Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Protection Suite


  • This topic is locked This topic is locked
42 replies to this topic

#1 Malaboo

Malaboo

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 31 October 2009 - 11:41 AM

Hi everyone,

I seem to have acquired a virus in the past couple of days. I have tried several removal tools

Malwarebytes
Spybot (which finds the files but I am not able to delete them...says access is denied)
AVG Free (this is my regular antivirus protection and I have run a scan with it since the infection to see if it would catch it...it didn't)
Vundofix (which didn't find anything)
Superantispyware (which found some adware and removed it)
Adaware (which didn't find anything)

None of these have removed the virus.
What initiallly happened was that when I was in my web browser (Firefox) if I Googled something and then clicked on a link from within Google, I would get a bunch of redirects to advertisements. Then I got an alert box which popped up and had about 400 files in it that it said were infected (the usual scare tactic). That seems to be gone but I am still not able to navigate around the internet easily unless I open a new window for each link I want to access. I have also tried accessing the internet by IE and the same thing occurs (redirect windows). Any help you can give me would be most appreciated. Thank you in advance.

Oh I also cannot start my computer in safe mode...will not let me (Safe Mode with Networking does not work either)

Reports follow


DDS (Ver_09-10-26.01) - NTFSx86
Run by Mala Meehan at 11:50:01.51 on Sat 10/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2183 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
K:\DVD & CD & Phone Programs\Printkey2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mala Meehan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {daa9ff74-bc21-4ced-ae28-34a63ced9277} - c:\windows\system32\efcBtqpm.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: wachovia.com
Trusted Zone: wachovia.com
DPF: GDInst - hxxp://www.mreplay.com/plugin/GDInst.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172860076375
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://128.230.208.134//activex/AMC.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://webcam.cheel.clarkson.edu/activex/AxisCamControl.cab
DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} - hxxp://www.servicemagic.com/smod/smdesktop.CAB
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: cbbrzw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\malame~1\applic~1\mozilla\firefox\profiles\gjr6wrrf.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\mala meehan\application data\mozilla\firefox\profiles\gjr6wrrf.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\mala meehan\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-30 64288]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2008-5-19 6097]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-14 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-14 360584]
R1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073);c:\windows\system32\drivers\NEOFLTR_600_13073.sys [2008-4-30 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-30 285392]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-16 47640]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-4-27 93960]
S2 gupdate1c98b9af7e37bf8;Google Update Service (gupdate1c98b9af7e37bf8);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
S3 Dymeesccabdu;Dymeesccabdu; [x]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2007-3-2 32384]
S3 mamovec;mamovec;c:\windows\system32\drivers\mamovec.sys [2007-5-20 24784]
S3 mamovem;mamovem;c:\windows\system32\drivers\mamovem.sys [2007-5-20 25044]
S3 mamoveu;mamoveu;c:\windows\system32\drivers\mamoveu.sys [2007-5-20 51584]
S3 maz500m;maz500m;c:\windows\system32\drivers\maz500m.sys [2007-6-16 25044]
S3 maz500u;maz500u;c:\windows\system32\drivers\maz500u.sys [2007-6-16 51285]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-6-16 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-6-16 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-16 21504]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2008-5-19 299923]
S3 Vopisser_b.0.;Vopisser_b.0.; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Mcoufrvpe3.;Mcoufrvpe3.; [x]

=============== Created Last 30 ================

2009-10-31 13:36:00 0 d-----w- C:\VundoFix Backups
2009-10-31 02:59:24 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-31 00:03:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-31 00:03:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-31 00:00:22 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-31 00:00:02 0 d-----w- c:\program files\Lavasoft
2009-10-30 20:23:34 0 d--h--w- C:\$AVG
2009-10-30 20:22:55 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-30 19:33:01 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-05 03:07:47 0 d-----w- c:\docume~1\malame~1\applic~1\Office Genuine Advantage
2009-10-03 06:29:27 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-30 20:23:22 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-30 20:23:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-30 20:23:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-30 14:30:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 02:38:20 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 19:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-06 21:39:58 4411392 ----a-w- c:\program files\mplayerc.exe
2007-06-29 02:06:26 23 --sha-w- c:\windows\system32\bacdcad8_r.dll
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-09-08 11:10:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat
2007-11-06 00:37:28 16384 --sha-w- c:\windows\temp\cookies\index.dat
2007-11-06 00:37:28 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-11-06 00:37:28 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 11:53:49.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 07 November 2009 - 12:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Malaboo

Malaboo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 07 November 2009 - 03:33 PM

Here are the requested logs from the scans: Thanks in advance.


OTL logfile created on: 11/7/2009 3:29:10 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Mala Meehan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 99.56% Memory free
4.00 Gb Paging File | 3.49 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 38.57 Gb Free Space | 25.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 149.01 Gb Total Space | 16.83 Gb Free Space | 11.29% Space Free | Partition Type: FAT32

Computer Name: MALADELL
Current User Name: Mala Meehan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/07 15:28:33 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mala Meehan\Desktop\OTL.exe
PRC - [2009/11/07 12:31:30 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 19:01:46 | 00,788,368 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/30 19:01:45 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/30 15:23:02 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/30 15:23:01 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/30 15:23:01 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/30 15:23:00 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/30 15:23:00 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/30 15:22:59 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/30 15:22:56 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/30 09:30:27 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/22 20:23:38 | 00,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/06/10 07:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/04/27 17:09:52 | 00,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/04/21 21:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/13 16:22:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/13 16:22:51 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2008/11/19 08:47:24 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/16 19:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2008/10/16 19:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 17:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/18 04:30:43 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2004/08/04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/05 18:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2002/04/11 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/12 19:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2009/11/07 15:28:33 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mala Meehan\Desktop\OTL.exe
MOD - [2009/09/30 09:31:15 | 00,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\realplayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/09/30 09:30:31 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2009/08/13 08:55:04 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/03/21 19:33:00 | 00,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Diskeeper)
SRV - [2009/10/30 19:01:45 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/30 15:22:56 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/23 16:00:06 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/06/10 07:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009/04/27 17:09:52 | 00,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/02/10 11:15:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98b9af7e37bf8)
SRV - [2009/01/13 16:22:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/19 08:47:24 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/16 19:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/24 17:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/05/03 15:36:06 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/18 04:30:43 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/09 00:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/09/17 10:36:18 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/18 15:10:36 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2003/05/05 18:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
SRV - [2002/04/11 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2009/10/30 15:23:22 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/30 15:23:22 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/30 15:23:22 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/31 10:20:53 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/10 05:03:00 | 08,087,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/03/23 13:07:28 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 13:07:26 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/01 10:59:23 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/10/16 19:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/20 12:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/07/24 17:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 17:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 17:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2008/04/30 14:54:28 | 00,064,160 | ---- | M] (Juniper Networks) -- C:\WINDOWS\system32\drivers\NEOFLTR_600_13073.sys -- (NEOFLTR_600_13073)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/09 00:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 00:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/05 09:32:54 | 00,076,560 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/02/27 14:31:30 | 00,021,504 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/02/27 14:31:28 | 00,021,504 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/27 14:31:18 | 00,017,792 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/01/23 18:03:44 | 00,007,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/01/16 10:44:46 | 00,011,986 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2007/01/04 04:43:42 | 00,051,285 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maz500u.sys -- (maz500u)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/10/19 17:22:00 | 00,051,584 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mamoveu.sys -- (mamoveu)
DRV - [2006/07/27 16:21:36 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 14:24:28 | 01,171,464 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/18 23:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/18 10:44:50 | 00,049,867 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/06/16 05:13:12 | 00,025,044 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maz500m.sys -- (maz500m)
DRV - [2005/06/15 23:00:00 | 00,025,044 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mamovem.sys -- (mamovem)
DRV - [2005/06/15 23:00:00 | 00,024,784 | ---- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mamovec.sys -- (mamovec)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/03 22:31:26 | 00,032,384 | ---- | M] (KLSI USA, Inc.) -- C:\WINDOWS\system32\drivers\usb101et.sys -- (KLSIENET)
DRV - [2004/06/12 04:27:18 | 00,051,712 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/10 03:28:18 | 00,011,648 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 19:15:50 | 00,015,263 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2002/07/17 09:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/11/05 08:23:52 | 00,299,923 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 08:23:14 | 00,006,097 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys -- (sonyhcb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1007\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-606747145-1715567821-725345543-1007\S-1-5-21-606747145-1715567821-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: avg@igeared:2.710.016.005
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.6.18
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.113
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 09:00:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/09/30 09:31:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/30 15:22:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/10/30 15:23:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 12:31:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 12:31:36 | 00,000,000 | ---D | M]

[2009/07/30 21:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Extensions
[2009/07/30 21:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/26 10:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/07 12:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions
[2009/11/07 12:44:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/09/02 13:41:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/07 12:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2009/09/28 08:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/11/04 21:16:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/04 19:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\LogMeInClient@logmein.com
[2009/08/21 15:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\toolbar@ask.com
[2009/07/30 21:15:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 12:31:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/07 12:31:29 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 12:31:29 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/11/07 12:31:31 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/08/03 14:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/09/30 09:31:05 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/09/30 09:31:21 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/09/30 09:30:59 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/11/01 16:12:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/01 16:12:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/30 15:30:17 | 00,002,273 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/11/01 16:12:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/01 16:12:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/01 16:12:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/30 13:30:21 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
[2009/11/01 16:12:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/01 16:12:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (7303 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 88.198.198.204 google.ae
O1 - Hosts: 88.198.198.204 google.as
O1 - Hosts: 88.198.198.204 google.at
O1 - Hosts: 88.198.198.204 google.az
O1 - Hosts: 88.198.198.204 google.ba
O1 - Hosts: 88.198.198.204 google.be
O1 - Hosts: 88.198.198.204 google.bg
O1 - Hosts: 88.198.198.204 google.bs
O1 - Hosts: 88.198.198.204 google.ca
O1 - Hosts: 88.198.198.204 google.cd
O1 - Hosts: 88.198.198.204 google.com.gh
O1 - Hosts: 88.198.198.204 google.com.hk
O1 - Hosts: 194 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Ask && Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {DAA9FF74-BC21-4CED-AE28-34A63CED9277} - C:\WINDOWS\System32\efcBtqpm.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask && Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-606747145-1715567821-725345543-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-606747145-1715567821-725345543-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-606747145-1715567821-725345543-1007\..\Toolbar\WebBrowser: (Ask && Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-606747145-1715567821-725345543-1007..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1715567821-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKLM\..Trusted Domains: wachovia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 113 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 113 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-606747145-1715567821-725345543-1007\..Trusted Domains: wachovia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-606747145-1715567821-725345543-1007\..Trusted Domains: 108 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab (Scanner.SysScanner)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1172860076375 (MUWebControl Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://128.230.208.134//activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab (Maid Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.cheel.clarkson.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} http://www.servicemagic.com/smod/smdesktop.CAB (Desktop.Smdesk)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: GDInst http://www.mreplay.com/plugin/GDInst.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cbbrzw.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/02 12:23:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{453da913-a67e-11dc-ab6c-00188b719683}\Shell - "" = AutoRun
O33 - MountPoints2\{453da913-a67e-11dc-ab6c-00188b719683}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{453da913-a67e-11dc-ab6c-00188b719683}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{453da914-a67e-11dc-ab6c-00188b719683}\Shell - "" = AutoRun
O33 - MountPoints2\{453da914-a67e-11dc-ab6c-00188b719683}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/07 15:28:30 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mala Meehan\Desktop\OTL.exe
[2009/11/06 14:33:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mala Meehan\Application Data\vlc
[2009/10/31 10:56:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Mala Meehan\Desktop\RootRepeal.exe
[2009/10/31 08:36:00 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/10/31 08:34:06 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Mala Meehan\Desktop\VundoFix.exe
[2009/10/30 19:03:12 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/30 19:03:05 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/30 19:00:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/30 19:00:02 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/30 18:45:02 | 77,086,488 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Mala Meehan\Desktop\Ad-AwareInstallation.exe
[2009/10/30 15:30:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\AVG Security Toolbar
[2009/10/30 15:23:34 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/30 15:22:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/29 19:29:08 | 02,146,304 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009/10/21 17:43:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mala Meehan\Desktop\Frame
[2009/10/17 18:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mala Meehan\Desktop\Videos from camera
[2009/10/15 14:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mala Meehan\My Documents\Scrapbook Files
[2009/10/13 09:32:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mala Meehan\Desktop\Tampa
[2009/10/12 07:13:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mala Meehan\Desktop\phone photos
[2009/07/06 16:39:58 | 04,411,392 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[2008/11/01 10:59:23 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mala Meehan\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/07 15:28:33 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mala Meehan\Desktop\OTL.exe
[2009/11/07 15:01:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/07 15:01:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/11/07 14:56:11 | 12,845,056 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\ntuser.dat
[2009/11/07 14:43:00 | 00,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1715567821-725345543-1007UA.job
[2009/11/07 12:29:55 | 00,001,928 | -H-- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\Default.rdp
[2009/11/07 09:48:11 | 44,777,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/07 09:47:51 | 00,086,275 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/07 09:43:00 | 00,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1715567821-725345543-1007Core.job
[2009/11/07 09:40:27 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/07 09:39:59 | 00,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/07 09:39:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/07 09:39:59 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2009/11/07 09:38:32 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/07 09:38:11 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/07 09:38:11 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/11/07 09:38:07 | 00,081,226 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/07 09:38:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/07 09:37:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 22:42:52 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Mala Meehan\ntuser.ini
[2009/11/06 17:49:07 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/06 14:49:01 | 00,000,213 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\default.pls
[2009/11/06 12:53:42 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\tamiflu recos.doc
[2009/11/05 21:44:50 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\sonnet.doc
[2009/11/05 14:22:56 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/05 14:22:56 | 00,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/05 14:22:56 | 00,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/05 14:06:54 | 11,026,432 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/11/05 14:03:45 | 20,678,656 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/11/05 12:00:00 | 00,000,804 | ---- | M] () -- C:\WINDOWS\tasks\Backup2.job
[2009/11/04 16:35:11 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\Properties.doc
[2009/11/04 06:47:04 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/03 14:50:30 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\2010 schedule.doc
[2009/11/03 13:31:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/03 11:23:55 | 00,938,013 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\100_1907.JPG
[2009/11/02 15:48:32 | 00,352,762 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\spybot error message.jpg
[2009/11/02 15:48:17 | 00,044,874 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\spybot error message.gif
[2009/11/02 12:00:00 | 00,000,796 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2009/11/01 14:08:21 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\Poseidon.doc
[2009/10/31 20:07:20 | 00,000,061 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\Default.PLS
[2009/10/31 11:52:38 | 00,009,491 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\Bostonu2.CSV
[2009/10/31 11:52:37 | 00,009,371 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Application Data\Comma Separated Values (Windows).EML
[2009/10/31 11:52:09 | 00,103,560 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\nuvox.CSV
[2009/10/31 11:51:42 | 00,049,787 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\malagta.CSV
[2009/10/31 11:51:12 | 00,112,267 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\csca.CSV
[2009/10/31 11:50:45 | 00,220,965 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\iredon.CSV
[2009/10/31 11:50:14 | 01,092,610 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\inbox.CSV
[2009/10/31 11:49:18 | 00,006,982 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\contacts.CSV
[2009/10/31 11:49:15 | 00,022,647 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Application Data\Comma Separated Values (Windows).ADR
[2009/10/31 11:48:41 | 00,025,877 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\calendar.CSV
[2009/10/31 11:48:38 | 00,013,013 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Application Data\Comma Separated Values (Windows).CAL
[2009/10/31 10:56:24 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Mala Meehan\Desktop\RootRepeal.exe
[2009/10/31 10:49:23 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\dds.scr
[2009/10/31 08:34:08 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Mala Meehan\Desktop\VundoFix.exe
[2009/10/30 19:02:56 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/10/30 19:02:53 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/30 19:00:19 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/30 18:51:22 | 77,086,488 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Mala Meehan\Desktop\Ad-AwareInstallation.exe
[2009/10/30 15:23:22 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/30 15:23:22 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/30 15:23:22 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/30 15:23:17 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/30 15:22:57 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091102-154843.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091102-154842.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091102-154841.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091102-154840.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091102-154839.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091102-154837.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091102-154739.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-093257.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092116.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092101.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092039.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092025.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092024.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092023.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092022.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092021.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-092003.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-193501.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-193500.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-193459.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-193456.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-193447.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191711.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191710.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191709.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191708.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191707.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191706.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191704.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191658.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191638.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191637.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191634.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191632.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191631.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191630.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191629.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191628.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191627.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091030-191617.backup
[2009/10/30 13:30:10 | 00,007,303 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/29 19:29:08 | 02,146,304 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009/10/29 17:09:03 | 00,004,177 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\resonetimeccterms.htm
[2009/10/27 20:51:55 | 00,084,494 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\Carly, Sarah me against rail Bos 2.jpg
[2009/10/23 16:30:45 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\Address Book Personal.xls
[2009/10/22 16:46:54 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\Ruth essay.doc
[2009/10/21 20:04:51 | 00,003,848 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\IMG_1485.JPG
[2009/10/21 09:28:25 | 00,108,295 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\Shane Meehan 8th Grade pic.JPG
[2009/10/21 09:23:29 | 00,059,225 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\Shane Meehan Baby Pic.jpg
[2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/19 21:33:50 | 00,321,358 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-0911-1.jpg
[2009/10/19 21:33:39 | 00,264,693 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-0910-1.jpg
[2009/10/19 21:33:27 | 00,284,708 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-099-1.jpg
[2009/10/19 21:33:15 | 00,293,012 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-098-1.jpg
[2009/10/19 21:32:39 | 00,232,674 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-097-1.jpg
[2009/10/19 21:32:31 | 00,214,156 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-096-1.jpg
[2009/10/19 21:31:05 | 00,273,436 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-094-1.jpg
[2009/10/19 08:32:02 | 00,056,330 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\Sarah me GA.jpg
[2009/10/17 21:08:22 | 00,001,316 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Desktop\Shortcut to 100_0169copy 2.jpg.lnk
[2009/10/13 21:24:11 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 18:04:15 | 00,017,786 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\data sheet 10-13-09.pdf
[2009/10/13 15:23:18 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\Mala Meehan\My Documents\exppaynow.php.htm
[2009/10/12 07:20:33 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/06 12:53:42 | 00,142,336 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\tamiflu recos.doc
[2009/11/05 17:17:58 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\sonnet.doc
[2009/11/05 11:09:35 | 00,938,013 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\100_1907.JPG
[2009/11/04 16:35:11 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\Properties.doc
[2009/11/03 14:50:35 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\2010 schedule.doc
[2009/11/02 15:48:32 | 00,352,762 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\spybot error message.jpg
[2009/11/02 15:48:16 | 00,044,874 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\spybot error message.gif
[2009/11/01 12:58:32 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\Poseidon.doc
[2009/10/31 11:52:34 | 00,009,491 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\Bostonu2.CSV
[2009/10/31 11:52:05 | 00,103,560 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\nuvox.CSV
[2009/10/31 11:51:37 | 00,049,787 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\malagta.CSV
[2009/10/31 11:51:07 | 00,112,267 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\csca.CSV
[2009/10/31 11:50:39 | 00,220,965 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\iredon.CSV
[2009/10/31 11:50:07 | 01,092,610 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\inbox.CSV
[2009/10/31 11:50:05 | 00,009,371 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\Comma Separated Values (Windows).EML
[2009/10/31 11:49:06 | 00,006,982 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\contacts.CSV
[2009/10/31 11:48:39 | 00,025,877 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\calendar.CSV
[2009/10/31 11:48:05 | 00,013,013 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\Comma Separated Values (Windows).CAL
[2009/10/31 10:49:18 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\dds.scr
[2009/10/30 21:59:24 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/30 19:04:12 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/30 19:00:19 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/29 17:09:00 | 00,004,177 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\resonetimeccterms.htm
[2009/10/27 20:44:03 | 00,084,494 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\Carly, Sarah me against rail Bos 2.jpg
[2009/10/26 12:16:49 | 12,845,056 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\ntuser.dat
[2009/10/22 16:43:19 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\Ruth essay.doc
[2009/10/21 20:04:49 | 00,003,848 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\IMG_1485.JPG
[2009/10/21 09:28:23 | 00,108,295 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\Shane Meehan 8th Grade pic.JPG
[2009/10/21 09:23:29 | 00,059,225 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\Shane Meehan Baby Pic.jpg
[2009/10/19 21:33:49 | 00,321,358 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-0911-1.jpg
[2009/10/19 21:33:38 | 00,264,693 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-0910-1.jpg
[2009/10/19 21:33:26 | 00,284,708 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-099-1.jpg
[2009/10/19 21:33:14 | 00,293,012 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-098-1.jpg
[2009/10/19 21:32:38 | 00,232,674 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-097-1.jpg
[2009/10/19 21:32:30 | 00,214,156 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-096-1.jpg
[2009/10/19 21:31:03 | 00,273,436 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\RS10-15-094-1.jpg
[2009/10/19 08:31:59 | 00,056,330 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\Sarah me GA.jpg
[2009/10/17 21:08:22 | 00,001,316 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Desktop\Shortcut to 100_0169copy 2.jpg.lnk
[2009/10/13 18:04:14 | 00,017,786 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\data sheet 10-13-09.pdf
[2009/10/13 15:23:16 | 00,000,576 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\My Documents\exppaynow.php.htm
[2009/08/13 21:36:47 | 18,015,723 | ---- | C] () -- C:\Program Files\vlc-1.0.1-win32.exe
[2009/08/13 21:09:04 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/13 21:09:04 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/10 07:29:34 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:29:34 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:29:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:29:32 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/16 11:23:46 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/04/16 11:23:10 | 00,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2009/04/16 11:23:10 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2009/04/16 11:23:10 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2009/04/16 11:23:10 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2009/04/16 11:23:09 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/04/16 11:23:09 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/11/16 10:55:57 | 00,022,647 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\Comma Separated Values (Windows).ADR
[2008/11/01 10:59:33 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\pcouffin.log
[2008/11/01 10:59:23 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\inst.exe
[2008/11/01 10:59:23 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\pcouffin.cat
[2008/11/01 10:59:23 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\pcouffin.inf
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/27 20:41:41 | 00,987,946 | -HS- | C] () -- C:\WINDOWS\System32\hifralqx.ini
[2008/09/27 19:58:15 | 00,000,268 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/27 19:02:48 | 00,987,955 | -HS- | C] () -- C:\WINDOWS\System32\yqxlgrrl.ini
[2008/09/04 12:12:21 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\.mpid
[2008/09/03 15:10:40 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\$_hpcst$.hpc
[2008/05/19 15:49:15 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/01/02 21:49:15 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/12/13 10:29:52 | 00,003,656 | ---- | C] () -- C:\WINDOWS\CDMaster.ini
[2007/08/31 12:39:57 | 00,002,864 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/20 12:35:23 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/10 14:28:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/08/06 10:07:30 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/06/30 22:07:57 | 00,000,032 | ---- | C] () -- C:\WINDOWS\BrmfXCh1.ini
[2007/06/29 16:21:35 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2007/06/29 15:34:23 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/06/28 21:06:26 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\bacdcad8_r.dll
[2007/06/21 18:12:44 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\WavCodec.wff
[2007/06/21 14:02:17 | 00,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/06/21 14:02:16 | 00,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/06/09 16:25:12 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/06/09 16:25:12 | 00,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/05/28 08:30:12 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/25 15:22:30 | 00,001,380 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\AdobeDLM.log
[2007/05/25 15:22:30 | 00,000,006 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\dm.ini
[2007/05/25 06:44:29 | 00,000,023 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\kodakpcd.ini
[2007/05/24 09:50:30 | 00,168,960 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/22 21:51:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/05/22 15:39:59 | 00,001,584 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/05/22 15:39:59 | 00,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/05/21 15:44:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/05/21 15:17:17 | 00,109,968 | ---- | C] () -- C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/05/21 12:25:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Mala Meehan\Application Data\desktop.ini
[2007/05/20 02:14:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2007/05/20 02:13:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/05/20 01:49:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/05/20 01:48:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI
[2007/05/20 01:47:32 | 00,000,100 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2007/05/19 21:26:36 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/19 21:26:36 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/19 15:35:44 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/18 13:18:55 | 00,000,527 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/05/18 13:18:55 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/05/18 13:18:55 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/05/18 12:11:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/02 12:45:59 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/02 12:45:57 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/03/02 07:06:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/04 07:00:00 | 00,000,613 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 09:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 9628 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\mala boys small.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 9208 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\Bono b&w copy.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 8732 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\Bono b&w.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 8132 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\b&w.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6760 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\b&w us.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6508 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\100_0935.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\thankyoulettertemplate.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\Nero.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\enrollment trace number eftps.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\Ben Franklin.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\bd.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\b&w.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\b&w us.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\Amazon_com Your Account.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\100_0935.JPG:KAVICHS
@Alternate Data Stream - 1724 bytes -> C:\Documents and Settings\Mala Meehan\My Documents\GTA ftp.url:Q30lsldxJoudresxAaaqpcawXc
< End of report >

OTL Extras logfile created on: 11/7/2009 3:29:10 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Mala Meehan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 99.56% Memory free
4.00 Gb Paging File | 3.49 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 38.57 Gb Free Space | 25.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 149.01 Gb Total Space | 16.83 Gb Free Space | 11.29% Space Free | Partition Type: FAT32

Computer Name: MALADELL
Current User Name: Mala Meehan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-606747145-1715567821-725345543-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- File not found
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" = C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer -- (Sling Media Inc.)
"C:\Program Files\TRACKSTERS\update.exe" = C:\Program Files\TRACKSTERS\update.exe:*:Enabled:TrueUpdate Client -- File not found
"C:\Program Files\TRACKSTERS\Tracksters.exe" = C:\Program Files\TRACKSTERS\Tracksters.exe:*:Enabled:Tracksters -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\common\velvet assassin\Launcher.exe" = C:\Program Files\Steam\SteamApps\common\velvet assassin\Launcher.exe:*:Enabled:Velvet Assassin -- File not found
"C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Disabled:Abacast Distributed On-Demand -- File not found
"C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\Mala Meehan\Local Settings\Application Data\Abacast\Abaclient.exe:*:Disabled:Abaclient -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Documents and Settings\Mala Meehan\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\Mala Meehan\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Disabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\Real\realplayer\realplay.exe" = C:\Program Files\Real\realplayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{070B66DD-BD59-4F10-AD98-2218B8BEBFBB}" = SlingPlayer Mobile
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29CBFC23-05A7-4286-93B8-BABE29BC1033}" = Nero 7 Ultra Edition
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{81C42533-F5A8-46CE-9013-ECF783A4CBD4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A918DE8A-98C8-0920-0000-000000280069}" = Motorola V3m(Sprint) USB - Handset Manager V9.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF394614-1998-4182-98B5-4EBFA9633ED2}" = Citrix Presentation Server Client - Web Only
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C087457C-77AC-449A-B1E1-379E9B2DA71F}" = SlingPlayer Mobile for Windows Smartphone
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Ask & Record Toolbar4.01" = Ask & Record Toolbar 4.01
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG Free 9.0
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.02
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.1.1.6
"ffdshow_is1" = ffdshow [rev 3052] [2009-08-03]
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 1.99.1
"InstallShield_{070B66DD-BD59-4F10-AD98-2218B8BEBFBB}" = SlingPlayer Mobile
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PSP Video 9" = PSP Video 9 2.25
"RealPlayer 12.0" = RealPlayer
"SUPER ©" = SUPER © Version 2007.bld.23 (July 4, 2007)
"SysInfo" = Creative System Information
"The Rosetta Stone" = The Rosetta Stone
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinRAR archiver" = WinRAR archiver
"Wondershare PPT2DVD_is1" = Wondershare PPT2DVD Build 3.2.3.209
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-1715567821-725345543-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2009 7:45:49 AM | Computer Name = MALADELL | Source = Application Hang | ID = 1002
Description = Hanging application photosle.exe, version 3.0.64.101, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 7:46:30 AM | Computer Name = MALADELL | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 8.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 8:00:36 PM | Computer Name = MALADELL | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 10/31/2009 9:04:11 PM | Computer Name = MALADELL | Source = Application Hang | ID = 1002
Description = Hanging application ShowTime.exe, version 3.10.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2009 2:45:02 PM | Computer Name = MALADELL | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2009 5:33:46 PM | Computer Name = MALADELL | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2009 5:34:14 PM | Computer Name = MALADELL | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2009 5:34:36 PM | Computer Name = MALADELL | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2009 12:04:27 PM | Computer Name = MALADELL | Source = Application Hang | ID = 1002
Description = Hanging application EasyShare.exe, version 7.10.56.119, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2009 3:40:03 PM | Computer Name = MALADELL | Source = MsiInstaller | ID = 11905
Description = Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak
EasyShare software\bin\ESCom.dll failed to unregister. HRESULT -2147220472. Contact
your support personnel.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 08 November 2009 - 07:14 AM

Hi,

You have a couple of malicious entries in your hosts-files. Have you customized your hostsfile or can we reset it to the windows default?

Please run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

And a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please post back the logs and the info concerning the hosts file in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Malaboo

Malaboo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 08 November 2009 - 02:00 PM

Hi,

Here are the two log files as requested. I'm not sure what Hostsfile is so I'm not sure if it's been customized. How would I know if it's been changed? I probably have not customized it unless I did it unknowingly. What does it control? Thanks again.

Mala

Gmer log

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 13:02:09
Windows 5.1.2600 Service Pack 3
Running: hk3ssotf.exe; Driver: C:\DOCUME~1\MALAME~1\LOCALS~1\Temp\pwtiypoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB80F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB80F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

C:\WINDOWS\system32\drivers\atapi.sys entry point in "" section [0xB7F209F7]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_600_13073.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E1BFC98-4C38-795A-C00D-25885F84671D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E1BFC98-4C38-795A-C00D-25885F84671D}@oaofoolhlenhepkmafaifmaoalpfnm 0x6B 0x61 0x68 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E1BFC98-4C38-795A-C00D-25885F84671D}@naeneohfomhfmnhkigfhdhfdemdp 0x69 0x61 0x6C 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E1BFC98-4C38-795A-C00D-25885F84671D}@oakmghljlakkimcmpponnoljlmhphk 0x64 0x61 0x68 0x6B ...

---- EOF - GMER 1.0.15 ----


Malwarebytes log

Malwarebytes' Anti-Malware 1.41
Database version: 3124
Windows 5.1.2600 Service Pack 3

11/8/2009 9:42:28 AM
mbam-log-2009-11-08 (09-42-28).txt

Scan type: Quick Scan
Objects scanned: 119036
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 08 November 2009 - 02:54 PM

Hi,

the hosts file can associate a given IP with a web-adress, this allows you to block or redirect webpages. Eg you can assign the web-address someevilsite.com the IP 127.0.0.1, which corresponds to your own PC. Then, when your PC tries to connect to the evil site it will be redirected to connect to itself and won't be able to reach the evil site. This is often used by anti malware programs to block malicious sites, but your hosts file shows redirections for google to a foreign IP. I just wanted to know if you have some personal entries in that file that need to be saved or if we could reset it to the windows default.
If you want to know more about the hosts file, you might want to read up on the wikipedia article: Hosts file

Please run Combofix:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Malaboo

Malaboo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 08 November 2009 - 05:32 PM

Hi,

I've not knowingly done any of that IP switching to a foreign ip or whatever but I have noticed since I started having this issue last week that sometimes when I open my web browser it brings up the German Google (my default home page is normally Google.com)...if this helps. I won't be able to do the above procedure until I'm at home later. Thanks again for all your help.

Mala

#8 Malaboo

Malaboo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 November 2009 - 09:23 AM

Hi,

Okay, here is the Combofix Log. Thanks again.


ComboFix 09-11-08.03 - Mala Meehan 11/09/2009 9:09.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2481 [GMT -5:00]
Running from: c:\documents and settings\Mala Meehan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mala Meehan\Application Data\inst.exe
c:\documents and settings\Mala Meehan\autorun.inf
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\dumphive.exe
c:\windows\system32\hifralqx.ini
c:\windows\system32\msxm192z.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yqxlgrrl.ini

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-08 18:13 . 2009-11-07 02:41 52736 ----a-w- c:\windows\system32\caonima1.exe
2009-11-08 14:33 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 14:33 . 2009-11-08 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 14:33 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 19:33 . 2009-11-06 21:28 -------- d-----w- c:\documents and settings\Mala Meehan\Application Data\vlc
2009-10-31 13:36 . 2009-10-31 13:36 -------- d-----w- C:\VundoFix Backups
2009-10-31 02:59 . 2009-10-31 00:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-31 00:03 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-31 00:03 . 2009-10-31 00:02 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-31 00:01 . 2009-10-31 00:01 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-10-31 00:01 . 2009-10-31 00:01 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-10-31 00:01 . 2009-10-31 00:01 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-31 00:01 . 2009-10-31 00:01 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-10-31 00:01 . 2009-10-31 00:01 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-31 00:00 . 2009-10-31 00:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-31 00:00 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-31 00:00 . 2009-10-31 00:00 -------- d-----w- c:\program files\Lavasoft
2009-10-30 20:30 . 2009-10-30 20:30 -------- d-----w- c:\documents and settings\Mala Meehan\Local Settings\Application Data\AVG Security Toolbar
2009-10-30 20:23 . 2009-10-30 20:28 -------- d-----w- C:\$AVG
2009-10-30 20:22 . 2009-10-30 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-30 19:33 . 2009-10-30 19:33 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-30 00:29 . 2009-10-30 00:29 2146304 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 14:03 . 2009-04-22 16:58 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-11-09 13:05 . 2009-04-16 22:42 -------- d-----w- c:\program files\LogMeIn
2009-11-07 03:42 . 2007-05-27 22:55 -------- d-----w- c:\documents and settings\Mala Meehan\Application Data\uTorrent
2009-11-05 19:42 . 2007-05-23 18:50 -------- d-----w- c:\program files\Kodak
2009-11-05 17:53 . 2008-02-08 20:54 -------- d-----w- c:\program files\Google
2009-10-31 00:03 . 2007-07-05 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-30 20:47 . 2009-04-22 00:42 117760 ----a-w- c:\documents and settings\Mala Meehan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-30 20:23 . 2009-04-14 14:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-30 20:23 . 2009-04-14 14:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-30 20:23 . 2009-04-14 14:42 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-30 20:23 . 2009-04-14 14:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 20:22 . 2009-04-14 14:42 -------- d-----w- c:\program files\AVG
2009-10-15 18:01 . 2009-09-28 13:39 -------- d-----w- c:\program files\WinHTTrack
2009-10-05 03:07 . 2009-10-05 03:07 -------- d-----w- c:\documents and settings\Mala Meehan\Application Data\Office Genuine Advantage
2009-10-01 14:29 . 2009-10-03 06:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 14:31 . 2007-05-28 17:11 -------- d-----w- c:\program files\Common Files\Real
2009-09-30 14:30 . 2009-09-30 14:30 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-30 14:30 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-30 14:30 . 2007-05-28 17:11 -------- d-----w- c:\program files\Real
2009-09-30 00:36 . 2009-09-30 00:36 161632 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2009-09-30 00:34 . 2009-09-30 00:34 82030 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\policy_68\hcifpfw.dll
2009-09-30 00:34 . 2008-11-15 20:32 -------- d-----w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks
2009-09-30 00:33 . 2008-11-23 13:01 36939 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\setup\uninstall.exe
2009-09-30 00:33 . 2009-09-30 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2009-09-25 03:10 . 2009-09-04 02:41 218320 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-25 01:54 . 2007-05-21 20:55 -------- d-----w- c:\documents and settings\Mala Meehan\Application Data\LimeWire
2009-09-25 01:54 . 2007-05-20 19:05 -------- d-----w- c:\program files\LimeWire
2009-09-24 15:09 . 2009-10-05 00:29 3858432 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2009-09-24 12:15 . 2009-03-22 01:31 -------- d-----w- c:\program files\TRACKSTERS
2009-09-24 12:10 . 2009-04-16 16:23 -------- d-----w- c:\program files\CreataCard
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 06:28 . 2009-07-10 04:28 867104 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2009-09-09 06:28 . 2009-07-10 04:28 51488 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2009-09-09 06:28 . 2009-07-10 04:28 36912 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2009-09-09 06:28 . 2009-07-10 04:28 31280 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2009-09-09 06:28 . 2009-07-10 04:28 291888 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2009-09-09 06:28 . 2009-07-10 04:28 16944 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2009-09-09 06:28 . 2009-07-10 04:28 157744 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\FWManager.dll
2009-09-09 06:28 . 2009-07-10 04:28 14896 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2009-09-09 06:28 . 2009-07-10 04:28 101152 ----a-w- c:\documents and settings\Mala Meehan\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 21:00 . 2009-04-22 16:53 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-04-22 16:53 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-21 02:25 . 2007-05-21 20:17 109968 ----a-w- c:\documents and settings\Mala Meehan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 02:38 . 2009-08-14 02:36 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe
2009-07-06 21:39 . 2009-07-06 21:39 4411392 ----a-w- c:\program files\mplayerc.exe
2007-06-29 02:06 . 2007-06-29 02:06 23 --sha-w- c:\windows\system32\bacdcad8_r.dll
2006-05-03 09:06 . 2007-05-20 02:26 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-08-19 19:21 31232 --sha-r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 16:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 22:04 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-30 2010904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-30 20:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mala Meehan^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Mala Meehan\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Mala Meehan\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"67:UDP"= 67:UDP:DHCP Discovery Service
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/30/2009 7:03 PM 64288]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [5/19/2008 3:49 PM 6097]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/14/2009 9:42 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/14/2009 9:42 AM 360584]
R1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073);c:\windows\system32\drivers\NEOFLTR_600_13073.sys [4/30/2008 2:54 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 1:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 1:07 PM 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/30/2009 3:22 PM 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1179232]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [4/16/2009 5:42 PM 47640]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 5:09 PM 93960]
S2 gupdate1c98b9af7e37bf8;Google Update Service (gupdate1c98b9af7e37bf8);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2009 11:16 AM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 4:30 AM 204800]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Dymeesccabdu;Dymeesccabdu; [x]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [3/2/2007 12:40 PM 32384]
S3 mamovec;mamovec;c:\windows\system32\drivers\mamovec.sys [5/20/2007 1:40 AM 24784]
S3 mamovem;mamovem;c:\windows\system32\drivers\mamovem.sys [5/20/2007 1:40 AM 25044]
S3 mamoveu;mamoveu;c:\windows\system32\drivers\mamoveu.sys [5/20/2007 1:40 AM 51584]
S3 maz500m;maz500m;c:\windows\system32\drivers\maz500m.sys [6/16/2007 11:27 AM 25044]
S3 maz500u;maz500u;c:\windows\system32\drivers\maz500u.sys [6/16/2007 11:27 AM 51285]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [6/16/2007 1:30 PM 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/16/2007 1:30 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/16/2007 1:30 PM 21504]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 1:07 PM 7408]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [5/19/2008 3:49 PM 299923]
S3 Vopisser_b.0.;Vopisser_b.0.; [x]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 Mcoufrvpe3.;Mcoufrvpe3.; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 00:01]

2009-11-02 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]

2009-11-05 c:\windows\Tasks\Backup2.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 16:15]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 16:15]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1715567821-725345543-1007Core.job
- c:\documents and settings\Mala Meehan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 23:19]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1715567821-725345543-1007UA.job
- c:\documents and settings\Mala Meehan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 23:19]

2009-11-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2009-11-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-04 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: wachovia.com
Trusted Zone: wachovia.com
DPF: GDInst - hxxp://www.mreplay.com/plugin/GDInst.CAB
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Mala Meehan\Application Data\Mozilla\Firefox\Profiles\gjr6wrrf.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Mala Meehan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{DAA9FF74-BC21-4CED-AE28-34A63CED9277} - c:\windows\system32\efcBtqpm.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 09:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1715567821-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E1BFC98-4C38-795A-C00D-25885F84671D}*]
"oaofoolhlenhepkmafaifmaoalpfnm"=hex:6b,61,68,6b,68,67,64,6f,6b,67,65,63,68,6f,
6d,6f,6b,64,6f,66,6d,65,00,00
"naeneohfomhfmnhkigfhdhfdemdp"=hex:69,61,6c,6b,6f,67,6b,63,61,6b,67,66,68,6e,
66,6e,66,6e,00,00
"oakmghljlakkimcmpponnoljlmhphk"=hex:64,61,68,6b,6d,6e,62,61,00,60
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-11-09 9:20
ComboFix-quarantined-files.txt 2009-11-09 14:19

Pre-Run: 41,231,245,312 bytes free
Post-Run: 41,326,133,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 652D41597FE262ECA2C14EBE2766CAF1

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 09 November 2009 - 11:10 AM

Hi,

Combofix took care of a rather nasty rootkit. How is your PC doing now?

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\caonima1.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Also please provide a new OTL log.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Malaboo

Malaboo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 November 2009 - 11:53 AM

I can't seem to make sure that I can see hidden files. There is no "View" tab when I access tools/folder options...the only options are File Types and Offline Files...these are the only two tabs... Thanks.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 09 November 2009 - 11:56 AM

Hi,


please try to access folder options as follows: Go to start->control panel and select folder options there. Do you see the view tab there?

Also if that doesn't work please check if you can see the file without setting invisible files to be visible.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Malaboo

Malaboo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 November 2009 - 12:01 PM

I already tried the 1st thing and still only get two tabs. I'm not sure what you mean with the 2nd thing

"Also if that doesn't work please check if you can see the file without setting invisible files to be visible."

#13 Malaboo

Malaboo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 November 2009 - 12:02 PM

what file am I trying to see? This file?

c:\windows\system32\caonima1.exe

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:10 AM

Posted 09 November 2009 - 12:07 PM

Hi,

yes indeed. If you can see that file, please upload it to virustotal or jotti by going through the steps of my previous post.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Malaboo

Malaboo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 09 November 2009 - 12:09 PM

That file caonima1 is blocked by my AVG as a Trojan horse Sheur2.bqeo threat. shoudl I allow it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users