Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirects

Started by Sinoito , Jan 04 2011 09:43 PM

  • This topic is locked This topic is locked

#1
Sinoito
Posted 04 January 2011 - 09:43 PM

Sinoito

    Member

  • Member
  • PipPip
  • 58 posts
My computer is running slowly and google searches redirect in both Firefox and IE. I have scanned the computer multiple times with Malwarebytes and Spybot. I have also done the steps in the Google Redirects tutorial but to no avail. Below is my OTL log. Thank you very much.

OTL logfile created on: 1/4/2011 10:36:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Malerie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.00 Gb Total Space | 39.85 Gb Free Space | 56.93% Space Free | Partition Type: NTFS
Drive E: | 200.00 Gb Total Space | 196.66 Gb Free Space | 98.33% Space Free | Partition Type: NTFS
Drive F: | 28.08 Gb Total Space | 22.11 Gb Free Space | 78.73% Space Free | Partition Type: NTFS

Computer Name: SAMSON | User Name: Malerie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 21:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malerie\Desktop\OTL.exe
PRC - [2010/07/11 13:17:50 | 018,707,640 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2010/01/05 07:56:02 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/12/11 10:29:38 | 000,040,960 | ---- | M] () -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
PRC - [2009/12/07 04:22:08 | 000,266,888 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\Malerie\Application Data\Smilebox\SmileboxTray.exe
PRC - [2009/10/22 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/10/22 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/10/22 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/10/22 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 15:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/09 20:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 19:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/12/20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/01/04 21:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malerie\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/11 10:29:38 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
SRV - [2009/10/22 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/10/22 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/10/22 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/22 19:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/22 19:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/10/22 19:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 19:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/10/22 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/07/03 17:19:08 | 000,246,920 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2008/12/17 01:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 01:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 00:54:30 | 000,495,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/18 13:20:12 | 000,073,600 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DlinkUDSMBus.sys -- (DlinkUDSMBus)
DRV - [2008/08/18 13:20:06 | 000,097,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DlinkUDSTcpBus.sys -- (DlinkUDSTcpBus)
DRV - [2008/04/17 16:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/17 12:54:50 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2008/04/17 12:54:50 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) DashHawk USB Device driver (WDM)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/02 10:15:26 | 006,008,704 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/11 16:34:40 | 000,242,320 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pilotonline.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.time.com/time/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1373

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/21 10:52:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 11:45:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 11:45:06 | 000,000,000 | ---D | M]

[2009/01/31 23:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malerie\Application Data\Mozilla\Extensions
[2011/01/03 14:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malerie\Application Data\Mozilla\Firefox\Profiles\xs03ca3r.default\extensions
[2009/09/02 12:46:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Malerie\Application Data\Mozilla\Firefox\Profiles\xs03ca3r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/04 22:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/06 05:40:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 10:52:11 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/01/31 21:31:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/10/22 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/01/04 21:47:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\Malerie\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\5.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk = C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Malerie\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233436658328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...8.38/ttinst.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Malerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/31 15:29:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4d1660c2-090a-11e0-8ea8-0030489d44f7}\Shell\AutoRun\command - "" = H:\Setup_Bloggie.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 22:35:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Malerie\Desktop\OTL.exe
[2011/01/04 21:47:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/03 19:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/03 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/03 19:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/01/02 15:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/02 15:46:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/02 15:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/02 15:46:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/02 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/02 11:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Start Menu\Programs\Quick Defrag
[2010/12/26 00:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Application Data\vlc
[2010/12/26 00:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/25 23:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Local Settings\Application Data\Sony Corporation
[2010/12/25 23:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Application Data\Sony Corporation
[2010/12/25 23:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bloggie Software
[2010/12/25 23:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/25 23:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\My Documents\Bloggie Library
[2010/12/25 23:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/12/16 19:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Desktop\patrick christmas
[2009/02/03 16:30:51 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[2009/02/03 16:30:51 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2009/02/03 16:30:39 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2009/02/03 16:30:39 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2009/02/03 16:30:39 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2009/02/03 16:30:39 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2009/02/03 16:30:39 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2009/02/03 16:30:39 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2009/02/03 16:30:38 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2009/02/03 16:30:38 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll

========== Files - Modified Within 30 Days ==========

[2011/01/04 22:33:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/04 22:33:47 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/04 22:33:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/04 21:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malerie\Desktop\OTL.exe
[2011/01/04 21:01:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/04 19:48:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/03 19:14:12 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/02 15:46:44 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 15:40:52 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~FLp3nBvLLZg9Otd
[2011/01/02 15:40:52 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~FLp3nBvLLZg9Otdr
[2011/01/02 15:40:48 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FLp3nBvLLZg9Otd
[2011/01/02 11:50:27 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~DERQGgySsAep
[2011/01/02 11:50:27 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~DERQGgySsAepr
[2011/01/02 11:50:23 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DERQGgySsAep
[2010/12/31 03:16:51 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/28 12:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/28 08:53:06 | 000,255,814 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\NFCU.docx
[2010/12/26 00:07:41 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/12/25 23:54:48 | 000,000,886 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
[2010/12/25 23:54:48 | 000,000,856 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Bloggie Software.lnk
[2010/12/23 16:34:45 | 000,397,002 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\Foot locker.docx
[2010/12/21 22:57:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/12/21 22:57:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 15:38:06 | 000,012,799 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\General Assembly Committee Report Sheet.docx
[2010/12/16 06:47:53 | 000,013,877 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\Resume 2010 final.docx
[2010/12/16 06:47:47 | 000,017,459 | ---- | M] () -- C:\Documents and Settings\Malerie\My Documents\When I started reading this book.docx
[2010/12/15 03:03:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/13 13:43:21 | 000,109,802 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\Exam _2 Solutions.pdf
[2010/12/08 20:10:33 | 000,051,737 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\snapshot.jpg
[2010/12/06 22:44:25 | 000,094,190 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\313lab.jpg
[2010/12/06 20:42:41 | 000,012,697 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\scholarship essay 250 wds.docx
[2010/12/06 20:15:39 | 000,426,014 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\pat.jpg
[2010/12/05 23:37:41 | 000,073,334 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie7.jpg
[2010/12/05 23:37:27 | 000,070,553 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie6.jpg
[2010/12/05 23:37:05 | 000,071,378 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie5.jpg
[2010/12/05 23:11:44 | 000,077,829 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie4.jpg
[2010/12/05 23:03:45 | 000,083,576 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie3.jpg
[2010/12/05 22:54:33 | 000,080,705 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie2.jpg

========== Files Created - No Company Name ==========

[2011/01/03 19:14:12 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/02 15:46:44 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 15:40:52 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~FLp3nBvLLZg9Otd
[2011/01/02 15:40:52 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~FLp3nBvLLZg9Otdr
[2011/01/02 15:40:48 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FLp3nBvLLZg9Otd
[2011/01/02 11:50:27 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~DERQGgySsAep
[2011/01/02 11:50:27 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~DERQGgySsAepr
[2011/01/02 11:50:23 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DERQGgySsAep
[2010/12/28 08:53:05 | 000,255,814 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\NFCU.docx
[2010/12/26 00:07:41 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/12/25 23:54:48 | 000,000,886 | R--- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
[2010/12/25 23:54:48 | 000,000,856 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Bloggie Software.lnk
[2010/12/23 15:47:32 | 000,397,002 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\Foot locker.docx
[2010/12/16 15:38:06 | 000,012,799 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\General Assembly Committee Report Sheet.docx
[2010/12/16 06:47:47 | 000,017,459 | ---- | C] () -- C:\Documents and Settings\Malerie\My Documents\When I started reading this book.docx
[2010/12/13 13:43:20 | 000,109,802 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\Exam _2 Solutions.pdf
[2010/12/08 20:10:33 | 000,051,737 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\snapshot.jpg
[2010/12/06 22:44:05 | 000,094,190 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\313lab.jpg
[2010/12/06 20:14:09 | 000,426,014 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\pat.jpg
[2010/12/06 19:52:57 | 000,012,697 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\scholarship essay 250 wds.docx
[2010/12/05 23:37:40 | 000,073,334 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie7.jpg
[2010/12/05 23:37:26 | 000,070,553 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie6.jpg
[2010/12/05 23:37:04 | 000,071,378 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie5.jpg
[2010/12/05 23:11:43 | 000,077,829 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie4.jpg
[2010/12/05 23:03:45 | 000,083,576 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie3.jpg
[2010/12/05 22:54:32 | 000,080,705 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\seniorhoodie2.jpg
[2009/11/20 09:47:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/02 18:21:01 | 000,000,306 | ---- | C] () -- C:\WINDOWS\PAScreen.ini
[2009/11/02 18:20:46 | 000,000,673 | ---- | C] () -- C:\WINDOWS\bsc.ini
[2009/11/02 18:20:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/11/02 18:20:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\lfplt11n.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 18:38:58 | 000,000,140 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/03 23:59:01 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Malerie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 18:27:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/20 17:29:08 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/03 16:30:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2009/02/03 16:30:50 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2009/02/03 16:30:45 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2009/02/03 16:30:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2009/02/03 16:30:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2009/02/03 16:30:39 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2009/01/31 23:23:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/31 16:06:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/31 15:53:36 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4943.dll
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll

========== LOP Check ==========

[2009/02/15 18:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/08 18:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/20 09:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/11 13:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/15 18:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/02 10:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/02/15 18:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\acccore
[2009/11/20 09:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\Canneverbe Limited
[2009/11/20 09:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\Canneverbe_Limited
[2010/02/10 19:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\Dev-Cpp
[2009/03/03 14:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\Leadertech
[2010/08/04 20:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\ooVoo Details
[2009/02/12 18:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\OpenOffice.org
[2010/01/21 15:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\Smilebox
[2009/06/13 20:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\SystemRequirementsLab
[2009/07/29 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malerie\Application Data\VirtualStore

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Dakeyras
Posted 08 January 2011 - 06:05 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,773 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :D

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

At present you have both SpybotSD TeaTimer and SUPERAntiSpyware active in system memory. Both will be causing a system conflict with the McAfee VirusScan Enterprise you also have installed and actually lesson overall online protection as a consequence. Also they will actually hinder the overall malware removal process. I will be asking your good self to uninstall both shortly. By all means you may reinstall both when I give the all clear but my advice would be to keep both as on-demand scanners only.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

SpybotSD
SUPERAntiSpyware

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Scan With RKUnHooker:

  • Please download RKUnhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • RKUnHooker Log.
  • TDSSKiller Log.

  • 0

#3
Sinoito
Posted 08 January 2011 - 03:59 PM

Sinoito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thank you Dakeyras. When I try to run the TDSSKiller.exe, the program does not run. I've tried restarting the computer and running the exe again but the same happens. The google redirects still occur in both IE and Firefox. The computer is also still slow. Here is the RKUnHooker log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9772000 C:\WINDOWS\System32\DRIVERS\igxpmp32.sys 6008832 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA19EC000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4874240 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF25B000 C:\WINDOWS\System32\igxpdx32.DLL 3174400 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 2146304 bytes (Intel Corporation, Component GHAL Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9E47000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA1811000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB1FCD000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA191C000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA142C000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB9DAE000 mfehidk.sys 335872 bytes (McAfee, Inc., McAfee Link Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9FB86000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB96D7000 C:\WINDOWS\System32\DRIVERS\e1e5132.sys 253952 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB1F92000 C:\WINDOWS\system32\DRIVERS\sxuptp.sys 241664 bytes (silex technology, Inc., SXUPTP Driver)
0xB202B000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA163C000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E1A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x9DE70000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA1881000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA18F4000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA18CE000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9715000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA19C8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB973A000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB96A0000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA0DFC000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA18AC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9E00000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA17D1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9ED4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB206C000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA0FA6000 C:\WINDOWS\system32\drivers\mfeavfk.sys 86016 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xA0DBF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB96C3000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB975E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA1975000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB968E000 C:\WINDOWS\System32\Drivers\DlinkUDSMBus.sys 73728 bytes (Windows ® Codename Longhorn DDK provider, KCodes Master Bus of USB Software Bus By TCP)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xA0FE3000 C:\WINDOWS\system32\drivers\mfeapfk.sys 69632 bytes (McAfee, Inc., Access Protection Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB205B000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB2103000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA148000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0F8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA128000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA218000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA158000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA11E4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA208000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA108000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA228000 C:\WINDOWS\system32\drivers\mfetdik.sys 57344 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xBA0E8000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2F8000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1A8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB79FB000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB465E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA138000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1C8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA278000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1F8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB2113000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA308000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA1084000 C:\WINDOWS\system32\drivers\mfebopk.sys 36864 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xB9030000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA258000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA0255000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA238000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3D8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA430000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA448000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA438000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA440000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB45C6000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA428000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3C8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB77DB000 C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0xBA398000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA388000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA390000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA450000 C:\WINDOWS\System32\Drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3F8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB4711000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7A57000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA1779000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA5A4000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB4709000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB46F9000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB7A5F000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA5A0000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA578000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA628000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA63C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA62C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA62A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5BA000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA62E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA624000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA65A000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA774000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7CF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6D1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x8B0D5BF5 Unknown page with executable code, 1035 bytes
0x8B0D5A95 Unknown page with executable code, 1387 bytes
0x8B0D3F5A Unknown page with executable code, 166 bytes
0x8B0D13CC Unknown page with executable code, 3124 bytes
0x8B0D430A Unknown page with executable code, 3318 bytes
0x8B0D028A Unknown page with executable code, 3446 bytes
0x8B0D6143 Unknown page with executable code, 3773 bytes
0x8B0D3E7B Unknown page with executable code, 389 bytes
0xBA0C8000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x8B0D453C Unknown thread object [ ETHREAD 0x8B034810 ] TID: 136, 600 bytes
0x8B0D652D Unknown thread object [ ETHREAD 0x8B031BF0 ] TID: 140, 600 bytes
0x8B0D423F Unknown thread object [ ETHREAD 0x8B11E6A0 ] , 600 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\#SharedObjects\22N6WU3D\admin.brightcove.com\com.quantserve.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\#SharedObjects\22N6WU3D\secure-us.imrworldwide.com\_ggCvar.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\#SharedObjects\22N6WU3D\secure-us.imrworldwide.com\_ggCvar_temp.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\#SharedObjects\22N6WU3D\secure-us.imrworldwide.com\_ggMCvar_1.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\#SharedObjects\22N6WU3D\static.scanscout.com\com.quantserve.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com\settings.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com\settings.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secure-us.imrworldwide.com\settings.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.scanscout.com\settings.sol
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@abmr[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@advertise[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@apmebf[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@atdmt[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@clickpayz9.91452.get-search-results[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@contextweb[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@dc.tremormedia[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@exelator[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@fastclick[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@media6degrees[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@network.realmedia[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@quantserve[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@realmedia[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@ru4[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@scanscout[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@scorecardresearch[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@tubemogul[1].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@www.younghollywood[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Cookies\malerie@younghollywood[2].txt
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\1181361429@Top1[1]
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\2491[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\2491[2].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\328_config[1].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\44143148_602809036001_vs-602808293001[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\44143148_620162450001_JRRotem480x360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\44143148_628054712001_vs-628045632001[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\44143148_656411033001_JesseMcCartneyFAN480x360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\44143148_72184720001_TheCataracs480X360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\44143148_87663002001_CaliSwag480X360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\back_logo[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\crossdomain[4].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\crossdomain[6].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\f8a62ee7-0de4-4c35-a95e-84b92549e972[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\get[2].media
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\home[1].css
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\jquery.ui.core[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\left_arrow-20[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\rigth_arrow-20[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\rss_celeb_and_cars[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\rss_global_grid[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\rss_tmz[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\soc03[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\soc04[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\ssAdUtils[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\style[2].css
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\title_back_wide[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\trans[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\ui-bg_gloss-wave_35_f6a828_500x100[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\ui.base[1].css
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\VideoSkin3[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\0ZTZERN1\younghollywood_com[1].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\1pix[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\1pix[2].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\3358[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\44143148_558163510001_Hwood480x360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\44143148_626386817001_AlexdaKid480x360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\44143148_643163512001_vs-643132089001[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\44143148_73195494001_NAS480X360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\44143148_79169025001_CypressHill480X360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\499f3bdc469a1[1].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\acCA85LG4J.htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\acCAABHIRB.htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\acCAASPGDZ.htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\acCALUZFNA.htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\acCANXE1MN.htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\ac[10].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\ac[11].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\ac[7].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\ac[9].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\amf[1]
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\are3[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\BCMenu[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\BrightcoveAPIModule[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\BrightcoveBootloader[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\convpixel[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\crossdomain[1].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\drts[1].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\FP10StreamingMediaController[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\jquery-1.4.1[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\jquery.ui.widget[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\l[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\meld[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\mootools-yui-compressed[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\next[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\p-01-0VIaSjnOLg[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\prev[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\rigth_arrow-32[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\ros[1].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\rss_id_lator[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\rss_socialite_life[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\soc05[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\ui-bg_glass_100_f6f6f6_1x400[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\ui.core[1].css
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\ui.theme[1].css
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\9ZY860AG\WidgetVideoPlayer3[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\300x250_SFLY_Q1_2011_StoryBook_Photobooks[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\44143148_541449208001_ReflectionEternal480x360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\44143148_632135087001_vs-632132842001[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\44143148_637927813001_vs-637915459001[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\44143148_740956949001_vs-740942643001[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\4990d7c0cf71635985283e6f80557205[1].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\adServer[1].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\AdvertisingModule[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\backcookie[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\banners[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\core-as3-v4.4.0[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\crossdomain[10].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\crossdomain[8].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\crossdomain[9].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\demos[1].css
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\dl_0[1].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\favicon[1].ico
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\fetch_video[1].json
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\Flat[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\getad[1].aspx
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\load[1]
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\miyamoto[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\player_bc_updated[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\rss_too_fab[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\services[1].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\services[2].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\soc02[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\ss_ads3[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\ui-bg_glass_65_ffffff_1x400[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\ui-bg_highlight-soft_100_eeeeee_1x100[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\ui.tabs[1].css
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\wz_tooltip2[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\AP9ODPMX\younghollywood_logo[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\01[1].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\1pix[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\1pix[2].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\44143148_41588091001_ShwayzeMVIP-still[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\44143148_594958901001_SamAdams480x360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\44143148_635579922001_vs-635571863001[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\44143148_741982411001_SeanGarrett480x360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\44143148_84470657001_ChiddyBang480X360[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\ac[2].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\adStreamJSController[1].xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\all[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\bcacudeomodule[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\BrightcoveExperiences[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\BrightcovePlayer[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\crossdomainCA0TA1WW.xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\crossdomainCA5HVUMR.xml
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\demo[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\e%3Dtrue%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=641962;sub2=641964;sub3=641965;sub4=641963;misc=373158625[1]
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\exchange_arrow[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\getjs[1].aspx
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\ggce353[1].swf
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\jquery.ui.tabs[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\jump1[1].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\left_arrow-32[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\l[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\meld[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\partner1_1c05a0ab-4edd-4254-8b82-5722cfa5bf66[1].flv
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\rss_celebbuzz[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\rss_just_jared[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\rss_pop_eater[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\rss_tv_squad[1].jpg
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\sean-garrett-on-beyonce[1].htm
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\soc01[1].png
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\ssInplayerCampaign[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\StdBanner[1].js
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\ui.all[1].css
!-->[Hidden] C:\Documents and Settings\Malerie\Local Settings\Temporary Internet Files\Content.IE5\J7PIYFF5\up_back[1].gif
!-->[Hidden] C:\Documents and Settings\Malerie\My Documents\My Music\Dashboard_Confessional-A_Mark_A_Mission_A_Brand_A_Scar-_Advance_-2003-FNT\Dashboard_Confessional-A_Mark_A_Mission_A_Brand_A_Scar-(Advance)-2003-FNT\09-dashboard_confessional-carve_your_heart_out-fnt.mp33
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateFile, Type: Inline - RelativeJump 0x80579084-->B9DCF7BC [mfehidk.sys]
ntkrnlpa.exe-->NtCreateKey, Type: Inline - RelativeJump 0x806237C8-->B9DCF67A [mfehidk.sys]
ntkrnlpa.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x805D11EA-->B9DCF614 [mfehidk.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x805D1134-->B9DCF628 [mfehidk.sys]
ntkrnlpa.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80623C64-->B9DCF68E [mfehidk.sys]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x80623E34-->B9DCF6BA [mfehidk.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80624014-->B9DCF728 [mfehidk.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Inline - RelativeJump 0x8062427E-->B9DCF712 [mfehidk.sys]
ntkrnlpa.exe-->NtLoadKey2, Type: Inline - RelativeJump 0x806255F8-->B9DCF73E [mfehidk.sys]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x805B1FE6-->B9DCF7FC [mfehidk.sys]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Inline - RelativeJump 0x806259B6-->B9DCF76A [mfehidk.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80624BA6-->B9DCF666 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x805CB3FA-->B9DCF5D8 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Inline - RelativeJump 0x805CB686-->B9DCF5EC [mfehidk.sys]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x805B83CA-->B9DCF7D0 [mfehidk.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Inline - RelativeJump 0x80624EE8-->B9DCF7A6 [mfehidk.sys]
ntkrnlpa.exe-->NtQueryMultipleValueKey, Type: Inline - RelativeJump 0x80622916-->B9DCF6FC [mfehidk.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Inline - RelativeJump 0x806219EC-->B9DCF6E6 [mfehidk.sys]
ntkrnlpa.exe-->NtRenameKey, Type: Inline - RelativeJump 0x806231EA-->B9DCF6A4 [mfehidk.sys]
ntkrnlpa.exe-->NtReplaceKey, Type: Inline - RelativeJump 0x8062589C-->B9DCF792 [mfehidk.sys]
ntkrnlpa.exe-->NtRestoreKey, Type: Inline - RelativeJump 0x806251A8-->B9DCF77E [mfehidk.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Inline - RelativeJump 0x805D16F4-->B9DCF652 [mfehidk.sys]
ntkrnlpa.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x805CDE44-->B9DCF63E [mfehidk.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x80621D3A-->B9DCF6D0 [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x805D2982-->B9DCF82B [mfehidk.sys]
ntkrnlpa.exe-->NtUnloadKey, Type: Inline - RelativeJump 0x80622064-->B9DCF754 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x805B2DF4-->B9DCF812 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x80504B08-->B9DCF7E6 [mfehidk.sys]
[1080]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1080]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1080]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1080]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998471-->00000000 [unknown_code_page]
[1080]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1080]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1164]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1260]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1260]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1260]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1260]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1260]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998471-->00000000 [unknown_code_page]
[1260]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1260]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1388]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1388]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1388]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1388]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1388]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1388]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1388]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1388]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1388]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1388]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1428]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1428]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1428]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1428]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1428]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1428]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1428]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1428]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1428]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1428]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1448]Quickcam.exe-->kernel32.dll-->FindResourceA, Type: IAT modification 0x004FD2D0-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->kernel32.dll-->FindResourceExW, Type: IAT modification 0x004FD2CC-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->kernel32.dll-->FindResourceW, Type: IAT modification 0x004FD4B8-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->kernel32.dll-->FreeResource, Type: IAT modification 0x004FD3E8-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->kernel32.dll-->GetProfileIntA, Type: IAT modification 0x004FD2C8-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->kernel32.dll-->GetProfileIntW, Type: IAT modification 0x004FD37C-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->kernel32.dll-->LoadResource, Type: IAT modification 0x004FD4BC-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->kernel32.dll-->LockResource, Type: IAT modification 0x004FD4C0-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj01.dll]
[1448]Quickcam.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj01.dll]
[1448]Quickcam.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj01.dll]
[1448]Quickcam.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011CC-->00000000 [LVPrcInj01.dll]
[1448]Quickcam.exe-->kernel32.dll-->SizeofResource, Type: IAT modification 0x004FD4C4-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->user32.dll-->LoadMenuA, Type: IAT modification 0x004FD7B8-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->user32.dll-->LoadMenuW, Type: IAT modification 0x004FD6D4-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->user32.dll-->LoadStringA, Type: IAT modification 0x004FD7B4-->00000000 [Quickcam.exe]
[1448]Quickcam.exe-->user32.dll-->LoadStringW, Type: IAT modification 0x004FD7B0-->00000000 [Quickcam.exe]
[1708]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1708]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[1708]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[1708]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998471-->00000000 [unknown_code_page]
[1708]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[1708]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[236]FrameworkService.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[3436]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3436]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3436]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3436]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3436]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3436]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3436]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3436]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3436]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3436]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3436]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3436]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj01.dll]
[3436]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj01.dll]
[3436]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj01.dll]
[3436]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011CC-->00000000 [LVPrcInj01.dll]
[3436]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[3436]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[3436]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3436]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3436]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [unknown_code_page]
[3436]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [unknown_code_page]
[3436]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D998471-->00000000 [unknown_code_page]
[3436]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D9536B1-->00000000 [unknown_code_page]
[3436]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[3436]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3436]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[596]naPrdMgr.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[708]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[708]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[708]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[708]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[708]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[708]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[708]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[708]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[708]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[896]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[896]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[896]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[896]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[896]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[896]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[896]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[896]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[896]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[896]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[908]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[908]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[908]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[908]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[908]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[908]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[908]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[908]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[908]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[908]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
  • 0

#4
Dakeyras
Posted 08 January 2011 - 05:04 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,773 posts
Hi. :D

Thank you Dakeyras

You're welcome!

When I try to run the TDSSKiller.exe, the program does not run. I've tried restarting the computer and running the exe again but the same happens

OK and thanks for the update. We will try a different approach as follows:-

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two, Three, Four or Five.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.

Download/Run ComboFix:

Download Combofix from any of the links below but rename it to Sinoito before saving it to your desktop.

Link 1
Link 2

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Please open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.
Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)
  • Next, select never for "When to re-enable real time scanning"
  • and click OK.
For further info on disabling and re-enabling McAfee, click here.

Double click on the renamed ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning your machine.
Next:

I would also like to see a list of installed programs, so please do this:

Click on Start >> Run... then copy/paste the following single-line command into the Run box from the code-box below and click OK:

C:\Qoobox\Add-Remove Programs.txt
A text file should open. Post the contents of that file in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • Rkill Log.
  • ComboFix Log.
  • Qoobox\Add-Remove Programs Log.

  • 0

#5
Sinoito
Posted 08 January 2011 - 10:04 PM

Sinoito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
The computer seems to be running a little faster than before but still not at its regular speed. Also, the redirects still occur in both browsers. Here are the logs you asked for.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/08/2011 at 21:37:39.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Malerie\Application Data\Smilebox\SmileboxTray.exe


Rkill completed on 01/08/2011 at 21:38:49.


ComboFix 11-01-08.03 - Malerie 01/08/2011 21:54:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2497 [GMT -5:00]
Running from: c:\documents and settings\Malerie\Desktop\Sinoito.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\windows\system32\drivers\sstD5.sys
c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sstD5
-------\Service_sstD5


((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 03:17 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-01-09 03:17 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-01-08 20:44 . 2011-01-08 20:44 6656 ----a-w- c:\windows\system32\22475BD6.exe
2011-01-05 02:47 . 2011-01-05 02:47 -------- d-----w- C:\_OTM
2011-01-05 01:44 . 2011-01-05 01:44 -------- d-----w- c:\documents and settings\Mom and Dad\Application Data\SUPERAntiSpyware.com
2011-01-04 00:36 . 2011-01-04 00:36 -------- d-----w- c:\documents and settings\Mom and Dad\Application Data\Malwarebytes
2011-01-04 00:14 . 2011-01-08 20:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-04 00:14 . 2011-01-04 00:14 -------- d-----w- c:\documents and settings\Matthew\Application Data\SUPERAntiSpyware.com
2011-01-02 21:30 . 2011-01-02 21:30 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Google
2011-01-02 20:46 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 20:46 . 2011-01-02 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 20:46 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 05:07 . 2010-12-26 05:36 -------- d-----w- c:\documents and settings\Malerie\Application Data\vlc
2010-12-26 05:07 . 2010-12-26 05:07 -------- d-----w- c:\program files\VideoLAN
2010-12-26 04:54 . 2010-12-26 04:54 -------- d-----w- c:\documents and settings\Malerie\Local Settings\Application Data\Sony Corporation
2010-12-26 04:54 . 2010-12-26 04:54 -------- d-----w- c:\documents and settings\Malerie\Application Data\Sony Corporation
2010-12-26 04:54 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-26 04:54 . 2010-12-26 04:54 -------- d-----w- c:\program files\Sony
2010-12-26 04:54 . 2010-12-26 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-12-15 06:39 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:38 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2009-01-31 20:28 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2002-09-03 20:03 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2002-09-03 19:40 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2002-09-03 19:35 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-09-03 19:48 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-09-03 19:33 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-09-03 20:03 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-10-23 00:07 . 2010-06-10 01:52 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-07-11 18707640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-04-17 150040]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-04-17 170520]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]

c:\documents and settings\Mom and Dad\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\Malerie\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Matthew\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-02-07 06:10 98304 ----a-w- c:\program files\Lexmark 3400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 11:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
2006-03-06 18:48 286720 ----a-w- c:\program files\Lexmark 3400 Series\lxcymon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\D-Link\\SharePort Utility\\Connect.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9303:UDP"= 9303:UDP:Network USB Utility UDP Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"19540:UDP"= 19540:UDP:SXUPTP
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"443:TCP"= 443:TCP:ooVoo TCP port 443

R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [5/8/2010 11:56 AM 40960]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [10/22/2009 7:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/9/2010 8:52 PM 70728]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [5/8/2010 11:56 AM 246920]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 1:20 PM 73600]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2010 10:51 AM 136176]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 1:20 PM 97408]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/9/2010 8:52 PM 65448]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2009 6:42 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 15:51]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pilotonline.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C5C7E3E0-5EE7-47DD-9EFF-0A6A7C6FE5EC} = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Malerie\Application Data\Mozilla\Firefox\Profiles\xs03ca3r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.time.com/time/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-MSDBCOMM&10C4&81AC - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\MSDBCOMM&10C4&81AC



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-08 22:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7068)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\lxcycoms.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-08 22:57:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-09 03:57

Pre-Run: 42,505,211,904 bytes free
Post-Run: 42,514,460,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - BEF1F872FAA41515B243C4BC4C81E327


Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Shockwave Player
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bloggie Software
Bonjour
CDBurnerXP
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DashHawk
DashHawk USB Bridge (Driver Removal)
Dev-C++ 5 beta 9 release (4.9.9.2)
Disney's Toontown Online
Google Gears
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 12.4.38.0
iTunes
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 7
LAME v3.98.2 for Audacity
Lexmark 3400 Series
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.13)
MSXML 6 Service Pack 2 (KB973686)
Network USB Utility
OGA Notifier 2.0.0048.0
ooVoo
OpenOffice.org 3.0
PFPortChecker 1.0.28
PhotoFiltre
QuickTime
REA's Crash Course AP Psychology
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SharePort Utility
Simple 1-2-3 Traditional Memories
Skype™ 4.2
Smilebox
SpywareBlaster 4.3
System Requirements Lab
The Sims 2
The Sims™ 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
VLC media player 1.1.5
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
  • 0

#6
Dakeyras
Posted 09 January 2011 - 05:52 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,773 posts
Hi. :D

Thanks for the update, lets proceed as follows shall we:-

Question:

Are you using a Router at all?

Next:

Please delete your current copy of ComboFix(Sinoito.exe) from the Desktop, then empty the Recycle Bin.

Now download a new copy of ComboFix from one of these locations:

Link 1
Link 2

* Important - Save ComboFix.exe to your Desktop

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset because the McAfee VirusScan Enterprise you have installed has a Firewall component.

Custom ComboFix-Script:

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: 

    KillAll::

File::
c:\windows\system32\22475BD6.exe
c:\documents and settings\Mom and Dad\Application Data\SUPERAntiSpyware.com

Folder::
c:\program files\Spybot
c:\program files\SUPERAntiSpyware

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9303:UDP"=-
"3389:TCP"=-
"19540:UDP"=-
"443:UDP"=-
"37674:TCP"=-
"37674:UDP"=-
"37675:UDP"=-
"443:TCP"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Reboot::
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Malwarebytes Anti-Malware:

The below scan may take some time but I deem it prudent to err on the side of caution.

  • Launch the application, Check for Updates >> Perform full scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Answer to my Router query.
  • A new ComboFix Log.
  • Malwarebytes Anti-Malware Log.

  • 0

#7
Sinoito
Posted 09 January 2011 - 02:44 PM

Sinoito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thank you so much for your help so far. The google redirects still occur in both browsers. Yes, I am using a router. Here are the logs.

ComboFix 11-01-08.04 - Malerie 01/09/2011 10:38:03.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2531 [GMT -5:00]
Running from: c:\documents and settings\Malerie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Malerie\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\documents and settings\Mom and Dad\Application Data\SUPERAntiSpyware.com"
"c:\windows\system32\22475BD6.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SUPERAntiSpyware
c:\windows\system32\22475BD6.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 03:17 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2011-01-09 03:17 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2011-01-09 02:42 . 2011-01-09 03:58 -------- d-----w- C:\Sinoito
2011-01-05 02:47 . 2011-01-05 02:47 -------- d-----w- C:\_OTM
2011-01-05 01:44 . 2011-01-05 01:44 -------- d-----w- c:\documents and settings\Mom and Dad\Application Data\SUPERAntiSpyware.com
2011-01-04 00:36 . 2011-01-04 00:36 -------- d-----w- c:\documents and settings\Mom and Dad\Application Data\Malwarebytes
2011-01-04 00:14 . 2011-01-04 00:14 -------- d-----w- c:\documents and settings\Matthew\Application Data\SUPERAntiSpyware.com
2011-01-02 21:30 . 2011-01-02 21:30 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Google
2011-01-02 20:46 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 20:46 . 2011-01-02 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 20:46 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 05:07 . 2010-12-26 05:36 -------- d-----w- c:\documents and settings\Malerie\Application Data\vlc
2010-12-26 05:07 . 2010-12-26 05:07 -------- d-----w- c:\program files\VideoLAN
2010-12-26 04:54 . 2010-12-26 04:54 -------- d-----w- c:\documents and settings\Malerie\Local Settings\Application Data\Sony Corporation
2010-12-26 04:54 . 2010-12-26 04:54 -------- d-----w- c:\documents and settings\Malerie\Application Data\Sony Corporation
2010-12-26 04:54 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-12-26 04:54 . 2010-12-26 04:54 -------- d-----w- c:\program files\Sony
2010-12-26 04:54 . 2010-12-26 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-12-15 06:39 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:38 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2009-01-31 20:28 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2002-09-03 20:03 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2002-09-03 19:40 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2002-09-03 19:35 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-09-03 19:48 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-09-03 19:33 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-09-03 20:03 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-10-23 00:07 . 2010-06-10 01:52 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-09_03.42.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-09 16:02 . 2011-01-09 16:02 16384 c:\windows\temp\Perflib_Perfdata_750.dat
- 2011-01-05 03:06 . 2011-01-09 03:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-05 03:06 . 2011-01-09 16:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-31 20:30 . 2011-01-09 16:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-31 20:30 . 2011-01-09 03:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-31 20:30 . 2011-01-09 03:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-31 20:30 . 2011-01-09 16:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-01-09 16:02 . 2008-12-17 01:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2011-01-09 03:26 . 2011-01-09 03:42 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-07-11 18707640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-04-17 150040]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-04-17 170520]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]

c:\documents and settings\Mom and Dad\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\Malerie\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
Bloggie Watcher Utility.lnk - c:\program files\Sony\Bloggie Software\BGVolumeWatcher.exe [2010-11-3 746856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [5/8/2010 11:56 AM 40960]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [10/22/2009 7:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/9/2010 8:52 PM 70728]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [5/8/2010 11:56 AM 246920]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 1:20 PM 73600]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/21/2010 10:51 AM 136176]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 1:20 PM 97408]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/9/2010 8:52 PM 65448]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2009 6:42 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 15:51]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pilotonline.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C5C7E3E0-5EE7-47DD-9EFF-0A6A7C6FE5EC} = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Malerie\Application Data\Mozilla\Firefox\Profiles\xs03ca3r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.time.com/time/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-09 14:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7240)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\lxcycoms.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-09 14:39:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-09 19:39
ComboFix2.txt 2011-01-09 03:58

Pre-Run: 42,409,218,048 bytes free
Post-Run: 42,387,275,776 bytes free

- - End Of File - - 57B05928D9CF09FB9C969E8A8C842EC8

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5489

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/9/2011 3:38:57 PM
mbam-log-2011-01-09 (15-38-57).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 239572
Time elapsed: 48 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Dakeyras
Posted 09 January 2011 - 05:29 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,773 posts
Hi. :D

Thank you so much for your help so far.

You're welcome and thanks for the update.

Router Advice:

OK at this juncture I think it would be prudent to actually reset your Router and apply a new admin password. If the default password is retained, a remote attacker can install his own server address in between you and your Internet Provider. (The default passwords are published). If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no extras have been added.

Router Manuals and Default router password database.

Next:

Please delete your copy of TDSSKiller.exe and then empty the Recycle Bin.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Next:

Start OTL once more and click on Run Scan, then post the new log that opens in your next repy.
  • 0

#9
Sinoito
Posted 09 January 2011 - 07:47 PM

Sinoito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Dakeyras, I reset the router and created a new admin password. I was able to delete the old TDSSKiller.exe and downloaded and extracted the new one but was unable to run it. As before, when I double clicked it, the hourglass icon would appear then disappear and nothing would happen. I do have the OTL log shown below.

OTL logfile created on: 1/9/2011 8:03:33 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Malerie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.00 Gb Total Space | 39.45 Gb Free Space | 56.36% Space Free | Partition Type: NTFS
Drive E: | 200.00 Gb Total Space | 196.66 Gb Free Space | 98.33% Space Free | Partition Type: NTFS
Drive F: | 28.08 Gb Total Space | 22.11 Gb Free Space | 78.73% Space Free | Partition Type: NTFS

Computer Name: SAMSON | User Name: Malerie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/04 21:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malerie\Desktop\OTL.exe
PRC - [2010/12/11 11:45:02 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 11:44:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/11 13:17:50 | 018,707,640 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2009/12/11 10:29:38 | 000,040,960 | ---- | M] () -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
PRC - [2009/10/22 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/10/22 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/10/22 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/10/22 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 15:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/01/09 20:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 19:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/12/20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcycoms.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/01/04 21:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malerie\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/11 10:29:38 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
SRV - [2009/10/22 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/10/22 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/10/22 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/22 19:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/22 19:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/10/22 19:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 19:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/10/22 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/07/03 17:19:08 | 000,246,920 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2008/12/17 01:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 01:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/17 01:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 00:54:30 | 000,495,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/18 13:20:12 | 000,073,600 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DlinkUDSMBus.sys -- (DlinkUDSMBus)
DRV - [2008/08/18 13:20:06 | 000,097,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DlinkUDSTcpBus.sys -- (DlinkUDSTcpBus)
DRV - [2008/04/17 16:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/17 12:54:50 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2008/04/17 12:54:50 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) DashHawk USB Device driver (WDM)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/02 10:15:26 | 006,008,704 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/11 16:34:40 | 000,242,320 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pilotonline.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.time.com/time/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1373

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/08/21 10:52:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 11:45:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 11:45:06 | 000,000,000 | ---D | M]

[2009/01/31 23:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malerie\Application Data\Mozilla\Extensions
[2011/01/03 14:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malerie\Application Data\Mozilla\Firefox\Profiles\xs03ca3r.default\extensions
[2009/09/02 12:46:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Malerie\Application Data\Mozilla\Firefox\Profiles\xs03ca3r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/04 22:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/06 05:40:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 10:52:11 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/01/31 21:31:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/10/22 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/01/09 14:23:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk = C:\Program Files\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Malerie\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233436658328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...8.38/ttinst.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Malerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/31 15:29:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 19:08:47 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Malerie\Desktop\TDSSKiller.exe
[2011/01/09 19:06:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/09 11:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/09 10:19:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/08 22:17:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/01/08 22:17:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2011/01/08 21:49:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/08 21:43:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/08 21:43:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/08 21:43:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/08 21:43:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/08 21:42:31 | 000,000,000 | ---D | C] -- C:\Sinoito
[2011/01/08 21:24:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/08 21:21:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/08 15:10:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/07 18:09:30 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Malerie\Desktop\123tdk.com
[2011/01/07 17:52:48 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Malerie\Desktop\atf.exe
[2011/01/04 22:35:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Malerie\Desktop\OTL.exe
[2011/01/04 21:47:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/03 19:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/03 19:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/01/02 15:46:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/02 15:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/02 15:46:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/02 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/02 11:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Start Menu\Programs\Quick Defrag
[2010/12/26 00:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Application Data\vlc
[2010/12/26 00:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/25 23:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Local Settings\Application Data\Sony Corporation
[2010/12/25 23:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Application Data\Sony Corporation
[2010/12/25 23:54:51 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/12/25 23:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bloggie Software
[2010/12/25 23:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/12/25 23:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\My Documents\Bloggie Library
[2010/12/25 23:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/12/16 19:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malerie\Desktop\patrick christmas
[2010/12/15 01:39:08 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 01:38:36 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2009/02/03 16:30:51 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[2009/02/03 16:30:51 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2009/02/03 16:30:39 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2009/02/03 16:30:39 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2009/02/03 16:30:39 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2009/02/03 16:30:39 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2009/02/03 16:30:39 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2009/02/03 16:30:39 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2009/02/03 16:30:38 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2009/02/03 16:30:38 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll

========== Files - Modified Within 30 Days ==========

[2011/01/09 20:01:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/09 19:58:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/09 19:58:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/09 19:57:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/09 16:23:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/09 14:23:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/09 09:33:53 | 004,151,000 | R--- | M] () -- C:\Documents and Settings\Malerie\Desktop\ComboFix.exe
[2011/01/08 21:50:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/08 20:42:34 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\rkill.exe
[2011/01/08 15:00:56 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\RKUnhookerLE.EXE
[2011/01/07 17:51:46 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Malerie\Desktop\123tdk.com
[2011/01/07 17:51:14 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Malerie\Desktop\atf.exe
[2011/01/04 21:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malerie\Desktop\OTL.exe
[2011/01/02 15:46:44 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 15:40:52 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~FLp3nBvLLZg9Otd
[2011/01/02 15:40:52 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~FLp3nBvLLZg9Otdr
[2011/01/02 15:40:48 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\FLp3nBvLLZg9Otd
[2011/01/02 11:50:27 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~DERQGgySsAep
[2011/01/02 11:50:27 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~DERQGgySsAepr
[2011/01/02 11:50:23 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DERQGgySsAep
[2010/12/31 03:16:51 | 000,306,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/28 12:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/28 08:53:06 | 000,255,814 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\NFCU.docx
[2010/12/26 00:07:41 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/12/25 23:54:48 | 000,000,886 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
[2010/12/25 23:54:48 | 000,000,856 | R--- | M] () -- C:\Documents and Settings\All Users\Desktop\Bloggie Software.lnk
[2010/12/23 16:34:45 | 000,397,002 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\Foot locker.docx
[2010/12/21 22:57:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/12/21 22:57:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 15:38:06 | 000,012,799 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\General Assembly Committee Report Sheet.docx
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Malerie\Desktop\TDSSKiller.exe
[2010/12/16 06:47:53 | 000,013,877 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\Resume 2010 final.docx
[2010/12/16 06:47:47 | 000,017,459 | ---- | M] () -- C:\Documents and Settings\Malerie\My Documents\When I started reading this book.docx
[2010/12/15 03:03:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/13 13:43:21 | 000,109,802 | ---- | M] () -- C:\Documents and Settings\Malerie\Desktop\Exam _2 Solutions.pdf

========== Files Created - No Company Name ==========

[2011/01/09 09:34:08 | 004,151,000 | R--- | C] () -- C:\Documents and Settings\Malerie\Desktop\ComboFix.exe
[2011/01/08 21:50:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/08 21:49:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/08 21:43:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/08 21:43:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/08 21:43:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/08 21:43:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/08 21:43:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/08 20:45:21 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\rkill.exe
[2011/01/08 15:15:26 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\RKUnhookerLE.EXE
[2011/01/02 15:46:44 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 15:40:52 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~FLp3nBvLLZg9Otd
[2011/01/02 15:40:52 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~FLp3nBvLLZg9Otdr
[2011/01/02 15:40:48 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\FLp3nBvLLZg9Otd
[2011/01/02 11:50:27 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~DERQGgySsAep
[2011/01/02 11:50:27 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~DERQGgySsAepr
[2011/01/02 11:50:23 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DERQGgySsAep
[2010/12/28 08:53:05 | 000,255,814 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\NFCU.docx
[2010/12/26 00:07:41 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/12/25 23:54:48 | 000,000,886 | R--- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
[2010/12/25 23:54:48 | 000,000,856 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Bloggie Software.lnk
[2010/12/23 15:47:32 | 000,397,002 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\Foot locker.docx
[2010/12/16 15:38:06 | 000,012,799 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\General Assembly Committee Report Sheet.docx
[2010/12/16 06:47:47 | 000,017,459 | ---- | C] () -- C:\Documents and Settings\Malerie\My Documents\When I started reading this book.docx
[2010/12/13 13:43:20 | 000,109,802 | ---- | C] () -- C:\Documents and Settings\Malerie\Desktop\Exam _2 Solutions.pdf
[2009/11/20 09:47:04 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/02 18:21:01 | 000,000,306 | ---- | C] () -- C:\WINDOWS\PAScreen.ini
[2009/11/02 18:20:46 | 000,000,673 | ---- | C] () -- C:\WINDOWS\bsc.ini
[2009/11/02 18:20:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/11/02 18:20:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\lfplt11n.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 18:38:58 | 000,000,140 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/03 23:59:01 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Malerie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 18:27:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/20 17:29:08 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/03 16:30:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2009/02/03 16:30:50 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2009/02/03 16:30:45 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2009/02/03 16:30:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2009/02/03 16:30:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2009/02/03 16:30:39 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2009/01/31 23:23:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/31 16:06:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/31 15:53:36 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4943.dll
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll

< End of report >
  • 0

#10
Dakeyras
Posted 10 January 2011 - 05:23 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,773 posts
Hi. :D

Are the browser redirects still occurring after the Router reset?
  • 0

Advertisements

#11
Sinoito
Posted 10 January 2011 - 10:00 AM

Sinoito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Yes, the redirects still occur in both browsers even after the router reset.
  • 0

#12
Dakeyras
Posted 10 January 2011 - 10:27 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,773 posts
Hi. :D

OK run Rkill again(I do not need to review the log this time), then see if TDSSKiller will run please as per my instructions here.

If it runs fine, if not proceed to my instructions below either way and merely inform myself in your next reply, thank you.

Scan with MBRCheck:

Please download MBRCheck.exe and save to your desktop.

Alternative Download is here.

  • Double-click on MBRCheck.exe to start the application.
  • A window similar to this should open on your desktop:-
Posted Image

  • If you are prompted with options, enter N at the prompt and press Enter .
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run).
  • Please post the contents of the log in your next reply.

  • 0

#13
Sinoito
Posted 10 January 2011 - 08:04 PM

Sinoito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
TDSSKiller was still unsuccessful. Might it work if I take the hard drive out of this computer and use another computer to scan it with TDSSKiller? Here is the MBRCheck log.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9DEE000 Mup.sys
0xB9D9C000 mfehidk.sys
0xBA2D8000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB904F000 \SystemRoot\System32\DRIVERS\igxpmp32.sys
0xB903B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xBA460000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9017000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB8FF2000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xB8FB4000 \SystemRoot\System32\DRIVERS\e1e5132.sys
0xBA470000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA478000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA2F8000 \SystemRoot\System32\DRIVERS\serial.sys
0xB9D4F000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8FA0000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA308000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA318000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA128000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB8F7D000 \SystemRoot\System32\DRIVERS\ks.sys
0xBA480000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8F6B000 \SystemRoot\System32\Drivers\DlinkUDSMBus.sys
0xBA488000 \SystemRoot\System32\Drivers\TDI.SYS
0xBA7D8000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB962A000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB58FD000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB396F000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA2B8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA288000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB38DA000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA248000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA340000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA4B0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB38AA000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xBA258000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA64A000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB384C000 \SystemRoot\System32\DRIVERS\update.sys
0xB73B8000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB3811000 \SystemRoot\system32\DRIVERS\sxuptp.sys
0xBA158000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2C8000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA650000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xA326B000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA3247000 \SystemRoot\system32\drivers\portcls.sys
0xB3A8E000 \SystemRoot\system32\drivers\drmk.sys
0xBA668000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6B2000 \SystemRoot\System32\Drivers\Null.SYS
0xBA66A000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA148000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xB713C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA438000 \SystemRoot\System32\drivers\vga.sys
0xBA5B4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA450000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA574000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA31A4000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA314B000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA3123000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA30FD000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB965A000 \SystemRoot\system32\drivers\mfetdik.sys
0xA30DB000 \SystemRoot\System32\drivers\afd.sys
0xB7394000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB3A6E000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA30B0000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA3040000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB3A5E000 \SystemRoot\System32\Drivers\Fips.SYS
0xA303C000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB3A4E000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xA3038000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB3996000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA3028000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB3A3E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA3000000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA301C000 \SystemRoot\System32\drivers\Dxapi.sys
0xB7114000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA69C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF25B000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA2F8C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA2D2B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA632000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA2BBB000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2796000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB711C000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xA25F6000 \SystemRoot\system32\drivers\wdmaud.sys
0xA28B3000 \SystemRoot\system32\drivers\sysaudio.sys
0xA24CA000 \SystemRoot\system32\drivers\kmixer.sys
0xBA448000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA210A000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA1E32000 \SystemRoot\System32\Drivers\HTTP.sys
0x9E31F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
0 System Idle Process
4 System
756 C:\WINDOWS\system32\smss.exe
828 csrss.exe
852 C:\WINDOWS\system32\winlogon.exe
896 C:\WINDOWS\system32\services.exe
932 C:\WINDOWS\system32\lsass.exe
1092 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1384 svchost.exe
1444 svchost.exe
1636 C:\WINDOWS\system32\spoolsv.exe
1732 svchost.exe
1780 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1792 C:\Program Files\Bonjour\mDNSResponder.exe
1824 C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
1900 C:\Program Files\Java\jre6\bin\jqs.exe
1968 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2016 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
128 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
488 C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
516 naPrdMgr.exe
532 C:\WINDOWS\system32\mfevtps.exe
584 C:\Program Files\CDBurnerXP\NMSAccessU.exe
788 C:\WINDOWS\system32\svchost.exe
472 C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
1236 mfeann.exe
2264 alg.exe
3556 C:\WINDOWS\system32\igfxtray.exe
3600 C:\WINDOWS\system32\hkcmd.exe
3864 C:\WINDOWS\RTHDCPL.exe
3920 C:\WINDOWS\system32\svchost.exe
4004 C:\Program Files\Logitech\QuickCam\Quickcam.exe
212 C:\Program Files\iTunes\iTunesHelper.exe
404 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1820 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2164 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
2176 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
1604 C:\WINDOWS\system32\lxcycoms.exe
1588 C:\WINDOWS\system32\wscntfy.exe
980 C:\Program Files\McAfee\Common Framework\McTray.exe
3132 C:\WINDOWS\system32\ctfmon.exe
3208 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
1592 C:\Program Files\ooVoo\ooVoo.exe
1524 C:\WINDOWS\system32\ctfmon.exe
3536 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
2420 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2572 C:\Program Files\OpenOffice.org 3\program\soffice.bin
408 C:\Program Files\iPod\bin\iPodService.exe
1684 C:\Program Files\Internet Explorer\iexplore.exe
3048 C:\WINDOWS\explorer.exe
568 C:\Program Files\Internet Explorer\iexplore.exe
3204 C:\Program Files\Internet Explorer\iexplore.exe
5700 C:\Documents and Settings\Malerie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000011`800ae200 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000043`7fe0da00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJS-00VWA0, Rev: 12.01B02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
  • 0

#14
Dakeyras
Posted 11 January 2011 - 05:44 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,773 posts
Hi. :D

TDSSKiller was still unsuccessful. Might it work if I take the hard drive out of this computer and use another computer to scan it with TDSSKiller?


No that will not work unfortunately, I am beginning to suspect it might actually be the McAfee application hindering it. So we will try another method and I will be asking your good self to run a different benign scan also so I can review your machines settings.

Please bare with me as I am determined to find the cause if I am able, the good news is that the MBR(Master Boot Record) of your machine appears to be fine so that is not compromised/the cause.

Next:

Please download OTH and save to your Desktop.

Alternate downloads are here and here.

Please delete your copy of TDSSKiller.exe and then empty the Recycle Bin. Then download a new copy of TDSSKiller.zip and extract (unzip) it to your Desktop.

Next:

  • Now double click on OTH to start the application.
  • Click on Kill All Processes <-- The desktop and taskbar etc will disappear, this is normal as all running process will have been stopped.
  • Then click on Start Misc Program
  • Navigate to TDSSKiller.exe >> Open >> Run
Now run TDSSKiller.exe as follows:-

  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Next:

If it TDSSKiller ran fine, if not proceed to my instructions below either way and merely inform myself in your next reply, thank you.

Now regardless if TDSSKiller ran or not, you will now have to Reboot your machine with OTH as follows:-

Return to OTH and click on Reboot.

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • TDSSKiller Log.(If available)
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#15
Sinoito
Posted 11 January 2011 - 04:48 PM

Sinoito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Dakeyras,

It appears I have another problem. The computer stays at the Windows XP loading splash screen. It has been up now for about 20 minutes. I am able to boot in safe mode though. Should I proceed with your instructions in safe mode?

EDIT: Please disregard this comment. After restarting numerous times I was able to boot into XP. I will proceed with your instructions.

Edited by Sinoito, 11 January 2011 - 05:25 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP