• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
gmckearney

Ad aware Cannot connect to service

16 posts in this topic

I should say I have already run ComboFix before I ran Hijack This.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:51:17, on 16/10/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe

C:\Program Files\Mouse Driver\StartAutorun.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Mouse Driver\KMConfig.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Trust\R-Series Mouse And Keyboard\PS2USBKbdDrv.exe

C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\DeskSpace\deskspace.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\Broadband Choices\Broadband Choices Speed Tester\SpeedTester.exe

C:\Program Files\Back2zip\Back2zip.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Citrix\GoToMeeting\320\g2mcomm.exe

C:\Program Files\Citrix\GoToMeeting\320\g2mlauncher.exe

C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.webexpenses.com/login.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061221

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe

O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe "/Trigger RunAtLogon"

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [googletalk] C:\Users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

O4 - Startup: Back2zip.lnk = C:\Program Files\Back2zip\Back2zip.exe

O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

O4 - Global Startup: SpeedTester.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll

O9 - Extra 'Tools' menuitem: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ProgramData\WebEx\MyWebEx\419\mwmie.dll

O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ProgramData\WebEx\MyWebEx\419\mwmie.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246895089516

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1246895728572

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://persistentsys.webex.com/client/T26L...bex/ieatgpc.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{23F005BB-A1CE-4B48-A382-D2A638EE7745}: NameServer = 4.2.2.3 4.2.2.4

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c9e9a8d9f6df35) (gupdate1c9e9a8d9f6df35) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 15258 bytes

Edited by Gilli

Share this post


Link to post
Share on other sites
I should say I have already run ComboFix before I ran Hijack This.

ComboFix should be run under supervision of trained helper only.

 

Post contents of ComboFix log back here.

Share this post


Link to post
Share on other sites
ComboFix should be run under supervision of trained helper only.

 

Post contents of ComboFix log back here.

 

ComboFix 09-10-15.04 - Gillianm 16/10/2009 9:32.2.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2038.650 [GMT 1:00]

Running from: c:\users\Gillianm\Documents\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Possible infected sites -----

 

hxxp://assist.talktalk.net

.

((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))

.

 

2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Gillian McKearney\AppData\Local\temp

2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Battery Power\AppData\Local\temp

2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2009-10-16 01:30 . 2009-10-16 01:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Xobni

2009-10-15 12:07 . 2009-10-15 12:07 -------- d-----w- c:\program files\VS Revo Group

2009-10-14 17:15 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-14 17:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-10-14 17:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-10-14 17:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll

2009-10-14 17:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-10-14 17:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2009-10-14 13:01 . 2009-10-14 13:01 -------- d-----w- c:\program files\JRE

2009-10-14 13:00 . 2009-10-14 13:01 -------- d-----w- c:\program files\OpenOffice.org 3

2009-10-14 11:19 . 2009-10-14 11:19 -------- d-----w- c:\users\Gillianm\AppData\Local\Microsoft Corporation

2009-10-14 11:01 . 2009-10-14 11:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2009-10-07 08:27 . 2009-10-07 08:27 -------- d-----w- c:\program files\Audible

2009-10-03 08:13 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-02 07:34 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-02 07:34 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-02 07:34 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-02 07:34 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-02 07:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-02 07:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-02 07:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-02 07:33 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-02 07:33 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-10-01 07:39 . 2009-10-01 07:39 -------- d-----w- c:\programdata\Messenger Plus!

2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\TechSmith

2009-09-30 12:16 . 2009-09-30 12:16 -------- d-----w- c:\program files\Messenger Plus! Live

2009-09-30 11:12 . 2009-09-30 11:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-09-30 11:11 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2009-09-30 11:09 . 2009-09-30 11:09 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-09-29 14:25 . 2009-09-29 14:25 -------- d-----w- c:\program files\iPod

2009-09-29 14:25 . 2009-09-29 14:26 -------- d-----w- c:\program files\iTunes

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-16 08:52 . 2008-04-05 21:10 -------- d-----w- c:\programdata\Kontiki

2009-10-16 08:33 . 2009-03-02 11:09 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Skype

2009-10-16 07:58 . 2009-03-02 11:12 -------- d-----w- c:\users\Gillianm\AppData\Roaming\skypePM

2009-10-16 01:30 . 2009-06-03 10:20 -------- d-----w- c:\program files\Xobni

2009-10-15 17:25 . 2008-05-01 16:54 -------- d-----w- c:\program files\Lavasoft

2009-10-15 17:25 . 2008-01-24 19:47 -------- d-----w- c:\programdata\Lavasoft

2009-10-15 15:30 . 2008-02-05 15:42 1356 ----a-w- c:\users\Gillianm\AppData\Local\d3d9caps.dat

2009-10-15 11:11 . 2007-11-21 11:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-10-15 08:56 . 2007-11-18 17:33 -------- d-----w- c:\program files\Microsoft Works

2009-10-14 22:01 . 2007-11-21 09:41 122560 ----a-w- c:\users\Gillianm\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-14 21:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-14 12:59 . 2008-05-21 10:41 -------- d-----w- c:\program files\OpenOffice.org 2.4

2009-10-14 12:55 . 2008-05-21 10:55 -------- d-----w- c:\users\Gillianm\AppData\Roaming\OpenOffice.org2

2009-10-14 11:43 . 2008-10-06 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-13 23:06 . 2008-07-15 13:16 0 ----a-w- c:\users\Gillianm\AppData\Local\prvlcl.dat

2009-10-13 23:06 . 2008-07-15 12:22 0 ----a-w- c:\users\Battery Power\AppData\Local\prvlcl.dat

2009-10-12 17:58 . 2009-02-25 12:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Spotify

2009-10-01 12:56 . 2008-10-03 13:53 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Image Zone Express

2009-09-30 11:13 . 2007-11-21 10:35 -------- d-----w- c:\program files\Windows Live

2009-09-30 10:22 . 2007-11-21 10:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-09-30 07:11 . 2008-07-15 11:16 8224 ----a-w- c:\users\Battery Power\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-29 14:25 . 2007-12-27 17:44 -------- d-----w- c:\program files\Common Files\Apple

2009-09-18 21:27 . 2007-12-20 12:03 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Apple Computer

2009-09-17 15:22 . 2007-11-21 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-17 14:44 . 2009-09-01 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-15 09:48 . 2007-11-21 13:10 -------- d-----w- c:\programdata\Yahoo! Companion

2009-09-10 13:54 . 2009-09-01 10:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 13:53 . 2009-09-01 10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 13:44 . 2009-09-10 13:44 -------- d-----w- c:\program files\##nospam Configuration Utility

2009-09-10 13:42 . 2009-09-10 13:39 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-10 13:34 . 2009-09-10 13:33 -------- d-----w- c:\program files\QuickTime

2009-09-10 07:56 . 2008-01-08 17:03 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-08 06:58 . 2008-11-25 16:39 -------- d-----w- c:\program files\SugarSync

2009-09-07 17:13 . 2007-11-18 17:33 -------- d-----w- c:\program files\CyberLink

2009-09-07 17:09 . 2008-01-12 16:02 -------- d-----w- c:\program files\Nokia

2009-09-01 11:00 . 2009-09-01 11:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Malwarebytes

2009-09-01 10:59 . 2009-09-01 10:59 -------- d-----w- c:\programdata\Malwarebytes

2009-08-29 00:27 . 2009-09-02 20:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-02 20:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-08-27 07:45 . 2009-02-04 10:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-27 07:45 . 2008-09-06 17:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-27 07:45 . 2008-09-06 17:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-27 05:22 . 2009-10-14 17:10 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-27 05:17 . 2009-10-14 17:10 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-08-27 05:17 . 2009-10-14 17:10 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-08-27 03:42 . 2009-10-14 17:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-25 14:30 . 2007-12-20 12:00 -------- d-----w- c:\program files\Safari

2009-08-14 16:27 . 2009-09-09 07:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 15:53 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 13:49 . 2009-09-09 07:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 13:49 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 13:49 . 2009-09-09 07:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 13:49 . 2009-09-09 07:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 13:49 . 2009-09-09 07:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 13:49 . 2009-09-09 07:39 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 13:49 . 2009-09-09 07:39 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-14 13:48 . 2009-09-09 07:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 13:48 . 2009-09-09 07:39 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2007-11-21 10:30 . 2007-11-21 10:30 8 --sh--r- c:\windows\System32\AAF25136A3.sys

2009-01-21 18:30 . 2007-11-21 10:30 4704 --sha-w- c:\windows\System32\KGyGaAvL.sys

2007-11-19 00:53 . 2007-11-19 00:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((( [email protected]_16.15.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-18 17:39 . 2009-10-16 07:56 93222 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2007-11-21 09:42 . 2009-10-16 07:56 18970 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3088100052-2713238192-65485237-1000_UserData.bin

+ 2007-11-21 09:40 . 2009-10-16 08:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2007-11-21 09:40 . 2009-10-15 15:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2007-11-21 09:40 . 2009-10-16 08:02 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2007-11-21 09:40 . 2009-10-15 15:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-21 09:40 . 2009-10-16 08:02 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2007-11-21 09:40 . 2009-10-15 15:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-11-21 12:57 . 2009-10-16 07:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2007-11-21 12:57 . 2009-10-15 15:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2007-11-21 12:57 . 2009-10-15 17:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2007-11-21 12:57 . 2009-07-30 09:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2007-11-21 12:57 . 2009-07-30 09:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-11-21 12:57 . 2009-10-15 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-11-22 00:19 . 2009-10-16 02:08 5058 c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2009-10-16 07:54 . 2009-10-16 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-10-15 07:39 . 2009-10-15 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-10-15 07:39 . 2009-10-15 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-10-16 07:54 . 2009-10-16 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 13:02 . 2009-10-16 07:56 133626 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-16 07:01 . 2009-10-16 07:54 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2009-09-16 07:01 . 2009-10-15 15:27 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2009-07-30 09:19 . 2009-07-30 09:19 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-30 09:19 . 2009-10-15 17:54 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-22 171448]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-08-04 31552]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

"DeskSpace"="c:\program files\DeskSpace\deskspace.exe" [2008-12-04 1157344]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"googletalk"="c:\users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2002-07-22 145920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"WireLessMouse"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]

"WireLessKeyboard"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]

"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]

 

c:\users\Gillianm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2009-7-28 2007040]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]

SpeedTester.lnk - c:\windows\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe [2008-12-10 33610]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:):9a,b9,20,73,36,f4,c9,01

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1000]

"EnableNotificationsRef"=dword:00000002

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1004]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A3A25361-A337-40D6-8A4E-82510611AC82}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{BCF4979C-BAEC-4B43-B0DC-68A2F75A73F0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{456096FC-91EF-4F86-ACC1-B4864B37E12A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{5201B59F-8F0C-4965-8B78-2FF06D0E5485}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{5AA1E0F2-2061-4DD2-AF37-0637EB85E965}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{74BFFDF8-737C-4130-A81C-B786686FE235}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe

"UDP Query User{0FD1FE1C-3C96-46D7-8BCE-82AED1719F02}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe

"TCP Query User{A11CEFDC-FCA6-4942-A808-FB0CDCCDAEBC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

"UDP Query User{9C300B0E-B6F5-4B3B-BB43-214FE62B69B8}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

"TCP Query User{7E5933C2-DF70-49D0-A23B-4A575253B78D}c:\\users\\gillianm\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe

"UDP Query User{2060AE22-EC50-4735-8C1D-6839FD61A7D1}c:\\users\\gillianm\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe

"TCP Query User{83FD335A-0D16-45A7-9D9E-1B6B5ACE7339}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{DA16B58C-7995-46BD-BCB7-E9218E1E1FDB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{44442735-EADD-4D25-BC50-420212EE87B2}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe

"UDP Query User{31F8961C-0985-4B58-8E32-AC71EEF9AA9E}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe

"{687871C3-BAFB-412E-BE66-8E6D026BB9E4}"= UDP:c:\program files\TalkTalk\bin\sprtsvc.exe:sprtsvc.exe

"{EEAB5D9A-CD90-4806-9D32-762C3A94E0FD}"= TCP:c:\program files\TalkTalk\bin\sprtsvc.exe:sprtsvc.exe

"{B141A411-435E-4180-B5F8-8449A1983993}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe

"{930C7B7D-6C68-406F-8497-D99BCC3E6DBB}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe

"{E88BC0CF-C0A9-4BEC-B0CD-BA37144BA25C}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe

"{83AB00AF-AAC2-40E4-914D-4B56D56B6F41}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe

"{E3476E94-C497-4E20-A3C5-322887DF719A}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe

"{DA66B3E3-00E3-4103-ABE7-5430418C315E}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe

"{4F00CBA0-DEE1-4D6A-B195-34FB09722327}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{A9ADCAC7-28B7-4F86-B827-06D84F17AF0B}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{42CA3922-1986-4CD7-89B9-7B487FABB9FC}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{A88AD36C-A0DE-4308-9FD6-A4A62C626DD6}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{71986BAD-3810-4455-9287-AF9A8C3BB630}"= UDP:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{C0B11AEF-AFA6-4553-9E89-DACEF5468EE7}"= TCP:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{9F0CA105-44DB-4DB4-9963-074EF579C47E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{060FB70E-0A2B-425B-9554-30C0066F65AD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{05006164-B61F-4D60-A14E-76A39AE211B2}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify

"UDP Query User{4D8A1118-E230-4F53-B935-10D5FD6C8252}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify

"{9B6CC949-23B2-4421-8146-0410F183DFC8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{CC2DBC02-0391-49EC-8D00-A758B559CFFB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{1D4FD878-508E-4CEF-9D8E-E8134CE40318}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{6BD364E6-BF80-4FD6-8A43-053F10269C89}"= UDP:c:\program files\CalgooConnect\CalgooConnect.exe:CalgooConnect

"{25EAC28C-8BA5-4FC7-8135-271B35CDC186}"= TCP:c:\program files\CalgooConnect\CalgooConnect.exe:CalgooConnect

"{DC6D5A79-0C35-4ED3-8824-AEACD12BD75F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{B1A4E05A-0E29-44F0-8AD8-D9A101939C22}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{FDF0989B-0B6A-4C5F-8D87-16BA20B12A40}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/09/2008 18:27 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/03/2009 21:18 108552]

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [09/10/2008 09:39 12800]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/03/2009 21:18 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/02/2009 11:13 297752]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [28/03/2008 23:19 208896]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/09/2008 15:49 1153368]

R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 10:33 202016]

R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\supportsoft\bin\tgsrvc.exe [02/08/2007 15:42 148768]

R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [07/05/2009 02:21 46824]

R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\System32\drivers\fw220.sys [05/08/2002 05:00 33280]

S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\TDSupportApp\cdrom_mon.exe [26/02/2009 11:23 81920]

S2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [04/03/2009 11:50 266240]

S2 gupdate1c9e9a8d9f6df35;Google Update Service (gupdate1c9e9a8d9f6df35);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2009 09:52 133104]

S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]

S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\System32\drivers\CE6230StandaloneDriver.sys [26/04/2008 12:12 44800]

S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\System32\drivers\CE6230BDA.sys [26/04/2008 12:12 19328]

S3 CE9500;CE9500.Sys driver;c:\windows\System32\drivers\ce9500.sys [29/11/2007 10:12 114176]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [30/09/2009 12:11 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\System32\drivers\PLCND532.sys [08/08/2007 16:40 26656]

S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [26/02/2009 11:39 65024]

S3 qcusbnmea;WP-S1 NMEA Port;c:\windows\System32\drivers\qcusbnmea.sys [03/10/2007 06:30 65024]

S3 qcusbpcsync;WP-S1 PCSYNC Port;c:\windows\System32\drivers\qcusbpcsync.sys [03/10/2007 06:30 65024]

S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [03/10/2007 06:30 65024]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

 

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

 

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000Core.job

- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

 

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000UA.job

- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

 

2009-10-16 c:\windows\Tasks\User_Feed_Synchronization-{E8E77C39-A6C9-42D3-A152-9C307E0E81E3}.job

- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

.

.

------- Supplementary Scan -------

.

uStart Page = https://login.webexpenses.com/login.jsp

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\CSLSP.DLL

TCP: {23F005BB-A1CE-4B48-A382-D2A638EE7745} = 4.2.2.3 4.2.2.4

FF - ProfilePath - c:\users\Gillianm\AppData\Roaming\Mozilla\Firefox\Profiles\xmh90jmh.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT766895&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

 

**************************************************************************

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-3088100052-2713238192-65485237-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62F4398-6AB9-8E99-99E4-36DF5A6629E0}*]

"papdpklfojojpiehbdmanghlhiklbhhp"=hex:6a,61,65,6f,68,68,6a,65,63,6a,6f,6c,65,

62,68,62,6d,6d,68,66,00,8b

"abbfffklbdciabekaehppfjofcadgpghcb"=hex:6a,61,6e,6e,6f,67,63,65,6d,6d,65,62,

63,66,6e,62,6b,63,64,6e,00,8b

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}04\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}05\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}06\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}07\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}08\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2009-10-16 9:56

ComboFix-quarantined-files.txt 2009-10-16 08:56

ComboFix2.txt 2009-10-15 16:20

 

Pre-Run: 28,076,699,648 bytes free

Post-Run: 27,742,695,424 bytes free

 

386 --- E O F --- 2009-10-15 18:02

Share this post


Link to post
Share on other sites

Hi,

 

Looks like you had run ComboFix more than once. Look for ComboFix2.txt file and post back its contents (in c:\combofix or c:\qoobox folder).

Share this post


Link to post
Share on other sites
Hi,

 

Looks like you had run ComboFix more than once. Look for ComboFix2.txt file and post back its contents (in c:\combofix or c:\qoobox folder).

 

 

ComboFix 09-10-14.09 - Gillianm 15/10/2009 16:55.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2038.683 [GMT 1:00]

Running from: c:\users\Gillianm\Documents\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500

c:\$recycle.bin\S-1-5-21-3088100052-2713238192-65485237-500

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\Installer\9a019.a439.msi

 

----- BITS: Possible infected sites -----

 

hxxp://assist.talktalk.net

.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))

.

 

2009-10-15 16:14 . 2009-10-15 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-15 16:14 . 2009-10-15 16:14 -------- d-----w- c:\users\Battery Power\AppData\Local\temp

2009-10-15 14:30 . 2009-10-15 14:30 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-10-15 12:07 . 2009-10-15 12:07 -------- d-----w- c:\program files\VS Revo Group

2009-10-14 17:15 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-14 17:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-10-14 17:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-10-14 17:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll

2009-10-14 17:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-10-14 17:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2009-10-14 13:01 . 2009-10-14 13:01 -------- d-----w- c:\program files\JRE

2009-10-14 13:00 . 2009-10-14 13:01 -------- d-----w- c:\program files\OpenOffice.org 3

2009-10-14 11:19 . 2009-10-14 11:19 -------- d-----w- c:\users\Gillianm\AppData\Local\Microsoft Corporation

2009-10-14 11:01 . 2009-10-14 11:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2009-10-07 08:27 . 2009-10-07 08:27 -------- d-----w- c:\program files\Audible

2009-10-03 08:13 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-02 07:34 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-02 07:34 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-02 07:34 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-02 07:34 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-02 07:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-02 07:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-02 07:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-02 07:33 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-02 07:33 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-10-01 07:39 . 2009-10-01 07:39 -------- d-----w- c:\programdata\Messenger Plus!

2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\TechSmith

2009-09-30 12:16 . 2009-09-30 12:16 -------- d-----w- c:\program files\Messenger Plus! Live

2009-09-30 11:12 . 2009-09-30 11:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-09-30 11:11 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2009-09-30 11:09 . 2009-09-30 11:09 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-09-29 14:25 . 2009-09-29 14:25 -------- d-----w- c:\program files\iPod

2009-09-29 14:25 . 2009-09-29 14:26 -------- d-----w- c:\program files\iTunes

2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\users\Gillianm\Office Genuine Advantage

2009-09-16 07:01 . 2009-09-16 07:01 -------- d-sh--w- c:\windows\system32\%APPDATA%

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-15 16:15 . 2008-04-05 21:10 -------- d-----w- c:\programdata\Kontiki

2009-10-15 15:56 . 2009-03-02 11:09 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Skype

2009-10-15 15:30 . 2008-02-05 15:42 1356 ----a-w- c:\users\Gillianm\AppData\Local\d3d9caps.dat

2009-10-15 15:17 . 2009-03-02 11:12 -------- d-----w- c:\users\Gillianm\AppData\Roaming\skypePM

2009-10-15 14:28 . 2008-05-01 16:54 -------- d-----w- c:\program files\Lavasoft

2009-10-15 14:28 . 2008-01-24 19:47 -------- d-----w- c:\programdata\Lavasoft

2009-10-15 11:11 . 2007-11-21 11:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-10-15 08:56 . 2007-11-18 17:33 -------- d-----w- c:\program files\Microsoft Works

2009-10-14 22:01 . 2007-11-21 09:41 122560 ----a-w- c:\users\Gillianm\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-14 21:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-14 12:59 . 2008-05-21 10:41 -------- d-----w- c:\program files\OpenOffice.org 2.4

2009-10-14 12:55 . 2008-05-21 10:55 -------- d-----w- c:\users\Gillianm\AppData\Roaming\OpenOffice.org2

2009-10-14 11:43 . 2008-10-06 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-13 23:06 . 2008-07-15 13:16 0 ----a-w- c:\users\Gillianm\AppData\Local\prvlcl.dat

2009-10-13 23:06 . 2008-07-15 12:22 0 ----a-w- c:\users\Battery Power\AppData\Local\prvlcl.dat

2009-10-12 17:58 . 2009-02-25 12:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Spotify

2009-10-01 12:56 . 2008-10-03 13:53 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Image Zone Express

2009-09-30 11:13 . 2007-11-21 10:35 -------- d-----w- c:\program files\Windows Live

2009-09-30 10:22 . 2007-11-21 10:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-09-30 07:11 . 2008-07-15 11:16 8224 ----a-w- c:\users\Battery Power\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-29 14:25 . 2007-12-27 17:44 -------- d-----w- c:\program files\Common Files\Apple

2009-09-18 21:27 . 2007-12-20 12:03 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Apple Computer

2009-09-17 15:22 . 2007-11-21 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-17 14:44 . 2009-09-01 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-15 09:48 . 2007-11-21 13:10 -------- d-----w- c:\programdata\Yahoo! Companion

2009-09-10 13:54 . 2009-09-01 10:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 13:53 . 2009-09-01 10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 13:44 . 2009-09-10 13:44 -------- d-----w- c:\program files\##nospam Configuration Utility

2009-09-10 13:42 . 2009-09-10 13:39 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-10 13:34 . 2009-09-10 13:33 -------- d-----w- c:\program files\QuickTime

2009-09-10 07:56 . 2008-01-08 17:03 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-08 06:58 . 2008-11-25 16:39 -------- d-----w- c:\program files\SugarSync

2009-09-07 17:13 . 2007-11-18 17:33 -------- d-----w- c:\program files\CyberLink

2009-09-07 17:09 . 2008-01-12 16:02 -------- d-----w- c:\program files\Nokia

2009-09-01 11:00 . 2009-09-01 11:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Malwarebytes

2009-09-01 10:59 . 2009-09-01 10:59 -------- d-----w- c:\programdata\Malwarebytes

2009-08-29 00:27 . 2009-09-02 20:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-02 20:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-08-27 07:45 . 2009-02-04 10:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-27 07:45 . 2008-09-06 17:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-27 07:45 . 2008-09-06 17:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-27 05:22 . 2009-10-14 17:10 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-27 05:17 . 2009-10-14 17:10 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-08-27 05:17 . 2009-10-14 17:10 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-08-27 03:42 . 2009-10-14 17:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-25 14:30 . 2007-12-20 12:00 -------- d-----w- c:\program files\Safari

2009-08-14 16:27 . 2009-09-09 07:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 15:53 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 13:49 . 2009-09-09 07:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 13:49 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 13:49 . 2009-09-09 07:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 13:49 . 2009-09-09 07:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 13:49 . 2009-09-09 07:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 13:49 . 2009-09-09 07:39 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 13:49 . 2009-09-09 07:39 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-14 13:48 . 2009-09-09 07:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 13:48 . 2009-09-09 07:39 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2007-11-21 10:30 . 2007-11-21 10:30 8 --sh--r- c:\windows\System32\AAF25136A3.sys

2009-01-21 18:30 . 2007-11-21 10:30 4704 --sha-w- c:\windows\System32\KGyGaAvL.sys

2007-11-19 00:53 . 2007-11-19 00:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-22 171448]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-08-04 31552]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

"DeskSpace"="c:\program files\DeskSpace\deskspace.exe" [2008-12-04 1157344]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"googletalk"="c:\users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2002-07-22 145920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"WireLessMouse"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]

"WireLessKeyboard"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]

"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]

 

c:\users\Gillianm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2009-7-28 2007040]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]

SpeedTester.lnk - c:\windows\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe [2008-12-10 33610]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:):9a,b9,20,73,36,f4,c9,01

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1000]

"EnableNotificationsRef"=dword:00000002

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1004]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A3A25361-A337-40D6-8A4E-82510611AC82}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{BCF4979C-BAEC-4B43-B0DC-68A2F75A73F0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{456096FC-91EF-4F86-ACC1-B4864B37E12A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{5201B59F-8F0C-4965-8B78-2FF06D0E5485}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{5AA1E0F2-2061-4DD2-AF37-0637EB85E965}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{74BFFDF8-737C-4130-A81C-B786686FE235}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe

"UDP Query User{0FD1FE1C-3C96-46D7-8BCE-82AED1719F02}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe

"TCP Query User{A11CEFDC-FCA6-4942-A808-FB0CDCCDAEBC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

"UDP Query User{9C300B0E-B6F5-4B3B-BB43-214FE62B69B8}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

"TCP Query User{7E5933C2-DF70-49D0-A23B-4A575253B78D}c:\\users\\gillianm\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe

"UDP Query User{2060AE22-EC50-4735-8C1D-6839FD61A7D1}c:\\users\\gillianm\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe

"TCP Query User{83FD335A-0D16-45A7-9D9E-1B6B5ACE7339}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{DA16B58C-7995-46BD-BCB7-E9218E1E1FDB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{44442735-EADD-4D25-BC50-420212EE87B2}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe

"UDP Query User{31F8961C-0985-4B58-8E32-AC71EEF9AA9E}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe

"{687871C3-BAFB-412E-BE66-8E6D026BB9E4}"= UDP:c:\program files\TalkTalk\bin\sprtsvc.exe:sprtsvc.exe

"{EEAB5D9A-CD90-4806-9D32-762C3A94E0FD}"= TCP:c:\program files\TalkTalk\bin\sprtsvc.exe:sprtsvc.exe

"{B141A411-435E-4180-B5F8-8449A1983993}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe

"{930C7B7D-6C68-406F-8497-D99BCC3E6DBB}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe

"{E88BC0CF-C0A9-4BEC-B0CD-BA37144BA25C}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe

"{83AB00AF-AAC2-40E4-914D-4B56D56B6F41}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe

"{E3476E94-C497-4E20-A3C5-322887DF719A}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe

"{DA66B3E3-00E3-4103-ABE7-5430418C315E}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe

"{4F00CBA0-DEE1-4D6A-B195-34FB09722327}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{A9ADCAC7-28B7-4F86-B827-06D84F17AF0B}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{42CA3922-1986-4CD7-89B9-7B487FABB9FC}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{A88AD36C-A0DE-4308-9FD6-A4A62C626DD6}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service

"{71986BAD-3810-4455-9287-AF9A8C3BB630}"= UDP:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{C0B11AEF-AFA6-4553-9E89-DACEF5468EE7}"= TCP:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{9F0CA105-44DB-4DB4-9963-074EF579C47E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{060FB70E-0A2B-425B-9554-30C0066F65AD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{05006164-B61F-4D60-A14E-76A39AE211B2}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify

"UDP Query User{4D8A1118-E230-4F53-B935-10D5FD6C8252}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify

"{9B6CC949-23B2-4421-8146-0410F183DFC8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{CC2DBC02-0391-49EC-8D00-A758B559CFFB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{1D4FD878-508E-4CEF-9D8E-E8134CE40318}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{6BD364E6-BF80-4FD6-8A43-053F10269C89}"= UDP:c:\program files\CalgooConnect\CalgooConnect.exe:CalgooConnect

"{25EAC28C-8BA5-4FC7-8135-271B35CDC186}"= TCP:c:\program files\CalgooConnect\CalgooConnect.exe:CalgooConnect

"{DC6D5A79-0C35-4ED3-8824-AEACD12BD75F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{B1A4E05A-0E29-44F0-8AD8-D9A101939C22}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{FDF0989B-0B6A-4C5F-8D87-16BA20B12A40}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/09/2008 18:27 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/03/2009 21:18 108552]

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [09/10/2008 09:39 12800]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/02/2009 11:13 297752]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [28/03/2008 23:19 208896]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/09/2008 15:49 1153368]

R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 10:33 202016]

R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\supportsoft\bin\tgsrvc.exe [02/08/2007 15:42 148768]

R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [07/05/2009 02:21 45288]

R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\System32\drivers\fw220.sys [05/08/2002 05:00 33280]

S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\TDSupportApp\cdrom_mon.exe [26/02/2009 11:23 81920]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/03/2009 21:18 908056]

S2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [04/03/2009 11:50 266240]

S2 gupdate1c9e9a8d9f6df35;Google Update Service (gupdate1c9e9a8d9f6df35);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2009 09:52 133104]

S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]

S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\System32\drivers\CE6230StandaloneDriver.sys [26/04/2008 12:12 44800]

S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\System32\drivers\CE6230BDA.sys [26/04/2008 12:12 19328]

S3 CE9500;CE9500.Sys driver;c:\windows\System32\drivers\ce9500.sys [29/11/2007 10:12 114176]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [30/09/2009 12:11 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\System32\drivers\PLCND532.sys [08/08/2007 16:40 26656]

S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [26/02/2009 11:39 65024]

S3 qcusbnmea;WP-S1 NMEA Port;c:\windows\System32\drivers\qcusbnmea.sys [03/10/2007 06:30 65024]

S3 qcusbpcsync;WP-S1 PCSYNC Port;c:\windows\System32\drivers\qcusbpcsync.sys [03/10/2007 06:30 65024]

S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [03/10/2007 06:30 65024]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

 

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

 

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000Core.job

- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

 

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000UA.job

- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

 

2009-10-15 c:\windows\Tasks\User_Feed_Synchronization-{E8E77C39-A6C9-42D3-A152-9C307E0E81E3}.job

- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

.

.

------- Supplementary Scan -------

.

uStart Page = https://login.webexpenses.com/login.jsp

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\CSLSP.DLL

TCP: {23F005BB-A1CE-4B48-A382-D2A638EE7745} = 4.2.2.3 4.2.2.4

FF - ProfilePath - c:\users\Gillianm\AppData\Roaming\Mozilla\Firefox\Profiles\xmh90jmh.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT766895&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Gillianm\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\users\Gillianm\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-15 17:15

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\users\Gillianm\AppData\Local\Temp\catchme.dll 53248 bytes executable

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-3088100052-2713238192-65485237-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62F4398-6AB9-8E99-99E4-36DF5A6629E0}*]

"papdpklfojojpiehbdmanghlhiklbhhp"=hex:6a,61,65,6f,68,68,6a,65,63,6a,6f,6c,65,

62,68,62,6d,6d,68,66,00,8b

"abbfffklbdciabekaehppfjofcadgpghcb"=hex:6a,61,6e,6e,6f,67,63,65,6d,6d,65,62,

63,66,6e,62,6b,63,64,6e,00,8b

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}04\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}05\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}06\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}07\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}08\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2009-10-15 17:20

ComboFix-quarantined-files.txt 2009-10-15 16:20

 

Pre-Run: 27,193,450,496 bytes free

Post-Run: 26,996,518,912 bytes free

 

373 --- E O F --- 2009-10-15 08:31

Share this post


Link to post
Share on other sites

Hi,

 

There are some signs of McAfee firewall there. Is it still installed and have you given permission for Ad-Aware to connect internet?

 

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode

  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer

 

Open notepad and copy/paste the text in the quotebox below into it:

 

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
Regnull::
[HKEY_USERS\S-1-5-21-3088100052-2713238192-65485237-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62F4398-6AB9-8E99-99E4-36DF5A6629E0}*]

 

 

Save this as

CFScript

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

 

CFScriptB-4.gif

 

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

Share this post


Link to post
Share on other sites
Hi,

 

There are some signs of McAfee firewall there. Is it still installed and have you given permission for Ad-Aware to connect internet?

 

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode

  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

 

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
Regnull::
[HKEY_USERS\S-1-5-21-3088100052-2713238192-65485237-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62F4398-6AB9-8E99-99E4-36DF5A6629E0}*]

Save this as

CFScript

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

 

CFScriptB-4.gif

 

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe

Then post the resultant log.

 

 

ComboFix 09-10-18.06 - Gillianm 19/10/2009 18:53.3.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2038.925 [GMT 1:00]

Running from: c:\users\Gillianm\Documents\Downloads\ComboFix.exe

Command switches used :: c:\users\Gillianm\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))

.

 

2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Gillian McKearney\AppData\Local\temp

2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Battery Power\AppData\Local\temp

2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2009-10-19 00:16 . 2009-10-19 00:16 -------- d-----w- c:\users\Battery Power\AppData\Local\AVG Security Toolbar

2009-10-18 22:54 . 2009-10-18 22:54 -------- d-----w- c:\users\Battery Power\AppData\Local\MediaDirect

2009-10-18 22:54 . 2009-10-18 22:54 -------- d-----w- c:\users\Battery Power\AppData\Roaming\CyberLink

2009-10-16 09:49 . 2009-10-16 09:49 -------- d-----w- c:\program files\Trend Micro

2009-10-16 09:29 . 2009-10-16 09:29 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-10-16 01:30 . 2009-10-16 01:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Xobni

2009-10-15 12:07 . 2009-10-15 12:07 -------- d-----w- c:\program files\VS Revo Group

2009-10-14 17:15 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-14 17:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-10-14 17:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-10-14 17:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll

2009-10-14 17:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-10-14 17:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2009-10-14 13:01 . 2009-10-14 13:01 -------- d-----w- c:\program files\JRE

2009-10-14 13:00 . 2009-10-14 13:01 -------- d-----w- c:\program files\OpenOffice.org 3

2009-10-14 11:19 . 2009-10-14 11:19 -------- d-----w- c:\users\Gillianm\AppData\Local\Microsoft Corporation

2009-10-14 11:01 . 2009-10-14 11:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2009-10-07 08:27 . 2009-10-07 08:27 -------- d-----w- c:\program files\Audible

2009-10-03 08:13 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-02 07:34 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-02 07:34 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-02 07:34 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-02 07:34 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-02 07:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-02 07:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-02 07:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-02 07:33 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-02 07:33 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-10-01 07:39 . 2009-10-01 07:39 -------- d-----w- c:\programdata\Messenger Plus!

2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\TechSmith

2009-09-30 12:16 . 2009-09-30 12:16 -------- d-----w- c:\program files\Messenger Plus! Live

2009-09-30 11:12 . 2009-09-30 11:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-09-30 11:11 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2009-09-30 11:09 . 2009-09-30 11:09 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-09-29 14:25 . 2009-09-29 14:25 -------- d-----w- c:\program files\iPod

2009-09-29 14:25 . 2009-09-29 14:26 -------- d-----w- c:\program files\iTunes

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-19 18:13 . 2008-04-05 21:10 -------- d-----w- c:\programdata\Kontiki

2009-10-19 18:13 . 2009-03-02 11:09 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Skype

2009-10-19 16:36 . 2007-11-21 10:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-10-19 15:01 . 2009-03-02 11:12 -------- d-----w- c:\users\Gillianm\AppData\Roaming\skypePM

2009-10-19 01:06 . 2008-07-15 13:16 0 ----a-w- c:\users\Gillianm\AppData\Local\prvlcl.dat

2009-10-19 01:06 . 2008-07-15 12:22 0 ----a-w- c:\users\Battery Power\AppData\Local\prvlcl.dat

2009-10-18 22:54 . 2008-07-15 11:16 122560 ----a-w- c:\users\Battery Power\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-17 18:26 . 2009-02-25 12:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Spotify

2009-10-16 09:28 . 2008-05-01 16:54 -------- d-----w- c:\program files\Lavasoft

2009-10-16 09:28 . 2008-01-24 19:47 -------- d-----w- c:\programdata\Lavasoft

2009-10-16 01:30 . 2009-06-03 10:20 -------- d-----w- c:\program files\Xobni

2009-10-15 15:30 . 2008-02-05 15:42 1356 ----a-w- c:\users\Gillianm\AppData\Local\d3d9caps.dat

2009-10-15 11:11 . 2007-11-21 11:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-10-15 08:56 . 2007-11-18 17:33 -------- d-----w- c:\program files\Microsoft Works

2009-10-14 22:01 . 2007-11-21 09:41 122560 ----a-w- c:\users\Gillianm\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-14 21:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-14 12:59 . 2008-05-21 10:41 -------- d-----w- c:\program files\OpenOffice.org 2.4

2009-10-14 12:55 . 2008-05-21 10:55 -------- d-----w- c:\users\Gillianm\AppData\Roaming\OpenOffice.org2

2009-10-14 11:43 . 2008-10-06 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-01 12:56 . 2008-10-03 13:53 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Image Zone Express

2009-09-30 11:13 . 2007-11-21 10:35 -------- d-----w- c:\program files\Windows Live

2009-09-29 14:25 . 2007-12-27 17:44 -------- d-----w- c:\program files\Common Files\Apple

2009-09-18 21:27 . 2007-12-20 12:03 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Apple Computer

2009-09-17 15:22 . 2007-11-21 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-17 14:44 . 2009-09-01 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-09-15 09:48 . 2007-11-21 13:10 -------- d-----w- c:\programdata\Yahoo! Companion

2009-09-10 13:54 . 2009-09-01 10:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 13:53 . 2009-09-01 10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 13:44 . 2009-09-10 13:44 -------- d-----w- c:\program files\##nospam Configuration Utility

2009-09-10 13:42 . 2009-09-10 13:39 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-10 13:34 . 2009-09-10 13:33 -------- d-----w- c:\program files\QuickTime

2009-09-10 07:56 . 2008-01-08 17:03 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-08 06:58 . 2008-11-25 16:39 -------- d-----w- c:\program files\SugarSync

2009-09-07 17:13 . 2007-11-18 17:33 -------- d-----w- c:\program files\CyberLink

2009-09-07 17:09 . 2008-01-12 16:02 -------- d-----w- c:\program files\Nokia

2009-09-01 11:00 . 2009-09-01 11:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Malwarebytes

2009-09-01 10:59 . 2009-09-01 10:59 -------- d-----w- c:\programdata\Malwarebytes

2009-08-29 00:27 . 2009-09-02 20:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-02 20:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-08-27 07:45 . 2009-02-04 10:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-27 07:45 . 2008-09-06 17:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-27 07:45 . 2008-09-06 17:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-27 05:22 . 2009-10-14 17:10 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-27 05:17 . 2009-10-14 17:10 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-08-27 05:17 . 2009-10-14 17:10 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-08-27 03:42 . 2009-10-14 17:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-25 14:30 . 2007-12-20 12:00 -------- d-----w- c:\program files\Safari

2009-08-14 16:27 . 2009-09-09 07:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 15:53 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 13:49 . 2009-09-09 07:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 13:49 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 13:49 . 2009-09-09 07:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 13:49 . 2009-09-09 07:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 13:49 . 2009-09-09 07:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 13:49 . 2009-09-09 07:39 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 13:49 . 2009-09-09 07:39 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-14 13:48 . 2009-09-09 07:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 13:48 . 2009-09-09 07:39 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2007-11-21 10:30 . 2007-11-21 10:30 8 --sh--r- c:\windows\System32\AAF25136A3.sys

2009-01-21 18:30 . 2007-11-21 10:30 4704 --sha-w- c:\windows\System32\KGyGaAvL.sys

2007-11-19 00:53 . 2007-11-19 00:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((( [email protected]_16.15.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-18 17:39 . 2009-10-19 17:12 93254 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2007-11-21 09:42 . 2009-10-19 17:12 19138 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3088100052-2713238192-65485237-1000_UserData.bin

- 2007-11-21 09:40 . 2009-10-15 15:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2007-11-21 09:40 . 2009-10-19 17:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2007-11-21 09:40 . 2009-10-19 17:11 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2007-11-21 09:40 . 2009-10-15 15:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2007-11-21 09:40 . 2009-10-15 15:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-11-21 09:40 . 2009-10-19 17:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-11-21 12:57 . 2009-10-19 17:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2007-11-21 12:57 . 2009-10-15 15:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2007-11-21 12:57 . 2009-07-30 09:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-21 12:57 . 2009-10-15 17:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-21 12:57 . 2009-10-15 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2007-11-21 12:57 . 2009-07-30 09:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2007-11-22 00:19 . 2009-10-19 16:50 5058 c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2008-07-15 11:15 . 2009-10-18 22:56 3670 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3088100052-2713238192-65485237-1004_UserData.bin

+ 2009-10-19 17:08 . 2009-10-19 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-10-15 07:39 . 2009-10-15 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-10-19 17:08 . 2009-10-19 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-10-15 07:39 . 2009-10-15 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 13:02 . 2009-10-19 17:12 133690 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-16 07:01 . 2009-10-19 17:08 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2009-09-16 07:01 . 2009-10-15 15:27 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2009-07-30 09:19 . 2009-07-30 09:19 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-30 09:19 . 2009-10-15 17:54 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-10-16 09:29 . 2009-10-16 09:29 1860608 c:\windows\Installer\13e76b.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-22 171448]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-08-04 31552]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

"DeskSpace"="c:\program files\DeskSpace\deskspace.exe" [2008-12-04 1157344]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"googletalk"="c:\users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2002-07-22 145920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"WireLessMouse"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]

"WireLessKeyboard"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]

"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]

 

c:\users\Gillianm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2009-7-28 2007040]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]

SpeedTester.lnk - c:\windows\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe [2008-12-10 33610]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:):9a,b9,20,73,36,f4,c9,01

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1000]

"EnableNotificationsRef"=dword:00000002

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1004]

"EnableNotificationsRef"=dword:00000001

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/09/2008 18:27 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/03/2009 21:18 108552]

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [09/10/2008 09:39 12800]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/03/2009 21:18 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/02/2009 11:13 297752]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [28/03/2008 23:19 208896]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/09/2008 15:49 1153368]

R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 10:33 202016]

R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\supportsoft\bin\tgsrvc.exe [02/08/2007 15:42 148768]

R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [07/05/2009 02:21 46824]

R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\System32\drivers\fw220.sys [05/08/2002 05:00 33280]

S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\TDSupportApp\cdrom_mon.exe [26/02/2009 11:23 81920]

S2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [04/03/2009 11:50 266240]

S2 gupdate1c9e9a8d9f6df35;Google Update Service (gupdate1c9e9a8d9f6df35);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2009 09:52 133104]

S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]

S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\System32\drivers\CE6230StandaloneDriver.sys [26/04/2008 12:12 44800]

S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\System32\drivers\CE6230BDA.sys [26/04/2008 12:12 19328]

S3 CE9500;CE9500.Sys driver;c:\windows\System32\drivers\ce9500.sys [29/11/2007 10:12 114176]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [30/09/2009 12:11 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\System32\drivers\PLCND532.sys [08/08/2007 16:40 26656]

S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [26/02/2009 11:39 65024]

S3 qcusbnmea;WP-S1 NMEA Port;c:\windows\System32\drivers\qcusbnmea.sys [03/10/2007 06:30 65024]

S3 qcusbpcsync;WP-S1 PCSYNC Port;c:\windows\System32\drivers\qcusbpcsync.sys [03/10/2007 06:30 65024]

S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [03/10/2007 06:30 65024]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

 

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

 

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

 

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000Core.job

- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

 

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000UA.job

- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

 

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{E8E77C39-A6C9-42D3-A152-9C307E0E81E3}.job

- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

.

.

------- Supplementary Scan -------

.

uStart Page = https://login.webexpenses.com/login.jsp

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\CSLSP.DLL

TCP: {23F005BB-A1CE-4B48-A382-D2A638EE7745} = 4.2.2.3 4.2.2.4

FF - ProfilePath - c:\users\Gillianm\AppData\Roaming\Mozilla\Firefox\Profiles\xmh90jmh.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT766895&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-19 19:13

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}04\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}05\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}06\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}07\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}08\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2009-10-19 19:20

ComboFix-quarantined-files.txt 2009-10-19 18:20

ComboFix2.txt 2009-10-16 08:56

ComboFix3.txt 2009-10-15 16:20

 

Pre-Run: 26,937,790,464 bytes free

Post-Run: 26,619,883,520 bytes free

 

- - End Of File - - 102FCE699214EF5841B62FEC2D4B73F3

Share this post


Link to post
Share on other sites

You didn't reply my question about firewall yet.

Share this post


Link to post
Share on other sites
You didn't reply my question about firewall yet.

 

Sorry yes I still have the firewall and ad-aware is allowed all access.

 

Thanks for your help on this BTW

Share this post


Link to post
Share on other sites

Hi,

 

If you disable McAfee FW is Ad-Aware able to connect? If not, try to reinstall Ad-Aware.

Share this post


Link to post
Share on other sites
Hi,

 

If you disable McAfee FW is Ad-Aware able to connect? If not, try to reinstall Ad-Aware.

 

Still Cannot connect to service

 

I disabled Firewall and no joy

I uninstalled Ad Aware and reinstalled with firewall still disabled no joy

Share this post


Link to post
Share on other sites

Hi,

 

Just to narrow things down a bit, does updating work properly with your antivirus software or does it have similar connection issues?

Share this post


Link to post
Share on other sites
Hi,

 

Just to narrow things down a bit, does updating work properly with your antivirus software or does it have similar connection issues?

 

HI No Updating Anti Virus works without issue.

 

Gilli

Share this post


Link to post
Share on other sites

Hi,

 

In that case, it could be Ad-Aware related issue. I recommend to open a topic at your version's subforum here.

 

Lets uninstall ComboFix first though:

  • Click START then RUN
  • Now copy-paste "c:\users\Gillianm\Documents\Downloads\ComboFix.exe" /u in the runbox and click OK

Share this post


Link to post
Share on other sites
Hi,

 

In that case, it could be Ad-Aware related issue. I recommend to open a topic at your version's subforum here.

 

Lets uninstall ComboFix first though:

  • Click START then RUN
  • Now copy-paste "c:\users\Gillianm\Documents\Downloads\ComboFix.exe" /u in the runbox and click OK

 

Hi Not to worry Have just updated Windows to Windows 7 and all works fine now

 

Thanks for your help anyway

Share this post


Link to post
Share on other sites

Ok. Thanks for letting us know :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0