Jump to content


Photo

Hijack this log


  • This topic is locked This topic is locked
25 replies to this topic

#1 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 26 March 2010 - 05:58 PM

I'm not sure what's wrong with my pc, it's gone super slow. It wasn't that long ago I scanned with spybot and super antispyware, and panda activescan. I also have avast going all the time. The problem started before then and has just been getting worse.

Here's my hijack this log, could somebody please check it. In the meantime I'll go through all the other info on this site.

I really appreciate all the help you can give.

thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:32 AM, on 27/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
F:\PROGRA~1\FREEDO~1\fdm.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.shophandm...tstoreinventory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no

file)
O2 - BHO: Windows Live ID Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class -

{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free

Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2751F3AD-5600-44cc-A653-8A24CAE5AF6D} - (no

file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program

Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common

Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone

Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager -

file://F:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -

file://F:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -

file://F:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -

file://F:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo

Uploader 5 Control) -

http://upload.facebo...okPhotoUploader

5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -

http://tky09.celarte...uControl_en_US.

cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM

Control) -

file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/st

g_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan

Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System

Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0

Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher

Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor

Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://www.update.mi...n/x86/client/mu

web_site.cab?1197193548640
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart

Scan) -

http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image

Uploader 3.5 Control) -

http://www.oztion.co...geUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader

Control) -

http://upload.member...geUploader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper

Control) -

file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/ar

mhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program

Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner -

C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,

Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8908 bytes

Spybot found nothing at all! Doesn't it usually find cookies at least? I couldn't get malwarebytes to update, I looked on their site for help and tried several things but still couldn't update, so here's the scan results without the update.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/03/2010 3:59:29 PM
mbam-log-2010-03-27 (15-59-29).txt

Scan type: Quick Scan
Objects scanned: 109997
Time elapsed: 20 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Expl

orer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) ->

Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explor

er\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined

and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security

Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security

Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security

Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) ->

Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Bitdefender found nothing, here's the log:
QuickScan Beta 32-bit v0.9.9.13
-------------------------------

Scan date: Sat Mar 27 17:27:33 2010
Machine ID: B02136A4



No infection found.
---------------------



Processes
---------
<unsigned> Rainlendar2 596 C:\Program Files\Rainlendar2\Rainlendar2.exe
<unsigned> Free Download Manager 476 F:\Program Files\Free Download Manager\fdm.exe
<unsigned> LightScribe 1364 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> Motherboard Monitor 5 3608 F:\Program Files\Motherboard Monitor 5\MBM5.exe
<unsigned> weather_tracker.exe 520 C:\Program Files\Weatherzone Tracker\weather_tracker.exe

<verified> avast! Antivirus 1768 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
<verified> avast! Antivirus 464 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
<verified> Bonjour 1396 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> Firefox 3536 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> HP DeskJet 2016 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
<verified> iTunes 2276 C:\Program Files\iPod\bin\iPodService.exe
<verified> iTunes 292 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U18 980 C:\Program Files\Java\jre6\bin\java.exe
<verified> Java™ Platform SE 6 U18 204 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java™ Platform SE Auto Updater 2 0 500 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft® Visual Studio .NET 608 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
<verified> Microsoft® Windows Live ID 1232 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
<verified> Microsoft® Windows Live ID 1460 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
<verified> Microsoft® Windows® Operating System 1496 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 2764 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 784 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 772 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 652 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 148 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 948 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1400 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1088 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1564 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1112 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1016 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1296 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 2768 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\winlogon.exe
<verified> Nero BackItUp 332 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
<verified> PSIService 1052 C:\WINDOWS\system32\PSIService.exe
<verified> Sygate® Security Agent and Personal Fir 1256 C:\Program Files\Sygate\SPF\smc.exe


Network activity
----------------
Process AvastSvc.exe (1768) connected on port 80 (HTTP) - 74.125.127.147
Process AvastSvc.exe (1768) connected on port 80 (HTTP) - 74.125.127.100
Process AvastSvc.exe (1768) connected on port 80 (HTTP) - 72.14.213.99
Process AvastSvc.exe (1768) connected on port 80 (HTTP) - 74.125.127.100
Process AvastSvc.exe (1768) connected on port 80 (HTTP) - 74.125.127.100
Process AvastSvc.exe (1768) connected on port 80 (HTTP) - 72.14.213.103
Process AvastSvc.exe (1768) connected on port 80 (HTTP) - 125.56.181.115
Process AvastSvc.exe (1768) connected on port 80 (HTTP) - 72.14.213.99
Process firefox.exe (3536) connected on port 443 (HTTP over SSL) - pz-in-f105.1e100.net

Process svchost.exe (1016) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> Rainlendar2 C:\Program Files\Rainlendar2\Rainlendar2.exe
<unsigned> weather_tracker.exe C:\Program Files\Weatherzone Tracker\weather_tracker.exe

<verified> Adobe Acrobat F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
<verified> Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified> HP DeskJet C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> SuperAntiSpyware F:\Programs\SASSEH.DLL
<verified> Sygate® Security Agent and Personal Fir C:\PROGRA~1\Sygate\SPF\Smc.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> Engine.dll C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{0141db0d-d129-4511-9916-af110cfffe75}\components\Engine.dll
<unsigned> frozen.dll C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> googletoolbar-ff2.dll C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> googletoolbar-ff3.dll C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> googletoolbarloader.dll C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> RealArcade Mozilla Plugin C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
<unsigned> RealArcade NS Plugin C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll

<verified> AcclaimGameLauncher ActiveX Control Mod C:\WINDOWS\Downloaded Program Files\GameLauncher.ocx
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> ArmHelper Control C:\WINDOWS\Downloaded Program Files\armhelper.ocx
<verified> Aurigma Image Uploader 3.5 C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx
<verified> BitDefender QuickScan C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Contact Extractor C:\WINDOWS\Downloaded Program Files\contactx.dll
<verified> ewido anti-spyware C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
<verified> Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
<verified> getPlusPlus for Adobe 16248 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<verified> Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
<verified> IE Tab Plug-in C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
<verified> iefdm2.dll F:\Program Files\Free Download Manager\iefdm2.dll
<verified> Image Uploader C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<verified> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verified> Java Deployment Toolkit 6.0.180.7 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified> Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> NVIDIA Smart Scan C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<verified> Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
<verified> Panda ActiveScan 2.0 C:\WINDOWS\Downloaded Program Files\as2stubie.dll
<verified> Picasa F:\Program Files\Google\Picasa3\npPicasa3.dll
<verified> Picture Manager, Wells and Layout C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<verified> QuickTime Plug-in 7.5.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> SpinTopDRM Module C:\WINDOWS\Downloaded Program Files\stg_drm.ocx
<verified> System Requirements Lab C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
referenced in: HKLM\System\ControlSet001\services\avast! Mail Scanner\"ImagePath"

File not found: C:\Program Files\Alwil Software\Avast4\ashServ.exe
referenced in: HKLM\System\ControlSet001\services\avast! Antivirus\"ImagePath"

File not found: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
referenced in: HKLM\System\ControlSet001\services\avast! Web Scanner\"ImagePath"

File not found: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
referenced in: HKLM\System\ControlSet001\services\aswUpdSv\"ImagePath"

File not found: C:\Program Files\a-squared Free\a2service.exe
referenced in: HKLM\System\ControlSet001\services\a2free\"ImagePath"

File not found: System32\Drivers\ElbyDelay.sys
referenced in: HKLM\System\ControlSet001\services\ElbyDelay\"ImagePath"


Scan
----
<unsigned> MD5: b19bfc2befa2aa2881345d168d37dfd1 C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{0141db0d-d129-4511-9916-af110cfffe75}\components\Engine.dll
<unsigned> MD5: e6f1eccac30190e631eb3fd6da9f8a24 C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> MD5: dd920bd959dc5aef72413d9232182116 C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> MD5: 75c4a08eeba68b37a3d102343e203f6b C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> MD5: afb33df2fe4cd33c6fc19a540ebe7ba2 C:\Documents and Settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> MD5: 956a64612d84f0ce40788c783b0f5be3 C:\DOCUME~1\Mum\LOCALS~1\Temp\mProjector3565698728\File.3.1.1e.mfx
<unsigned> MD5: 0a8c31d62ca42f44a43f04992c94b5d0 C:\DOCUME~1\Mum\LOCALS~1\Temp\mProjector3565698728\Flash6MovieV2.3.1.1e.mvx
<unsigned> MD5: a156ba848ca29e2787c491ece147d630 C:\DOCUME~1\Mum\LOCALS~1\Temp\mProjector3565698728\mPlayer.3.1.1e.dll
<unsigned> MD5: 1c04c1968aaa760458f4ee9042f57b40 C:\DOCUME~1\Mum\LOCALS~1\Temp\mProjector3565698728\Registry.3.1.1e.mfx
<unsigned> MD5: 0fd13fe4b334f5429258369503b70c46 C:\Program Files\Alwil Software\Avast5\1033\Base.dll
<unsigned> MD5: d20f51f5abc3c00ef55e9813f9c3d941 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
<unsigned> MD5: 8a91d6a325a59e3f1b242c3fa5ec3ca8 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
<unsigned> MD5: d7e4faa6c8ad182f160408b5ab477bdd C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
<unsigned> MD5: 59f4ba71d6a5a3a6a92c2bbb0f80ffb5 C:\Program Files\Alwil Software\Avast5\AhResMai.dll
<unsigned> MD5: 932214335d2c48e31409f8c3ec7e63e7 C:\Program Files\Alwil Software\Avast5\ahResMes.dll
<unsigned> MD5: a9b387f9f52a2991fe3bd11dd1a3ca89 C:\Program Files\Alwil Software\Avast5\AhResNS.dll
<unsigned> MD5: f4c3d9d9f7d9e17458a3559f00f39d33 C:\Program Files\Alwil Software\Avast5\ahResP2P.dll
<unsigned> MD5: 6de65976170447bf0275433c69b3f4ab C:\Program Files\Alwil Software\Avast5\AhResStd.dll
<unsigned> MD5: 21c9992bae66d3aed013fc5a261ec191 C:\Program Files\Alwil Software\Avast5\AhResWS.dll
<unsigned> MD5: 97f70a103ad885017d38018aa9e3a5fc C:\Program Files\Alwil Software\Avast5\ashBase.dll
<unsigned> MD5: 80bb0ce896bb3b7bbb0a83d65daf715b C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
<unsigned> MD5: 3486852eeb1b9987f3ce8f7710ec3f97 C:\Program Files\Alwil Software\Avast5\ashServ.dll
<unsigned> MD5: a79a5057ac0cc7bf0f5ee1ff0074bd43 C:\Program Files\Alwil Software\Avast5\ashTask.dll
<unsigned> MD5: 956c22acf554b3c8b2beebb355abfa2e C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
<unsigned> MD5: 0cd48892a7686ab8b7122da110023e44 C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
<unsigned> MD5: f34ee08fc85eb4b2de18072deab4dedd C:\Program Files\Alwil Software\Avast5\aswAux.dll
<unsigned> MD5: cfebcf374887a4234278b0f9401b2d86 C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
<unsigned> MD5: 6a71080712b8dbbfe80e5b90ec9230b0 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
<unsigned> MD5: 8829c11d031ba372d47a16223a659ec2 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
<unsigned> MD5: 0183e3068d743b5afacb55675a4fd037 C:\Program Files\Alwil Software\Avast5\aswData.dll
<unsigned> MD5: ff4785f643c101e6539d82f0deabf23d C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
<unsigned> MD5: de57564c0461c26ffb9a50d961b663f7 C:\Program Files\Alwil Software\Avast5\aswIdle.dll
<unsigned> MD5: fffd9149c4c751c955fcd36e3e1fa77f C:\Program Files\Alwil Software\Avast5\aswLog.dll
<unsigned> MD5: 30f700767027edbfef661f7c3ccf3320 C:\Program Files\Alwil Software\Avast5\aswProperty.dll
<unsigned> MD5: 237aa0cf9938f6a463ac3e065bf02e27 C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
<unsigned> MD5: f1a6bcd6906dec09f2bd70ca7053c8d0 C:\Program Files\Alwil Software\Avast5\CommonRes.dll
<unsigned> MD5: c22bea27e47d9501bcd9404c02ab8fe4 C:\Program Files\Alwil Software\Avast5\defs\10032600\algo.dll
<unsigned> MD5: 35857f2eed0ca8d4bf95bfa1e4eba61e C:\Program Files\Alwil Software\Avast5\defs\10032600\aswCmnBS.dll
<unsigned> MD5: b592261be36955e0087b74dfabe5f6ca C:\Program Files\Alwil Software\Avast5\defs\10032600\aswCmnIS.dll
<unsigned> MD5: 3b225dc882e319760ffa1f9d40dcbd78 C:\Program Files\Alwil Software\Avast5\defs\10032600\aswCmnOS.dll
<unsigned> MD5: d2f7dccb4f81625182d78118535c1802 C:\Program Files\Alwil Software\Avast5\defs\10032600\aswEngin.dll
<unsigned> MD5: f29a25f958f1b24be9926110b66a8f20 C:\Program Files\Alwil Software\Avast5\defs\10032600\aswScan.dll
<unsigned> MD5: 0e3e56064e162ee9cc48698355098301 C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: 6e5dac168d1ff9843e84a59d51d31107 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: 3e70456ebfe83ca3dd8876f3e4540a14 C:\Program Files\FileZilla FTP Client\fzshellext.dll
<unsigned> MD5: 0a1c56c281b7d2e9845d870e8210c021 C:\Program Files\Java\jre6\bin\awt.dll
<unsigned> MD5: 9917933511f30120998f787826630c94 C:\Program Files\Java\jre6\bin\client\jvm.dll
<unsigned> MD5: b771a34892ec4babd3fcd7552a5feaca C:\Program Files\Java\jre6\bin\dcpr.dll
<unsigned> MD5: f1f4d274e49d1b91c2eb8243813c1305 C:\Program Files\Java\jre6\bin\deploy.dll
<unsigned> MD5: 556a35eaade75bbc0e4a89ca35c5797b C:\Program Files\Java\jre6\bin\fontmanager.dll
<unsigned> MD5: 8941cb55927af5b05e068cb1208bb12b C:\Program Files\Java\jre6\bin\hpi.dll
<unsigned> MD5: 8e89f6eff27213862e2a61e01563d45f C:\Program Files\Java\jre6\bin\java.dll
<unsigned> MD5: 1f22b27a0f05cf973c71aac37cfe3fe2 C:\Program Files\Java\jre6\bin\jp2native.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Java\jre6\bin\msvcr71.dll
<unsigned> MD5: f24ba21108897c3f02a50277635a6467 C:\Program Files\Java\jre6\bin\net.dll
<unsigned> MD5: e6d398a00e170fd0cf97c71ea47d1758 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> MD5: 2742c3d282bf761090cb1d63ccb295bb C:\Program Files\Java\jre6\bin\nio.dll
<unsigned> MD5: 10198a8dfd4a4015d1180f9fd00998a1 C:\Program Files\Java\jre6\bin\regutils.dll
<unsigned> MD5: 8edf4ea760bedc0739ad9021fcd982f7 C:\Program Files\Java\jre6\bin\verify.dll
<unsigned> MD5: dd4a71ad16a5d7fc295e05290e32cf2c C:\Program Files\Java\jre6\bin\zip.dll
<unsigned> MD5: a67137616bb9668f46f595ce4c861af4 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: cbf614a2ea4fdae7a45fb98097002f3b C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 99d306ccdb1fc1fe2a9a3098e3cad21e C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
<unsigned> MD5: 8fdf6459dc93f093c6f4adaa89102eb8 C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
<unsigned> MD5: cc579e1a88c865c880ce32d8b46c4734 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 0777c0cd31441e876681443d09d4da5f C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 0c070e8af645c3f8a0657cb3e1514069 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: bc2735d4bfea67cfc41ca26e1b4d0ab8 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 6b573665742f856b0b9f6c1491dc548d C:\Program Files\Rainlendar2\lfs.dll
<unsigned> MD5: fc3235064d4b19910930512d47d6e947 C:\Program Files\Rainlendar2\libcurl.dll
<unsigned> MD5: aaf99ba73e239c9119dc3c3da1a8eeed C:\Program Files\Rainlendar2\libeay32.dll
<unsigned> MD5: 010ca1ba52b7608e4fec2fe02a7e11a8 C:\Program Files\Rainlendar2\lua51.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files\Rainlendar2\msvcr71.dll
<unsigned> MD5: c6345afc0374f5d2039a2c2f3faaf0ea C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
<unsigned> MD5: 29d7fc4789bc6abec044d412f46443fa C:\Program Files\Rainlendar2\Rainlendar2.exe
<unsigned> MD5: e7a8309150177c01738407fc2a1915c3 C:\Program Files\Rainlendar2\ssleay32.dll
<unsigned> MD5: 4048115ca3cdd87b59bf2eabc2b52204 C:\Program Files\Weatherzone Tracker\weather_tracker.exe
<unsigned> MD5: a228bc112f35a09c74626f33ffad43f4 C:\PROGRA~1\ALWILS~1\Avast5\1033\uiLangRes.dll
<unsigned> MD5: ba0c9762a21fa8f1f015acb81d7b8b83 C:\PROGRA~1\ALWILS~1\Avast5\aswUtil.dll
<unsigned> MD5: cdbe35ea59bc9223e4f800bd1db82d27 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> MD5: d69bf275aea9a82742150d9d808f6441 C:\WINDOWS\System32\Drivers\ousbehci.sys
<unsigned> MD5: 5b6c11de7e839c05248ced8825470fef C:\WINDOWS\System32\Drivers\pcouffin.sys
<unsigned> MD5: 99336d4da97b4eeaafab46a4f8e512e6 C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys
<unsigned> MD5: c71dd2cce94aed0b873164ac14f5609e C:\WINDOWS\system32\drivers\WMDrive.sys
<unsigned> MD5: 93c145dceb13156322423efd62d4549a C:\WINDOWS\system32\drivers\wpsdrvnt.sys
<unsigned> MD5: 290fb01f7f51eff0960599404a09f8d6 C:\WINDOWS\system32\mbmiodrvr.sys
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\WINDOWS\system32\msvcr71.dll
<unsigned> MD5: 3a0f7d74187101b0dff01d5b460fdaf3 C:\WINDOWS\system32\PSIKey.dll
<unsigned> MD5: 9090454e6772f7cfbce240bf4dc5f7e8 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
<unsigned> MD5: 0b82efcf8d6ca4b6ad91154ddbcd575a F:\Program Files\Free Download Manager\fdm.exe
<unsigned> MD5: 95fb1fd5d65fbb457f301edd40e5ed77 F:\Program Files\Free Download Manager\fdmbtsupp.dll
<unsigned> MD5: b99e36638663ef4eec600e946c4e6b3c F:\Program Files\Free Download Manager\Firefox\extension\components\vmsfdmff.dll
<unsigned> MD5: 7d2d43f9e80c27e41ee4607652152554 F:\Program Files\Free Download Manager\FUM\fumcore.dll
<unsigned> MD5: 3ed478635faa50d7d90ceb65e5c094f4 F:\Program Files\Motherboard Monitor 5\DLL\MBM.dll
<unsigned> MD5: c106b026e3bacd84ce333c4a968ca6ab F:\Program Files\Motherboard Monitor 5\DLL\MbmIO.dll
<unsigned> MD5: 64134b9862d779467bf8fc75c643dcd8 F:\Program Files\Motherboard Monitor 5\MBM5.exe
<unsigned> MD5: 0b82efcf8d6ca4b6ad91154ddbcd575a F:\PROGRA~1\FREEDO~1\fdm.exe
<unsigned> MD5: 043cff8b1e0d6f731274384473823866 F:\PROGRA~1\FREEDO~1\msvcp60.dll


No file uploaded.

Scan finished - communication took 8 sec
Total traffic - 0.03 MB sent, 0.79 KB recvd
Scanned 805 files and modules - 157 seconds


Please post a fresh HijackThis log.
Before you post your log remove the Word Wrap function from NotePad. You will find the setting under the Format menu.
This will eliminate the additional blank lines on your HijackThis log and make it easier to analyze it.

Edited by nasdaq, 27 March 2010 - 12:44 PM.


#2 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 28 March 2010 - 04:26 PM

EDIT: Removed quoted material... Please use ADD REPLY to avoid quoting the previous post...


OK here's the new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:53 AM, on 29/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shophandm...tstoreinventory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2751F3AD-5600-44cc-A653-8A24CAE5AF6D} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://F:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celarte...ntrol_en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197193548640
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oztion.co...geUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://upload.member...geUploader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8594 bytes

Edited by Budfred, 30 March 2010 - 05:11 AM.


#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 29 March 2010 - 06:02 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 04 April 2010 - 12:49 PM

Hi craftcove, and Welcome to SWI

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

Since you couldn't update Malwarebytes' Anti-Malware, and there is a newer verison, please uninstall it from Control Panel's Add or Remove Programs. If after installing the new version you still can't update it, just skip updating and start the scan.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.



Download ComboFix© by sUBs from one of these locations:

http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingc...to-use-combofix

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.


Download Security Check by screen317 and save it to your Desktop:
http://screen317.spy...curityCheck.exe
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please post a new HijackThis log, the log from MBAM, the log from Security Check (checkup.txt), and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 04 April 2010 - 07:28 PM

Hi craftcove, and Welcome to SWI

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

Since you couldn't update Malwarebytes' Anti-Malware, and there is a newer verison, please uninstall it from Control Panel's Add or Remove Programs. If after installing the new version you still can't update it, just skip updating and start the scan.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.



Download ComboFix© by sUBs from one of these locations:

http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingc...to-use-combofix

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.


Download Security Check by screen317 and save it to your Desktop:
http://screen317.spy...curityCheck.exe
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please post a new HijackThis log, the log from MBAM, the log from Security Check (checkup.txt), and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.



#6 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 04 April 2010 - 07:36 PM


Hi craftcove, and Welcome to SWI

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

Since you couldn't update Malwarebytes' Anti-Malware, and there is a newer verison, please uninstall it from Control Panel's Add or Remove Programs. If after installing the new version you still can't update it, just skip updating and start the scan.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.



Download ComboFix© by sUBs from one of these locations:

http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingc...to-use-combofix

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.


Download Security Check by screen317 and save it to your Desktop:
http://screen317.spy...curityCheck.exe
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please post a new HijackThis log, the log from MBAM, the log from Security Check (checkup.txt), and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.



Thankyou. I think I also need to tell you that mbam wouldn't update when first opened, it gave me an error message. But then I opened it again, it was fine and I could then update successfully.

Another thing that happened, was that when I finished running mbam, I saw a message behind it saying: "A script in this movie is causing Adobe Flash Player 9 to run slowly. If it continues to run, your computer may become unresponsive. Do you want to abort this script". I get this message a lot and have no idea where it comes from or why. This time there was nothing going bu mbam.

Here's the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:05 AM, on 5/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shophandm...tstoreinventory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2751F3AD-5600-44cc-A653-8A24CAE5AF6D} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celarte...ntrol_en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197193548640
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oztion.co...geUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://upload.member...geUploader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7657 bytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3954

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/04/2010 10:08:13 AM
mbam-log-2010-04-05 (10-08-13).txt

Scan type: Quick scan
Objects scanned: 101325
Time elapsed: 20 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Sygate Personal Firewall
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 18
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3.1
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

#7 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 04 April 2010 - 07:38 PM



Hi craftcove, and Welcome to SWI

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

Since you couldn't update Malwarebytes' Anti-Malware, and there is a newer verison, please uninstall it from Control Panel's Add or Remove Programs. If after installing the new version you still can't update it, just skip updating and start the scan.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.



Download ComboFix© by sUBs from one of these locations:

http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingc...to-use-combofix

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.


Download Security Check by screen317 and save it to your Desktop:
http://screen317.spy...curityCheck.exe
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please post a new HijackThis log, the log from MBAM, the log from Security Check (checkup.txt), and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.



Thankyou. I think I also need to tell you that mbam wouldn't update when first opened, it gave me an error message. But then I opened it again, it was fine and I could then update successfully.

Another thing that happened, was that when I finished running mbam, I saw a message behind it saying: "A script in this movie is causing Adobe Flash Player 9 to run slowly. If it continues to run, your computer may become unresponsive. Do you want to abort this script". I get this message a lot and have no idea where it comes from or why. This time there was nothing going bu mbam.

Here's the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:05 AM, on 5/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shophandm...tstoreinventory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2751F3AD-5600-44cc-A653-8A24CAE5AF6D} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celarte...ntrol_en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197193548640
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oztion.co...geUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://upload.member...geUploader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7657 bytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3954

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/04/2010 10:08:13 AM
mbam-log-2010-04-05 (10-08-13).txt

Scan type: Quick scan
Objects scanned: 101325
Time elapsed: 20 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Sygate Personal Firewall
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 18
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3.1
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````



And here's combofix:

ComboFix 10-04-03.02 - Any of us 05/04/2010 10:51:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.479.221 [GMT 10:00]
Running from: c:\documents and settings\Mum\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mum\Application Data\inst.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\AppPatch\AcAdProc.dll
c:\windows\system\msvbvm60.dll
c:\windows\system32\tmp.reg
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.

2010-03-17 21:14 . 2010-03-17 21:14 -------- d-----w- c:\documents and settings\Mum\Application Data\Uniblue
2010-03-11 20:58 . 2010-03-11 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 01:08 . 2009-06-28 09:42 -------- d-----w- c:\documents and settings\Mum\Application Data\uTorrent
2010-04-05 00:24 . 2007-12-24 23:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-04 22:31 . 2008-09-05 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-03 05:48 . 2007-12-15 06:47 -------- d-----w- c:\program files\Common Files\Real
2010-04-03 04:38 . 2008-08-12 09:45 47 ----a-w- c:\windows\popcinfo.dat
2010-03-31 00:20 . 2010-01-07 08:26 -------- d-----w- c:\documents and settings\Mum\Application Data\QuickScan
2010-03-30 09:35 . 2010-04-04 00:37 670696 ----a-w- c:\documents and settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-03-30 09:34 . 2010-04-04 00:37 833448 ----a-w- c:\documents and settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-29 05:24 . 2010-04-04 23:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 05:24 . 2010-04-04 23:36 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 04:46 . 2009-01-11 00:26 -------- d-----w- c:\documents and settings\Mum\Application Data\gtk-2.0
2010-03-28 23:33 . 2008-09-06 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-27 06:28 . 2008-08-04 05:33 -------- d-----w- c:\documents and settings\Mum\Application Data\Free Download Manager
2010-03-27 01:52 . 2008-09-07 11:53 -------- d-----w- c:\documents and settings\Mum\Application Data\Malwarebytes
2010-03-27 01:52 . 2008-09-07 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 21:18 . 2009-10-24 09:47 -------- d-----w- c:\program files\uTorrent
2010-03-21 22:28 . 2010-03-21 22:28 503808 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d0d6af7-n\msvcp71.dll
2010-03-21 22:28 . 2010-03-21 22:28 499712 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d0d6af7-n\jmc.dll
2010-03-21 22:28 . 2010-03-21 22:28 348160 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d0d6af7-n\msvcr71.dll
2010-03-21 22:28 . 2010-03-21 22:28 61440 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-649caf96-n\decora-sse.dll
2010-03-21 22:28 . 2010-03-21 22:28 12800 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-649caf96-n\decora-d3d.dll
2010-03-21 22:27 . 2007-12-18 22:28 -------- d-----w- c:\program files\Common Files\Java
2010-03-21 22:24 . 2010-03-21 22:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 22:23 . 2007-12-18 22:35 -------- d-----w- c:\program files\Java
2010-03-21 08:18 . 2007-12-08 09:58 86248 ----a-w- c:\documents and settings\Mum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-12 21:16 . 2007-12-09 07:57 -------- d-----w- c:\program files\Alwil Software
2010-03-10 06:11 . 2007-12-09 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 11:24 . 2009-06-28 08:13 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 11:24 . 2009-06-28 08:12 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-06-28 08:13 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-06-28 08:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-06-28 08:13 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-06-28 08:13 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-06-28 08:13 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-06-28 08:13 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-06-28 08:13 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-01 21:19 . 2009-06-28 10:31 117760 ----a-w- c:\documents and settings\Mum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-01 21:08 . 2007-12-17 23:44 -------- d-----w- c:\program files\SpywareBlaster
2010-03-01 21:07 . 2010-01-06 04:59 52224 ----a-w- c:\documents and settings\Mum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-25 23:13 . 2010-02-25 23:11 -------- d-----w- c:\documents and settings\Mum\Application Data\Software Informer
2010-02-25 23:10 . 2010-02-25 23:10 -------- d-----w- c:\program files\Software Informer
2010-02-25 06:24 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-13 01:06 . 2007-12-15 22:44 -------- d-----w- c:\documents and settings\Mum\Application Data\ESTsoft
2010-02-02 18:00 . 2010-02-26 09:27 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2007-12-16 00:43 . 2007-12-16 00:44 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-08-10 01:46 . 2005-08-10 01:46 32266066 ----a-w- c:\program files\Paint.NET_300.wmv
2002-05-09 11:43 . 2007-12-16 10:19 5462 ----a-w- c:\program files\SETUP.LST
2002-05-09 11:43 . 2007-12-16 10:19 11977715 ----a-w- c:\program files\CookBook.CAB
2002-05-09 09:52 . 2007-12-16 10:19 1720 ----a-w- c:\program files\readme.txt
2009-03-20 08:15 . 2009-03-20 08:15 8 --sh--r- c:\windows\system32\0EB30C8B05.sys
2009-03-20 08:17 . 2009-03-20 08:15 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather Tracker3"="c:\program files\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-25 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-11 188416]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\programs\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wyc25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 04:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2009-10-17 08:35 1070984 ----a-w- f:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Activision\\EF2\\EF2.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [13/11/2009 3:41 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/06/2009 6:13 PM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/06/2009 6:13 PM 19024]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [1/03/2009 10:43 AM 37376]
S0 Wyc25;Wyc25;c:\windows\system32\Drivers\Wyc25.sys --> c:\windows\system32\Drivers\Wyc25.sys [?]
S1 SASDIFSV;SASDIFSV;f:\programs\sasdifsv.sys [23/06/2009 11:01 AM 9968]
S1 SASKUTIL;SASKUTIL;f:\programs\SASKUTIL.SYS [23/06/2009 11:01 AM 72944]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [9/12/2007 9:09 PM 45312]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [9/12/2007 9:09 PM 55936]
S3 SASENUM;SASENUM;f:\programs\SASENUM.SYS [23/06/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-04-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-05 23:00]

2010-04-05 c:\windows\Tasks\User_Feed_Synchronization-{1AE25C57-8CDA-491A-AD69-F0188140C69D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shophandmade.com/accountstoreinventory
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://upload.members.freewebs.com/Misc/Aurigma/ImageUploader5.cab
FF - ProfilePath - c:\documents and settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
FF - component: c:\documents and settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-fsm - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 11:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-746137067-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:d8,37,f0,85,00,98,e1,1e,81,fc,95,62,ec,bc,15,bf,46,77,f1,a7,77,
2d,71,36,ca,a3,75,bd,cd,c2,5e,ed,e2,bf,e5,98,45,f8,11,47,cb,f7,51,ae,60,6d,\
"rkeysecu"=hex:82,d1,5c,44,23,30,c0,da,5a,e3,d9,34,9f,56,fb,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3804)
c:\windows\system32\WININET.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\smc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2010-04-05 11:16:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-05 01:16
ComboFix2.txt 2008-01-16 22:39

Pre-Run: 43,529,412,608 bytes free
Post-Run: 43,513,221,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 2B53D347170209B05509DA067E1F8707

#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 04 April 2010 - 08:24 PM

Please use the Posted Image to reply. Its easier to read (it doesn't quote the entire previous post). Thanks.


I see that you have a P2P (Peer-to-Peer) file sharing program installed (uTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:
Data about Obama's helicopter breached via P2P?
Leak of congressional ethics document prompts calls for cybersecurity probe
Walter Reed suffers peer-to-peer data breach
Update: Seattle man arrested for p-to-p ID theft

More listed here:
Data Security Threats And Breaches
You should read the link at the bottom of that page:
Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.


Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {2751F3AD-5600-44cc-A653-8A24CAE5AF6D} - (no file)


Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows, and check the "agree" box and click "Continue".
    - Note: If you are running an x64 (64-bit) version of Windows, you need to install both the Windows (x32) and Windows x64 version.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • Java™ 6 Update 18
    • Java™ 6 Update 3
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your Desktop double-click on jre-6u19-windows-i586.exe that you downloaded to install the newest version (the x64 version is jre-6u19-windows-x64.exe).
    - Note: If you are running Vista, you may need to right-click on the installation file and select Run as Administrator.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:
c:\windows\system32\Drivers\Wyc25.sys


Another thing that happened, was that when I finished running mbam, I saw a message behind it saying: "A script in this movie is causing Adobe Flash Player 9 to run slowly. If it continues to run, your computer may become unresponsive. Do you want to abort this script". I get this message a lot and have no idea where it comes from or why. This time there was nothing going bu mbam.

Are you still receiving this message?


Please post a new HijackThis log, the log from Kaspersky's online scan, and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 05 April 2010 - 06:18 PM

I'll definitely be thinking about removing utorrent. Thanks for that info.

I couldn't run kaspersky, it kept freezing up, sometimes with that script error message, sometimes without. I tried several times, even leaving it overnight. Sometimes refreshing the page, and sometimes restarting the whole computer.

I couldn't find this file: c:\windows\system32\Drivers\Wyc25.sys. I tried a search for wyc25 itself, but to no avail.

Here's the hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:13 AM, on 6/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shophandm...tstoreinventory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celarte...ntrol_en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197193548640
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oztion.co...geUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://upload.member...geUploader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7647 bytes

thanks again

#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 06 April 2010 - 03:50 AM

I couldn't run kaspersky, it kept freezing up, sometimes with that script error message, sometimes without. I tried several times, even leaving it overnight.

Let's run this scanner then.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

I couldn't find this file: c:\windows\system32\Drivers\Wyc25.sys. I tried a search for wyc25 itself, but to no avail.

Let's try this then since the ComboFix log indicated that it was there.
Reconfigure Windows to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Now see if you can find c:\windows\system32\Drivers\Wyc25.sys, and if you can find it now please scan it at VirusTotal and post the results.

I'll definitely be thinking about removing utorrent. Thanks for that info.

OK, but in the meantime I would recommend at least removing the entry that runs the program unnecessarily at each system startup. If you chose to do that, then do this with HijackThis:

If you chose to remove the startup entry, run HijackThis and click "Do a system scan only." Place a check next to the following entry (if still there):

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entry you checked.

Please post a new HijackThis log, the log from ESET's online scan, the results from scanning the file at VirusTotal if you were able to find it, and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 06 April 2010 - 05:38 PM

I couldn't get eset to run on internet explore at all. But then I discovered you could download it and run it, so I did it that way. It found a game files that I had, and one that I still have. I checked them anyway.

I went through all those things you said, but I still couldn't find wyc25. I did another search right through the computer as well. I did another combofix scan to check if it's still there, and it is!!

I had utorrent set to start when the computer starts, I turned that off and it's no longer in Hijack this.

Here's the logs:

C:\Documents and Settings\All Users\Documents\Spore Creature Creator.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Documents and Settings\All Users\Documents\Spore Creature Creator\Sporebin\SporeCreatureCreator.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Program Files\Chicken Invaders 2\ChickenInvaders2.exe.BAK probably a variant of Win32/Agent trojan cleaned by deleting - quarantined


ComboFix 10-04-03.02 - Any of us 07/04/2010 8:51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.479.147 [GMT 10:00]
Running from: c:\documents and settings\Mum\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 12:33 . 2010-04-06 12:33 -------- d-----w- c:\program files\ESET
2010-04-05 03:32 . 2010-04-05 03:32 -------- d-----w- c:\program files\Common Files\Java
2010-04-04 23:37 . 2010-03-29 05:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 23:36 . 2010-03-29 05:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-04 07:53 . 2010-04-04 08:18 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ..Z....Z.Z
2010-03-27 00:27 . 2004-04-09 22:42 2944 ----a-w- c:\windows\system32\mbmiodrvr.sys
2010-03-21 22:25 . 2010-04-05 03:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-17 21:14 . 2010-03-17 21:14 -------- d-----w- c:\documents and settings\Mum\Application Data\Uniblue
2010-03-11 20:58 . 2010-03-11 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 22:19 . 2007-12-09 11:37 -------- d-----w- c:\program files\Chicken Invaders 2
2010-04-06 12:06 . 2009-06-28 09:42 -------- d-----w- c:\documents and settings\Mum\Application Data\uTorrent
2010-04-05 23:33 . 2008-09-05 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-05 03:31 . 2007-12-18 22:35 -------- d-----w- c:\program files\Java
2010-04-05 00:24 . 2007-12-24 23:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-03 05:48 . 2007-12-15 06:47 -------- d-----w- c:\program files\Common Files\Real
2010-04-03 04:38 . 2008-08-12 09:45 47 ----a-w- c:\windows\popcinfo.dat
2010-03-31 00:20 . 2010-01-07 08:26 -------- d-----w- c:\documents and settings\Mum\Application Data\QuickScan
2010-03-30 09:35 . 2010-04-04 00:37 670696 ----a-w- c:\documents and settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-03-30 09:34 . 2010-04-04 00:37 833448 ----a-w- c:\documents and settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-29 04:46 . 2009-01-11 00:26 -------- d-----w- c:\documents and settings\Mum\Application Data\gtk-2.0
2010-03-28 23:33 . 2008-09-06 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-27 06:28 . 2008-08-04 05:33 -------- d-----w- c:\documents and settings\Mum\Application Data\Free Download Manager
2010-03-27 01:52 . 2008-09-07 11:53 -------- d-----w- c:\documents and settings\Mum\Application Data\Malwarebytes
2010-03-27 01:52 . 2008-09-07 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 21:18 . 2009-10-24 09:47 -------- d-----w- c:\program files\uTorrent
2010-03-21 22:28 . 2010-03-21 22:28 503808 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d0d6af7-n\msvcp71.dll
2010-03-21 22:28 . 2010-03-21 22:28 499712 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d0d6af7-n\jmc.dll
2010-03-21 22:28 . 2010-03-21 22:28 348160 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d0d6af7-n\msvcr71.dll
2010-03-21 22:28 . 2010-03-21 22:28 61440 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-649caf96-n\decora-sse.dll
2010-03-21 22:28 . 2010-03-21 22:28 12800 ----a-w- c:\documents and settings\Mum\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-649caf96-n\decora-d3d.dll
2010-03-21 08:18 . 2007-12-08 09:58 86248 ----a-w- c:\documents and settings\Mum\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-12 21:16 . 2007-12-09 07:57 -------- d-----w- c:\program files\Alwil Software
2010-03-10 06:11 . 2007-12-09 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 11:24 . 2009-06-28 08:13 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 11:24 . 2009-06-28 08:12 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2009-06-28 08:13 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2009-06-28 08:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2009-06-28 08:13 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2009-06-28 08:13 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2009-06-28 08:13 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2009-06-28 08:13 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2009-06-28 08:13 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-01 21:19 . 2009-06-28 10:31 117760 ----a-w- c:\documents and settings\Mum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-01 21:08 . 2007-12-17 23:44 -------- d-----w- c:\program files\SpywareBlaster
2010-03-01 21:07 . 2010-01-06 04:59 52224 ----a-w- c:\documents and settings\Mum\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-25 23:13 . 2010-02-25 23:11 -------- d-----w- c:\documents and settings\Mum\Application Data\Software Informer
2010-02-25 23:10 . 2010-02-25 23:10 -------- d-----w- c:\program files\Software Informer
2010-02-25 06:24 . 2002-08-29 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-13 01:06 . 2007-12-15 22:44 -------- d-----w- c:\documents and settings\Mum\Application Data\ESTsoft
2010-02-02 18:00 . 2010-02-26 09:27 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2007-12-16 00:43 . 2007-12-16 00:44 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-08-10 01:46 . 2005-08-10 01:46 32266066 ----a-w- c:\program files\Paint.NET_300.wmv
2002-05-09 11:43 . 2007-12-16 10:19 5462 ----a-w- c:\program files\SETUP.LST
2002-05-09 11:43 . 2007-12-16 10:19 11977715 ----a-w- c:\program files\CookBook.CAB
2002-05-09 09:52 . 2007-12-16 10:19 1720 ----a-w- c:\program files\readme.txt
2009-03-20 08:15 . 2009-03-20 08:15 8 --sh--r- c:\windows\system32\0EB30C8B05.sys
2009-03-20 08:17 . 2009-03-20 08:15 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather Tracker3"="c:\program files\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-11 188416]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\programs\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wyc25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 04:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2009-10-17 08:35 1070984 ----a-w- f:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Activision\\EF2\\EF2.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [13/11/2009 3:41 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/06/2009 6:13 PM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/06/2009 6:13 PM 19024]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [1/03/2009 10:43 AM 37376]
S0 Wyc25;Wyc25;c:\windows\system32\Drivers\Wyc25.sys --> c:\windows\system32\Drivers\Wyc25.sys [?]
S1 SASDIFSV;SASDIFSV;f:\programs\sasdifsv.sys [23/06/2009 11:01 AM 9968]
S1 SASKUTIL;SASKUTIL;f:\programs\SASKUTIL.SYS [23/06/2009 11:01 AM 72944]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [9/12/2007 9:09 PM 45312]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [9/12/2007 9:09 PM 55936]
S3 SASENUM;SASENUM;f:\programs\SASENUM.SYS [23/06/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-05 23:00]

2010-04-06 c:\windows\Tasks\User_Feed_Synchronization-{1AE25C57-8CDA-491A-AD69-F0188140C69D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shophandmade.com/accountstoreinventory
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://upload.members.freewebs.com/Misc/Aurigma/ImageUploader5.cab
FF - ProfilePath - c:\documents and settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
FF - component: c:\documents and settings\Mum\Application Data\Mozilla\Firefox\Profiles\2ekon7wn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 09:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-746137067-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:d8,37,f0,85,00,98,e1,1e,81,fc,95,62,ec,bc,15,bf,46,77,f1,a7,77,
2d,71,36,ca,a3,75,bd,cd,c2,5e,ed,e2,bf,e5,98,45,f8,11,47,cb,f7,51,ae,60,6d,\
"rkeysecu"=hex:82,d1,5c,44,23,30,c0,da,5a,e3,d9,34,9f,56,fb,a4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3664)
c:\windows\system32\WININET.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-07 09:11:26
ComboFix-quarantined-files.txt 2010-04-06 23:11
ComboFix2.txt 2010-04-05 01:16
ComboFix3.txt 2008-01-16 22:39

Pre-Run: 43,228,553,216 bytes free
Post-Run: 43,304,759,296 bytes free

- - End Of File - - 652274507D82D215F7C70622BFEEB9DC


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:03 AM, on 7/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\My Documents\Downloads\esetsmartinstaller_enu.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shophandm...tstoreinventory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celarte...ntrol_en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197193548640
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oztion.co...geUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://upload.member...geUploader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7501 bytes


thanks

#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 06 April 2010 - 07:50 PM

I went through all those things you said, but I still couldn't find wyc25. I did another search right through the computer as well. I did another combofix scan to check if it's still there, and it is!!

Please don't run ComboFix unless requested. It's a powerful utility that could cause damage if run without supervision.

I couldn't get eset to run on internet explore at all. But then I discovered you could download it and run it, so I did it that way.

Where did you download this from? Was it the free trial?

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

Save the file to your Desktop.

Close any open browsers.

Close your AntiVirus and any anti-spyware programs you may be running.

For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

Killall::
Driver::
Wyc25
Folder::
c:\program files\Chicken Invaders 2
C:\Documents and Settings\All Users\Documents\Spore Creature Creator
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ..Z....Z.Z
File::
c:\windows\system32\Drivers\Wyc25.sys
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wyc25.sys]

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.

Please go to VirusTotal and submit the following file for a scan and post the detection results (I don't need the "additional information") in your next reply:
c:\windows\system32\mbmiodrvr.sys

Please post a new HijackThis log, the results from scanning the file at VirusTotal, and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered. Please also let me know how the system is running now.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 06 April 2010 - 09:06 PM

I got the Eset scaneer from the link you suggested, it seems they have this way to do it for Firefox users. Here's their info: "However, as a new feature, the compatibility with other browsers (Firefox, Opera, Netscape, etc.) was added. The only thing you have to do is to agree to the installation of ESET Smart Installer, an application, which will install and launch ESET Online Scanner in a new browser window."

Here's the scans:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:40 PM, on 7/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shophandm...tstoreinventory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celarte...ntrol_en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197193548640
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oztion.co...geUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://upload.member...geUploader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7608 bytes

Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.07 -
AhnLab-V3 5.0.0.2 2010.04.06 -
AntiVir 7.10.6.31 2010.04.06 -
Antiy-AVL 2.0.3.7 2010.04.06 -
Authentium 5.2.0.5 2010.04.07 -
Avast 4.8.1351.0 2010.04.06 -
Avast5 5.0.332.0 2010.04.06 -
AVG 9.0.0.787 2010.04.07 -
BitDefender 7.2 2010.04.07 -
CAT-QuickHeal 10.00 2010.04.06 -
ClamAV 0.96.0.3-git 2010.04.07 -
Comodo 4522 2010.04.07 -
DrWeb 5.0.2.03300 2010.04.07 -
eSafe 7.0.17.0 2010.04.06 -
eTrust-Vet 35.2.7411 2010.04.06 -
F-Prot 4.5.1.85 2010.04.06 -
F-Secure 9.0.15370.0 2010.04.07 -
Fortinet 4.0.14.0 2010.04.06 -
GData 19 2010.04.07 -
Ikarus T3.1.1.80.0 2010.04.07 -
Jiangmin 13.0.900 2010.04.06 -
Kaspersky 7.0.0.125 2010.04.07 -
McAfee-GW-Edition 6.8.5 2010.04.06 -
Microsoft 1.5605 2010.04.06 -
NOD32 5005 2010.04.06 -
Norman 6.04.11 2010.04.06 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.06 -
PCTools 7.0.3.5 2010.04.07 -
Prevx 3.0 2010.04.07 -
Rising 22.42.02.00 2010.04.07 -
Sophos 4.52.0 2010.04.07 -
Sunbelt 6146 2010.04.07 -
Symantec 20091.2.0.41 2010.04.07 -
TheHacker 6.5.2.0.256 2010.04.07 -
TrendMicro 9.120.0.1004 2010.04.06 -
VBA32 3.12.12.4 2010.04.05 -
ViRobot 2010.4.6.2263 2010.04.06 -
VirusBuster 5.0.27.0 2010.04.06 -
Additional information
File size: 2944 bytes
MD5...: 290fb01f7f51eff0960599404a09f8d6
SHA1..: 30ec1d2e0122f468e7d6587cd21adc748f244b44
SHA256: e4f339cfe9fea5572502ec6e8eb11741efc377acc1b13fd38f9823aeb2d40960
ssdeep: 48:q/w5Gc/n3VDhK1y7/onz1WzJjRrptL+Y+EcFq4GE2o:yw5GA3vK1y7+o1j1px
9o
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4ac
timedatestamp.....: 0x407807db (Sat Apr 10 14:42:35 2004)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x233 0x280 5.37 b411c841462a85379d708f8513a551b3
.rdata 0x580 0x82 0x100 2.83 e6ec983354a5b11888f5f570ef33f5ad
INIT 0x680 0xd4 0x100 3.84 c5df820ae9ed4f05df230ac1613c8c0a
.rsrc 0x780 0x380 0x380 3.34 2b172753da28bd0e9d2222cbfb524bb8
.reloc 0xb00 0x38 0x80 1.79 1f24faac1965b12ed35ff6005ada8c18

( 1 imports )
> ntoskrnl.exe: IoDeleteSymbolicLink, RtlInitUnicodeString, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, IofCompleteRequest

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: cansoft@livewiredev.com
copyright....: Copyright © 2002 Chris St. Amand
product......: Windows ® 2000 DDK driver
description..: MBMIO Driver
original name: mbmiodrvr.sys
internal name: MBMIO
file version.: 1.0 built by: WinDDK
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#14 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 06 April 2010 - 09:13 PM

Here's the combofix log:

ComboFix 10-04-05.06 - Any of us 07/04/2010 12:14:17.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.479.198 [GMT 10:00]
Running from: c:\documents and settings\Mum\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mum\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\windows\system32\Drivers\Wyc25.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ..Z....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZ...Z.ZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZ...ZZ..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZ..Z...Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZ..ZZZ..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZ.Z...Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZ.ZZ....ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZ.ZZ.Z.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ......ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ....ZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ....ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ...ZZ.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ.Z...ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ.Z.ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ.ZZ...ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ.ZZ..ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZ.ZZZ..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZZ...Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZZ..ZZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZZZ..ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZZZZ..Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZ.ZZZ..Z.Z\ZZZZZZZZZ.Z..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z........ZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.......ZZ...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.......ZZZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z......Z.Z....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z......Z.Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.....Z..Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.....Z..Z.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.....Z.Z..ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.....Z.Z.ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.....Z.ZZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.....ZZ..Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.....ZZ.Z...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z....Z...Z.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z....Z.Z..Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z....Z.ZZZ..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z....ZZ..Z..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z....ZZ.ZZ.Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z....ZZZZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z....ZZZZZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...Z..Z..ZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...Z.Z..Z..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...Z.Z.Z.ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...Z.ZZZ...ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...ZZ.Z.ZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...ZZ.ZZ..ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...ZZ.ZZZ..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...ZZZ..ZZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...ZZZ.ZZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z...ZZZZ.Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z..Z....Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z..Z...ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z..Z.ZZ...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z..ZZ...Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z..ZZZ....ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z..ZZZ.ZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.Z....ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.Z...Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.Z...ZZ.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.Z.Z...Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.Z.Z.ZZ.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.Z.ZZ.Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.ZZ.Z.Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.ZZZ...ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.ZZZ.Z.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.ZZZ.ZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..Z.ZZZZ..Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZ.........ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZ...Z.ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZ.Z...ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZ.Z.Z.Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZ.ZZZ.....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZ...ZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZ..ZZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZ.Z.ZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZ.ZZ.ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZZ.Z..ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZZ.Z.Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZZ.ZZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZZZ...Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZZZ..Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZZZ.ZZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZZZZ.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z..ZZZZZZ.ZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.........Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z......Z.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z......ZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.....Z.Z..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.....ZZ.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z....ZZZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z...Z..Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z...Z..Z..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z...Z.ZZ.ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z...ZZZ.Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z...ZZZZZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z..Z....Z..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z..Z...Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z..ZZ..ZZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z..ZZ.ZZZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z..ZZZZ.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z..ZZZZZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.Z.....Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.Z....Z.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.Z..Z.ZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.Z..ZZ.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.Z.ZZ.ZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZ.....ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZ...Z...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZ.Z...ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZ.Z..ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZ.ZZ.ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZ.ZZZ.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZ.ZZZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZZZ.....ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZZZ...ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZZZ..ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.Z.ZZZZZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ....ZZ....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ...Z.Z..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ...ZZ...ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ...ZZZ.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ..Z..ZZ....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.Z.....ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.Z...Z....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.Z..ZZ..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.Z..ZZ.ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.Z.Z.Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.Z.ZZZ.ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.ZZ.Z..ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.ZZ.ZZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZ.ZZ.ZZZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZ..Z.ZZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZ..ZZZ.Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZ.Z..Z..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZ.Z..Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZ.ZZZZZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZ....ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZ..Z.....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZ..Z..Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZ..ZZ.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZZ...ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZZ..Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZZ.Z.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZZ.Z.Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZZ.ZZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZZZ....Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\Z.ZZZZZZ.ZZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ........Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ......ZZ.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ....Z..ZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ....Z..ZZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ....Z.ZZZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ...Z.Z..Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ...Z.ZZ..Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ...ZZ.Z..Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ...ZZZ.Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z....Z....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z..ZZ..Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z..ZZ.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z..ZZ.ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z.Z...Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z.Z.ZZ.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z.Z.ZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z.ZZZ.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..Z.ZZZZ.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..ZZ...Z...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..ZZ...ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..ZZ..ZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..ZZ.Z.Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..ZZZ....Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ..ZZZ.Z.ZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.....Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.....ZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z....ZZZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z...ZZ...Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z...ZZ..Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z..ZZ.Z.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z..ZZZ.Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.Z...Z.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.Z...ZZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.Z..ZZ...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.Z.ZZ..Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.Z.ZZ.ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.ZZ....Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.ZZ.Z.Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.ZZZ..ZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.ZZZZ..ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.ZZZZZ..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.Z.ZZZZZZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZ.....ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZ..Z..Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZ..Z.ZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZ..ZZ.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZ..ZZZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZ.ZZZ...Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZ.ZZZ..Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZ.ZZZ.ZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZZ...Z.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZZ.Z...Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZZ.ZZ....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZZZ.ZZZ.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZZZZ...Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZZZZ..ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZZZZ..ZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZ.ZZZZZZZ.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.......Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.......ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ....Z.ZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ...Z....ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ...Z...ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ...ZZ.Z...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ...ZZZ......Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ...ZZZ.ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ...ZZZZ..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ..Z...Z.ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ..Z..Z.ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ..ZZ.Z.ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ..ZZZ...ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ..ZZZ.ZZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ..ZZZZZ..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.Z.....ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.Z....ZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.Z..Z.Z...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.Z.Z..Z.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.Z.Z.Z..ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.Z.Z.Z.ZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.Z.ZZ.Z..Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZ..Z.Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZ..ZZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZ.Z...ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZ.Z.Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZZ......Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZZ.ZZ.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZZZ..Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZZZ..ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZZZZZZ....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZ.ZZZZZZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ..Z...Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ..Z..Z.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ..Z.ZZ.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ..ZZZZ..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.Z......ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.Z...ZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.Z..Z..ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.Z.ZZZ..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.ZZ..Z.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.ZZ..Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.ZZ..Z.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.ZZ..ZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.ZZZZ..Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.ZZZZ.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZ.ZZZZ.Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZ....ZZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZ...Z.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZ..Z..ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZ..Z.Z..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZ..Z.ZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZ..Z.ZZ.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZ.Z...Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZ.Z.ZZZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZ..ZZ....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZ..ZZZ.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZ.ZZZ.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZ....Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZ...Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZ..ZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZ..ZZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZ..ZZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZ.Z....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZ.Z.Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZZ..Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ..ZZZZZZ....Z\ZZZZZZZZZ....ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.......ZZ.Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z......ZZ.ZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z......ZZZ.ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.....Z.ZZ.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.....ZZ....Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z....Z..ZZ...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z....Z..ZZ.Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z....Z.Z...ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z....ZZ.ZZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z......Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z..Z...ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z..Z.ZZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z..Z.ZZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z.Z...ZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z.Z..ZZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z.ZZ....Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z.ZZ..Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...Z.ZZZZ.ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...ZZ..Z......Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...ZZ.Z...ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...ZZ.ZZ...ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...ZZ.ZZZZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z...ZZZ....Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z....ZZ.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z...Z.Z.ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z...ZZ....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z..Z.Z.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z..ZZZ.Z..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z..ZZZZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.Z....Z..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.Z...Z.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.Z..Z.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.Z.Z..ZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.Z.Z.Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.Z.Z.Z.ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.Z.ZZZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.ZZ.....Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.ZZ..ZZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.ZZ.Z.Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.ZZ.Z.Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.ZZZZ...Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.ZZZZ..Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.ZZZZ.ZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..Z.ZZZZZ..Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ...Z..Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ...ZZ.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ..ZZZ..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ.Z..Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ.Z.Z.ZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ.Z.ZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ.Z.ZZZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ.ZZ.ZZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ.ZZZ..ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZ.ZZZZZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZZ......Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZZ.Z.ZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZZ.ZZ..Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZZZ.Z.ZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z..ZZZZZZ...Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.....ZZ...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.....ZZ..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z....Z.Z.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z....ZZ...Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z....ZZ...Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z...Z.Z.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z...Z.Z.ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z...ZZ.ZZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z...ZZZ......Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z...ZZZ.ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z...ZZZZ.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z...ZZZZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z..Z..ZZ.ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z..Z.ZZ....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z..ZZ..ZZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z..ZZ.Z.Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z..ZZ.ZZ..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z..ZZZZ......Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z..ZZZZ..Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z..ZZZZZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.Z....Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.Z...Z.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.Z...ZZ...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.Z..Z.Z.Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.Z..ZZ.ZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.Z.Z.Z...ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZ.....ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZ.Z..Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZ.Z.ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZ.ZZZ....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZ.ZZZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZZ...Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZZ.ZZZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZZZ...Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZZZ..Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZZZ..ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.Z.ZZZZ..ZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ.....ZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ....Z.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ...Z.ZZ.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ...ZZZ....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ..Z.Z.Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ..Z.ZZ.Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ..Z.ZZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ..ZZ.ZZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ..ZZZZ.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ.Z...Z.ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ.Z..Z.Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ.Z..ZZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ.Z.Z.ZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ.Z.ZZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ.ZZ.ZZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZ.ZZZ.Z..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZ...ZZ.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZ..ZZ..ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZ.Z...Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZ.Z...Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZ.ZZ.Z.ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZ.ZZ.ZZ....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZZZ.Z.ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZZZ.ZZ....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZZZZ.ZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\Z.ZZZZZZZ..ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ......ZZ....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ......ZZZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.....ZZZ...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.....ZZZZ.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ....Z....ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ....Z.Z...Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ....Z.ZZ.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ....ZZ.ZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ....ZZZ..Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ....ZZZZZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ...Z...ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ...Z..Z....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ...Z..Z.Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ...Z.ZZZ.ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ...Z.ZZZZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ...ZZ..ZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..Z....ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..Z..Z.ZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..Z.Z..ZZ.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..Z.Z.Z......Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..Z.Z.ZZZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..Z.ZZ.Z....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..Z.ZZ.ZZ.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..Z.ZZZ.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..ZZ....Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..ZZ....Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..ZZ....ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..ZZ..ZZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..ZZZ....ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..ZZZ..Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..ZZZ.Z..Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ..ZZZ.Z..ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z......Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.....Z.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.....ZZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z....ZZ.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z...Z.ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z..Z...Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z..Z..Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z..ZZ...ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z..ZZ.Z...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z..ZZZ.ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.Z...Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.Z..Z.ZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.Z.ZZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.ZZ...Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.ZZ..Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.ZZ..Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.ZZ.Z.Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.ZZ.Z.ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.ZZ.ZZ.Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.ZZZ...ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.Z.ZZZZ.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZ...ZZ..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZ...ZZ.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZ..Z.Z....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZ..ZZ...ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZ..ZZZZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZ.ZZZ....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZ.ZZZZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZ..ZZZ....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZ.Z.ZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZ.ZZ....ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZ.ZZZ.ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZZ..Z.ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZZ.Z.ZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZZ.ZZ..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZZZZ....ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZ.ZZZZZZZ.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ....ZZZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ...Z.ZZ.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ...Z.ZZ....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ..Z..Z....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ..Z..ZZ.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ..Z.Z..Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ..Z.ZZ...ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ..ZZ....ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ..ZZ..ZZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ..ZZ.ZZ.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z......Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z..Z..Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z..Z.Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z..ZZ...Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z..ZZ.Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z..ZZ.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z.Z.Z....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z.Z.Z.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z.ZZ.ZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.Z.ZZZ.Z...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.ZZ..ZZ...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.ZZ.Z.Z.ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.ZZ.ZZ..ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.ZZ.ZZ..ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.ZZZ..ZZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.ZZZ..ZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZ.ZZZ.ZZ..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ....Z.ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ....ZZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ...Z...ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ...ZZZ.ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ...ZZZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ..Z..Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ..ZZ...Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ..ZZZ..Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ..ZZZ.ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ.Z.....Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ.Z...ZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ.Z..ZZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ.ZZZ..ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZ.ZZZZ.ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ...Z.Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ...ZZ..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ..Z.Z..Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ..Z.Z..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ.Z.Z.ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ.ZZ...ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ.ZZ.Z.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ.ZZ.ZZ....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZ.ZZZ.ZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZ....Z....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZ....ZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZ...ZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZ..Z.ZZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZ.ZZ..ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZ.ZZZ.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZ.ZZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZZ.ZZ.ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZZZ..ZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.Z..Z.ZZ...ZZ\ZZZZZZZZ.Z...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..........Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z........ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.......ZZZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z......ZZ.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.....ZZ..ZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.....ZZ.Z.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....Z...Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....Z..Z.Z.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....Z..ZZZ..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....Z..ZZZ.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....Z.Z.ZZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....Z.ZZZZ..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....Z.ZZZZ.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....ZZ..Z.Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....ZZZ.Z.ZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z....ZZZZZ..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...Z....ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...Z...Z...Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...Z..ZZ....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...Z..ZZZ..ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...Z.Z...Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...Z.Z..Z..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...Z.ZZZ.Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...ZZ...Z..ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...ZZ.Z.Z...Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...ZZZ.......ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...ZZZ..Z.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...ZZZ.Z.ZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...ZZZZ.....Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...ZZZZ...ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z...ZZZZ..Z..Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.......Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z....Z..ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z....ZZ.ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z....ZZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z...Z....ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z...Z..Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z...Z.ZZZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z...ZZ..ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z..Z.Z..ZZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z..Z.Z.Z.ZZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z..Z.Z.ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z..ZZ.Z.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z..ZZZ.Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.Z...ZZ.Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.Z..Z..Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.Z..ZZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.Z.Z.ZZ....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.ZZ.Z...ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.ZZ.Z.ZZZ..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.ZZZ...Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..Z.ZZZ.Z.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZ..Z..Z.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZ..Z..ZZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZ.Z.Z.Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZ.ZZ...Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZ.ZZ...Z.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZ.ZZZ.....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZ.ZZZ.ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZ.ZZZZ...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZ...Z...ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZ...Z.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZ..ZZ.Z...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZ..ZZ.ZZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZ.Z..Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZ.Z.Z....ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZZ.ZZ..Z..Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZZZ..ZZ...Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZZZ..ZZ..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z..ZZZZZZZ.....Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z.......Z..ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z......ZZZ.Z.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z.....Z..Z..ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z....ZZZ.ZZ.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z...Z....Z.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z...Z..ZZ...ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z...Z..ZZ.ZZ.Z
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z...Z.ZZZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z...ZZZ.ZZ.ZZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z..Z....Z.Z.ZZ
c:\3590f75aba9e485486c100c1a9d4ff06zzzzzz..z....z.z\ZZZ.ZZZ.....ZZZZ\Z.Z..Z.ZZZ..ZZZZ
c:\3590f7

#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 06 April 2010 - 09:43 PM

How is the system running now?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 06 April 2010 - 10:02 PM

I think it's better, but still not 100%.

#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 08 April 2010 - 04:30 AM

I couldn't run kaspersky, it kept freezing up, sometimes with that script error message, sometimes without.

Let's try this stand-alone Kaspersky tool instead, it doesn't rely on an Internet connection.

Download the latest version of the Kaspersky Virus Removal Tool
  • Reboot to Safe mode.
  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
  • If malware is detected, place a checkmark in the Apply to all objects box at the bottom of the window, and click the Delete button (or Disinfect if the button is active). The choice may need to be repeated depending on the ability to disinfect any infection found.
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Report button.
  • Click the + to the left of your scan results to expand the entry (starts with Autoscan).
  • Hold down the Control key and press the "A" (CTRL+A) to select all the log entries, and then CTRL+C to copy the entries.
  • Start Notepad.
  • Paste the copied log entries into the Notepad window (either Edit > Paste from the drop-down menu or CTRL+V).
  • Save the log file to the desktop as KVRT.txt .
  • Click the Close button to close the Report window.
  • Click the Exit button in the main program window.
  • You will be prompted if you want to uninstall the program; click Yes, and then confirm that you want to completely remove the Virus Removal Tool.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the contents of the log you saved (KVRT.txt) in your next reply along with a new HijackThis log, and let me know how the system is running.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 08 April 2010 - 11:24 PM

Looks like it found nothing new. I think the system is a little better, but it still seems slow. I wonder if it's just getting old, it's around 10 years old. Also I got that script error message again.

Autoscan: completed 42 minutes ago (events: 2, objects: 693356, time: 16:30:22)
8/04/2010 9:47:27 PM Task started
9/04/2010 2:17:51 PM Task completed


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:36 PM, on 9/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shophandm...tstoreinventory
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://tky09.celarte...ntrol_en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/stg_drm.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecu...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook....ls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197193548640
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oztion.co...geUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://upload.member...geUploader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Super%20Collapse!%20Puzzle%20Gallery/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7477 bytes


thanks

#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 10 April 2010 - 09:56 AM

I wonder if it's just getting old, it's around 10 years old.

That does sound like a bit on the old side, which means its likely to be a slower processor, and probably has a lower amount of Memory. How much RAM is installed?

You might want to take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:
http://users.telenet...owcomputer.html
In particular, look at StartUpLite mentioned on that page.

Also I got that script error message again.

Here's the basic problem causeing that message; a slow system could be the culprit.
http://kb2.adobe.com...5/tn_15512.html

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.

Did that help any?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#20 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 10 April 2010 - 08:58 PM

I added some RAM a couple of years ago, it's now got 512MB.

I often do a cleanup with CCleaner and I defrag ocassionally. I check startup entries using Spybot, but Startuplite is really good, I don't have to go looking up every entry!

It still seems a bit sluggish, but I changed from Sygate to Kerio, that seemed to make a difference too.

#21 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 11 April 2010 - 12:06 PM

You could also disable Adobe Reader Speed Launcher(F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe) with StartUpLite, as it's not essential.

With the system being 10 years old, I imagine it's a relatively slow processor, and you mention having upgraded to 512MB RAM a couple of years ago. That's what I'd consider a minimum amount for Windows XP. You find lower minimum recommended amounts, but with the updates it's received, and the requirements of other current software, I'd consider 512MB the minimum for decent performance, and that performance is of course also impacted by the processor speed and the software you run, although depending on your other installed software, it may work sufficiently well for you to not need to upgrade. That decision can be subjective, and up to the user.

To help keep malware off your system:
  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector scan to see what programs need to be updated (not for x64 Windows).
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...2002/hosts.htm.
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools.../products.html.
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955
Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#22 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 11 April 2010 - 04:20 PM

Yeah, I think you can mark it as being resolved. I'll save up for a new PC sometime. By the way with all that going on, did we actually find any malware?

Now I'll start another post for my daughter's laptop, that's playing up too.

Thanks so much for your help.

#23 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 14 April 2010 - 07:47 PM

I forgot to mention that I often hear a strange sound from the computer, I've always assumed it was the fan. But I just found a site that talks about the different sounds a drive will make when it's ready to die. Could this be my problem. It sounds like the fan is struggling to turn, it often makes the same sort of sound even after I've just cleaned and oiled it, I looked on the internet how to do all that, and I know it's not always perfect to oil the fan, but I hoped it would help. But I've never been exactly sure it was the fan that made the sound, it turns perfectly when I'm cleaning it. The sound doesn't seem to come from the back, where the fan at the power area is.

I wonder if you would know

thanks

#24 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 14 April 2010 - 08:20 PM

You oiled the fan? Just replace it, fans are cheap, probably about $10. You just need to know the size (diameter), and what type of connector it has (molex, 3-pin).
http://www.ehow.com/...-case-fans.html
http://en.wikipedia....ki/Computer_fan
The only tool it takes is a screwdriver.
If you aren't sure it's the case fan, carefully run the system with the case open and see if you can hear where the sound is coming from. There's also the processor fan as a possibility. There are only so many sources of possible noise in a computer: generally either a fan (case, CPU) or a drive (hard drive, CD/DVD).

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#25 craftcove

craftcove

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 14 April 2010 - 11:32 PM

Yeah, I'm pretty sure it's the fan, I'll have to decide whether to bother getting a new fan, or just getting a new pc really soon.

Thanks again

Edited by craftcove, 14 April 2010 - 11:38 PM.


#26 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 15 April 2010 - 03:54 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button