I go to google translation or maps, it has my name listed at the top right corner even though I haven't signed in for days.

Here are the logs. Thanks so much for your help. : )

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5916

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/1/2011 11:13:29 AM
mbam-log-2011-03-01 (11-13-29).txt

Scan type: Quick scan
Objects scanned: 149452
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=====================================

New scan from today:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5940

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/3/2011 4:59:51 AM
mbam-log-2011-03-03 (04-59-51).txt

Scan type: Quick scan
Objects scanned: 149953
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=======================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:12:17 AM, on 3/3/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo

Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program

Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6

\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy

Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

/startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer =

156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DC0B68-5A58-4833-8649-A675F738D88A}: NameServer =

156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer =

156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program

Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO

Internet Security\cmdagent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game

Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel

Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program

Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program

Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD

PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power

Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program

Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common

Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8320 bytes

Edited by mwarrior, 03 March 2011 - 06:28 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 PM

Posted 03 March 2011 - 06:20 PM

The problem with hijackthis is normal for vista

run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

let comodo update


These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • copy and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mwarrior

mwarrior
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 05 March 2011 - 12:45 PM

Hello! The scan is still going (44%, no infected files, been going for almost 2 hours) and I wanted to post this info before I have to leave. I will edit this to show the eset scan once I return.

I counted how long the computer freezes and it's a full 10 seconds.

Since I disabled the updaters - Adobe, java, I guess that means that I need to remember to update them periodically, right?

I left itunes after reading at the link that says it will reinstall itself.

Mcafee installed with one of the things you told me to download. Will there be a conflict between it and the other malware defense programs I have running? (I think I read having two AV running can mess you up.) Can you advise as to how to manage McAfee ie when to run etc.? Or should I delete it? Comodo AV is set to run every Sunday morning, I think. Do I need AVG also?

Will we uninstall some of these tools or should I keep them where they are (desktop)?

I updated Comodo and then after the restart, I had the same error window that said comodo internet had to shut down. I emailed the zip file to them.

Thanks for your help. I really, really appreciate it.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:16 AM, on 3/5/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DC0B68-5A58-4833-8649-A675F738D88A}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8352 bytes

Edited by mwarrior, 05 March 2011 - 12:48 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 PM

Posted 05 March 2011 - 06:43 PM

Mcafee installed with one of the things you told me to download. Will there be a conflict between it and the other malware defense programs I have running? (I think I read having two AV running can mess you up.) Can you advise as to how to manage McAfee ie when to run etc.? Or should I delete it? Comodo AV is set to run every Sunday morning, I think. Do I need AVG also?
This is a security scanner - not anything usefull just uninstall it and no to avg


Since I disabled the updaters - Adobe, java, I guess that means that I need to remember to update them periodically, right?

Yes make it part of your routine once a month


Will we uninstall some of these tools or should I keep them where they are (desktop)?
we will remove soon


let me have the eset scan when complete
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mwarrior

mwarrior
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 06 March 2011 - 03:04 AM

Gringo,

When I got home the Eset scanner was finished, but there was no way for me to copy anything. It said I was clean, but there was no report. I know you didn't ask for it, but I was concerned about leaving internet explorer running for so long. I ran another HJT log which is below.

Thanks,

Marcy

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:50:30 AM, on 3/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2DC0B68-5A58-4833-8649-A675F738D88A}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6730 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 PM

Posted 06 March 2011 - 04:03 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users