Jump to content


Photo

Ad aware Cannot connect to service


  • This topic is locked This topic is locked
15 replies to this topic

#1 Gilli

Gilli

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 16 October 2009 - 10:58 AM

I should say I have already run ComboFix before I ran Hijack This.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:17, on 16/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DeskSpace\deskspace.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Broadband Choices\Broadband Choices Speed Tester\SpeedTester.exe
C:\Program Files\Back2zip\Back2zip.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\320\g2mlauncher.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gillianm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.webexp...s.com/login.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061221
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\320\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - Startup: Back2zip.lnk = C:\Program Files\Back2zip\Back2zip.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: SpeedTester.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll
O9 - Extra 'Tools' menuitem: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ProgramData\WebEx\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ProgramData\WebEx\MyWebEx\419\mwmie.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1246895089516
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1246895728572
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://persistentsy...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23F005BB-A1CE-4B48-A382-D2A638EE7745}: NameServer = 4.2.2.3 4.2.2.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\TDSupportApp\cdrom_mon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9e9a8d9f6df35) (gupdate1c9e9a8d9f6df35) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15258 bytes

Edited by Gilli, 16 October 2009 - 11:16 AM.


#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 16 October 2009 - 06:46 PM

I should say I have already run ComboFix before I ran Hijack This.

ComboFix should be run under supervision of trained helper only.

Post contents of ComboFix log back here.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 Gilli

Gilli

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 19 October 2009 - 09:59 AM

ComboFix should be run under supervision of trained helper only.

Post contents of ComboFix log back here.


ComboFix 09-10-15.04 - Gillianm 16/10/2009 9:32.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2038.650 [GMT 1:00]
Running from: c:\users\Gillianm\Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://assist.talktalk.net
.
((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
.

2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Gillian McKearney\AppData\Local\temp
2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Battery Power\AppData\Local\temp
2009-10-16 08:52 . 2009-10-16 08:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-16 01:30 . 2009-10-16 01:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Xobni
2009-10-15 12:07 . 2009-10-15 12:07 -------- d-----w- c:\program files\VS Revo Group
2009-10-14 17:15 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 17:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 13:01 . 2009-10-14 13:01 -------- d-----w- c:\program files\JRE
2009-10-14 13:00 . 2009-10-14 13:01 -------- d-----w- c:\program files\OpenOffice.org 3
2009-10-14 11:19 . 2009-10-14 11:19 -------- d-----w- c:\users\Gillianm\AppData\Local\Microsoft Corporation
2009-10-14 11:01 . 2009-10-14 11:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-07 08:27 . 2009-10-07 08:27 -------- d-----w- c:\program files\Audible
2009-10-03 08:13 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 07:34 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 07:34 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 07:34 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 07:34 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 07:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 07:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 07:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 07:33 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 07:33 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-01 07:39 . 2009-10-01 07:39 -------- d-----w- c:\programdata\Messenger Plus!
2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\TechSmith
2009-09-30 12:16 . 2009-09-30 12:16 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-30 11:12 . 2009-09-30 11:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-30 11:11 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-30 11:09 . 2009-09-30 11:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-29 14:25 . 2009-09-29 14:25 -------- d-----w- c:\program files\iPod
2009-09-29 14:25 . 2009-09-29 14:26 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 08:52 . 2008-04-05 21:10 -------- d-----w- c:\programdata\Kontiki
2009-10-16 08:33 . 2009-03-02 11:09 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Skype
2009-10-16 07:58 . 2009-03-02 11:12 -------- d-----w- c:\users\Gillianm\AppData\Roaming\skypePM
2009-10-16 01:30 . 2009-06-03 10:20 -------- d-----w- c:\program files\Xobni
2009-10-15 17:25 . 2008-05-01 16:54 -------- d-----w- c:\program files\Lavasoft
2009-10-15 17:25 . 2008-01-24 19:47 -------- d-----w- c:\programdata\Lavasoft
2009-10-15 15:30 . 2008-02-05 15:42 1356 ----a-w- c:\users\Gillianm\AppData\Local\d3d9caps.dat
2009-10-15 11:11 . 2007-11-21 11:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 08:56 . 2007-11-18 17:33 -------- d-----w- c:\program files\Microsoft Works
2009-10-14 22:01 . 2007-11-21 09:41 122560 ----a-w- c:\users\Gillianm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-14 21:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 12:59 . 2008-05-21 10:41 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-14 12:55 . 2008-05-21 10:55 -------- d-----w- c:\users\Gillianm\AppData\Roaming\OpenOffice.org2
2009-10-14 11:43 . 2008-10-06 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 23:06 . 2008-07-15 13:16 0 ----a-w- c:\users\Gillianm\AppData\Local\prvlcl.dat
2009-10-13 23:06 . 2008-07-15 12:22 0 ----a-w- c:\users\Battery Power\AppData\Local\prvlcl.dat
2009-10-12 17:58 . 2009-02-25 12:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Spotify
2009-10-01 12:56 . 2008-10-03 13:53 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Image Zone Express
2009-09-30 11:13 . 2007-11-21 10:35 -------- d-----w- c:\program files\Windows Live
2009-09-30 10:22 . 2007-11-21 10:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-30 07:11 . 2008-07-15 11:16 8224 ----a-w- c:\users\Battery Power\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-29 14:25 . 2007-12-27 17:44 -------- d-----w- c:\program files\Common Files\Apple
2009-09-18 21:27 . 2007-12-20 12:03 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Apple Computer
2009-09-17 15:22 . 2007-11-21 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-17 14:44 . 2009-09-01 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-15 09:48 . 2007-11-21 13:10 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-10 13:54 . 2009-09-01 10:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-09-01 10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:44 . 2009-09-10 13:44 -------- d-----w- c:\program files\##nospam Configuration Utility
2009-09-10 13:42 . 2009-09-10 13:39 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 13:34 . 2009-09-10 13:33 -------- d-----w- c:\program files\QuickTime
2009-09-10 07:56 . 2008-01-08 17:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 06:58 . 2008-11-25 16:39 -------- d-----w- c:\program files\SugarSync
2009-09-07 17:13 . 2007-11-18 17:33 -------- d-----w- c:\program files\CyberLink
2009-09-07 17:09 . 2008-01-12 16:02 -------- d-----w- c:\program files\Nokia
2009-09-01 11:00 . 2009-09-01 11:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Malwarebytes
2009-09-01 10:59 . 2009-09-01 10:59 -------- d-----w- c:\programdata\Malwarebytes
2009-08-29 00:27 . 2009-09-02 20:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 07:45 . 2009-02-04 10:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-27 07:45 . 2008-09-06 17:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 07:45 . 2008-09-06 17:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-27 05:22 . 2009-10-14 17:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 17:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-14 17:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-14 17:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-25 14:30 . 2007-12-20 12:00 -------- d-----w- c:\program files\Safari
2009-08-14 16:27 . 2009-09-09 07:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 07:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 07:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 07:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 07:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 07:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 07:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 07:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 07:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2007-11-21 10:30 . 2007-11-21 10:30 8 --sh--r- c:\windows\System32\AAF25136A3.sys
2009-01-21 18:30 . 2007-11-21 10:30 4704 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-11-19 00:53 . 2007-11-19 00:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-15_16.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-18 17:39 . 2009-10-16 07:56 93222 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-11-21 09:42 . 2009-10-16 07:56 18970 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3088100052-2713238192-65485237-1000_UserData.bin
+ 2007-11-21 09:40 . 2009-10-16 08:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-21 09:40 . 2009-10-15 15:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-21 09:40 . 2009-10-16 08:02 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-21 09:40 . 2009-10-15 15:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-21 09:40 . 2009-10-16 08:02 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-21 09:40 . 2009-10-15 15:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-21 12:57 . 2009-10-16 07:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-21 12:57 . 2009-10-15 15:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-21 12:57 . 2009-10-15 17:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-21 12:57 . 2009-07-30 09:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-21 12:57 . 2009-07-30 09:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-21 12:57 . 2009-10-15 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-22 00:19 . 2009-10-16 02:08 5058 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-10-16 07:54 . 2009-10-16 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-15 07:39 . 2009-10-15 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-15 07:39 . 2009-10-15 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-16 07:54 . 2009-10-16 07:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:02 . 2009-10-16 07:56 133626 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-16 07:01 . 2009-10-16 07:54 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-09-16 07:01 . 2009-10-15 15:27 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-07-30 09:19 . 2009-07-30 09:19 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-30 09:19 . 2009-10-15 17:54 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-22 171448]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-08-04 31552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"DeskSpace"="c:\program files\DeskSpace\deskspace.exe" [2008-12-04 1157344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"googletalk"="c:\users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2002-07-22 145920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"WireLessMouse"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"WireLessKeyboard"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]

c:\users\Gillianm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2009-7-28 2007040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
SpeedTester.lnk - c:\windows\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe [2008-12-10 33610]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:):9a,b9,20,73,36,f4,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1004]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A3A25361-A337-40D6-8A4E-82510611AC82}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BCF4979C-BAEC-4B43-B0DC-68A2F75A73F0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{456096FC-91EF-4F86-ACC1-B4864B37E12A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5201B59F-8F0C-4965-8B78-2FF06D0E5485}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5AA1E0F2-2061-4DD2-AF37-0637EB85E965}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{74BFFDF8-737C-4130-A81C-B786686FE235}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{0FD1FE1C-3C96-46D7-8BCE-82AED1719F02}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{A11CEFDC-FCA6-4942-A808-FB0CDCCDAEBC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{9C300B0E-B6F5-4B3B-BB43-214FE62B69B8}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{7E5933C2-DF70-49D0-A23B-4A575253B78D}c:\\users\\gillianm\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{2060AE22-EC50-4735-8C1D-6839FD61A7D1}c:\\users\\gillianm\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{83FD335A-0D16-45A7-9D9E-1B6B5ACE7339}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DA16B58C-7995-46BD-BCB7-E9218E1E1FDB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{44442735-EADD-4D25-BC50-420212EE87B2}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{31F8961C-0985-4B58-8E32-AC71EEF9AA9E}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"{687871C3-BAFB-412E-BE66-8E6D026BB9E4}"= UDP:c:\program files\TalkTalk\bin\sprtsvc.exe:sprtsvc.exe
"{EEAB5D9A-CD90-4806-9D32-762C3A94E0FD}"= TCP:c:\program files\TalkTalk\bin\sprtsvc.exe:sprtsvc.exe
"{B141A411-435E-4180-B5F8-8449A1983993}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{930C7B7D-6C68-406F-8497-D99BCC3E6DBB}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{E88BC0CF-C0A9-4BEC-B0CD-BA37144BA25C}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{83AB00AF-AAC2-40E4-914D-4B56D56B6F41}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{E3476E94-C497-4E20-A3C5-322887DF719A}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{DA66B3E3-00E3-4103-ABE7-5430418C315E}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{4F00CBA0-DEE1-4D6A-B195-34FB09722327}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{A9ADCAC7-28B7-4F86-B827-06D84F17AF0B}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{42CA3922-1986-4CD7-89B9-7B487FABB9FC}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{A88AD36C-A0DE-4308-9FD6-A4A62C626DD6}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{71986BAD-3810-4455-9287-AF9A8C3BB630}"= UDP:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C0B11AEF-AFA6-4553-9E89-DACEF5468EE7}"= TCP:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{9F0CA105-44DB-4DB4-9963-074EF579C47E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{060FB70E-0A2B-425B-9554-30C0066F65AD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{05006164-B61F-4D60-A14E-76A39AE211B2}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{4D8A1118-E230-4F53-B935-10D5FD6C8252}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify
"{9B6CC949-23B2-4421-8146-0410F183DFC8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CC2DBC02-0391-49EC-8D00-A758B559CFFB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{1D4FD878-508E-4CEF-9D8E-E8134CE40318}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{6BD364E6-BF80-4FD6-8A43-053F10269C89}"= UDP:c:\program files\CalgooConnect\CalgooConnect.exe:CalgooConnect
"{25EAC28C-8BA5-4FC7-8135-271B35CDC186}"= TCP:c:\program files\CalgooConnect\CalgooConnect.exe:CalgooConnect
"{DC6D5A79-0C35-4ED3-8824-AEACD12BD75F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B1A4E05A-0E29-44F0-8AD8-D9A101939C22}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FDF0989B-0B6A-4C5F-8D87-16BA20B12A40}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/09/2008 18:27 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/03/2009 21:18 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [09/10/2008 09:39 12800]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/03/2009 21:18 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/02/2009 11:13 297752]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [28/03/2008 23:19 208896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/09/2008 15:49 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 10:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\supportsoft\bin\tgsrvc.exe [02/08/2007 15:42 148768]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [07/05/2009 02:21 46824]
R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\System32\drivers\fw220.sys [05/08/2002 05:00 33280]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\TDSupportApp\cdrom_mon.exe [26/02/2009 11:23 81920]
S2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [04/03/2009 11:50 266240]
S2 gupdate1c9e9a8d9f6df35;Google Update Service (gupdate1c9e9a8d9f6df35);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2009 09:52 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\System32\drivers\CE6230StandaloneDriver.sys [26/04/2008 12:12 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\System32\drivers\CE6230BDA.sys [26/04/2008 12:12 19328]
S3 CE9500;CE9500.Sys driver;c:\windows\System32\drivers\ce9500.sys [29/11/2007 10:12 114176]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [30/09/2009 12:11 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\System32\drivers\PLCND532.sys [08/08/2007 16:40 26656]
S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [26/02/2009 11:39 65024]
S3 qcusbnmea;WP-S1 NMEA Port;c:\windows\System32\drivers\qcusbnmea.sys [03/10/2007 06:30 65024]
S3 qcusbpcsync;WP-S1 PCSYNC Port;c:\windows\System32\drivers\qcusbpcsync.sys [03/10/2007 06:30 65024]
S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [03/10/2007 06:30 65024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000Core.job
- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000UA.job
- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

2009-10-16 c:\windows\Tasks\User_Feed_Synchronization-{E8E77C39-A6C9-42D3-A152-9C307E0E81E3}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.webexp...s.com/login.jsp
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\CSLSP.DLL
TCP: {23F005BB-A1CE-4B48-A382-D2A638EE7745} = 4.2.2.3 4.2.2.4
FF - ProfilePath - c:\users\Gillianm\AppData\Roaming\Mozilla\Firefox\Profiles\xmh90jmh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT766895&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3088100052-2713238192-65485237-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62F4398-6AB9-8E99-99E4-36DF5A6629E0}*]
"papdpklfojojpiehbdmanghlhiklbhhp"=hex:6a,61,65,6f,68,68,6a,65,63,6a,6f,6c,65,
62,68,62,6d,6d,68,66,00,8b
"abbfffklbdciabekaehppfjofcadgpghcb"=hex:6a,61,6e,6e,6f,67,63,65,6d,6d,65,62,
63,66,6e,62,6b,63,64,6e,00,8b

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}04\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}05\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}06\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}07\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}08\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-16 9:56
ComboFix-quarantined-files.txt 2009-10-16 08:56
ComboFix2.txt 2009-10-15 16:20

Pre-Run: 28,076,699,648 bytes free
Post-Run: 27,742,695,424 bytes free

386 --- E O F --- 2009-10-15 18:02

#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 19 October 2009 - 03:25 PM

Hi,

Looks like you had run ComboFix more than once. Look for ComboFix2.txt file and post back its contents (in c:\combofix or c:\qoobox folder).
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 Gilli

Gilli

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 19 October 2009 - 04:02 PM

Hi,

Looks like you had run ComboFix more than once. Look for ComboFix2.txt file and post back its contents (in c:\combofix or c:\qoobox folder).



ComboFix 09-10-14.09 - Gillianm 15/10/2009 16:55.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2038.683 [GMT 1:00]
Running from: c:\users\Gillianm\Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-3088100052-2713238192-65485237-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\9a019.a439.msi

----- BITS: Possible infected sites -----

hxxp://assist.talktalk.net
.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-15 16:14 . 2009-10-15 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-15 16:14 . 2009-10-15 16:14 -------- d-----w- c:\users\Battery Power\AppData\Local\temp
2009-10-15 14:30 . 2009-10-15 14:30 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-15 12:07 . 2009-10-15 12:07 -------- d-----w- c:\program files\VS Revo Group
2009-10-14 17:15 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 17:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 13:01 . 2009-10-14 13:01 -------- d-----w- c:\program files\JRE
2009-10-14 13:00 . 2009-10-14 13:01 -------- d-----w- c:\program files\OpenOffice.org 3
2009-10-14 11:19 . 2009-10-14 11:19 -------- d-----w- c:\users\Gillianm\AppData\Local\Microsoft Corporation
2009-10-14 11:01 . 2009-10-14 11:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-07 08:27 . 2009-10-07 08:27 -------- d-----w- c:\program files\Audible
2009-10-03 08:13 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 07:34 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 07:34 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 07:34 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 07:34 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 07:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 07:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 07:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 07:33 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 07:33 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-01 07:39 . 2009-10-01 07:39 -------- d-----w- c:\programdata\Messenger Plus!
2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\TechSmith
2009-09-30 12:16 . 2009-09-30 12:16 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-30 11:12 . 2009-09-30 11:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-30 11:11 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-30 11:09 . 2009-09-30 11:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-29 14:25 . 2009-09-29 14:25 -------- d-----w- c:\program files\iPod
2009-09-29 14:25 . 2009-09-29 14:26 -------- d-----w- c:\program files\iTunes
2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\users\Gillianm\Office Genuine Advantage
2009-09-16 07:01 . 2009-09-16 07:01 -------- d-sh--w- c:\windows\system32\%APPDATA%

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 16:15 . 2008-04-05 21:10 -------- d-----w- c:\programdata\Kontiki
2009-10-15 15:56 . 2009-03-02 11:09 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Skype
2009-10-15 15:30 . 2008-02-05 15:42 1356 ----a-w- c:\users\Gillianm\AppData\Local\d3d9caps.dat
2009-10-15 15:17 . 2009-03-02 11:12 -------- d-----w- c:\users\Gillianm\AppData\Roaming\skypePM
2009-10-15 14:28 . 2008-05-01 16:54 -------- d-----w- c:\program files\Lavasoft
2009-10-15 14:28 . 2008-01-24 19:47 -------- d-----w- c:\programdata\Lavasoft
2009-10-15 11:11 . 2007-11-21 11:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 08:56 . 2007-11-18 17:33 -------- d-----w- c:\program files\Microsoft Works
2009-10-14 22:01 . 2007-11-21 09:41 122560 ----a-w- c:\users\Gillianm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-14 21:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 12:59 . 2008-05-21 10:41 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-14 12:55 . 2008-05-21 10:55 -------- d-----w- c:\users\Gillianm\AppData\Roaming\OpenOffice.org2
2009-10-14 11:43 . 2008-10-06 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 23:06 . 2008-07-15 13:16 0 ----a-w- c:\users\Gillianm\AppData\Local\prvlcl.dat
2009-10-13 23:06 . 2008-07-15 12:22 0 ----a-w- c:\users\Battery Power\AppData\Local\prvlcl.dat
2009-10-12 17:58 . 2009-02-25 12:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Spotify
2009-10-01 12:56 . 2008-10-03 13:53 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Image Zone Express
2009-09-30 11:13 . 2007-11-21 10:35 -------- d-----w- c:\program files\Windows Live
2009-09-30 10:22 . 2007-11-21 10:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-30 07:11 . 2008-07-15 11:16 8224 ----a-w- c:\users\Battery Power\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-29 14:25 . 2007-12-27 17:44 -------- d-----w- c:\program files\Common Files\Apple
2009-09-18 21:27 . 2007-12-20 12:03 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Apple Computer
2009-09-17 15:22 . 2007-11-21 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-17 14:44 . 2009-09-01 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 09:48 . 2007-11-21 13:10 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-10 13:54 . 2009-09-01 10:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-09-01 10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:44 . 2009-09-10 13:44 -------- d-----w- c:\program files\##nospam Configuration Utility
2009-09-10 13:42 . 2009-09-10 13:39 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 13:34 . 2009-09-10 13:33 -------- d-----w- c:\program files\QuickTime
2009-09-10 07:56 . 2008-01-08 17:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 06:58 . 2008-11-25 16:39 -------- d-----w- c:\program files\SugarSync
2009-09-07 17:13 . 2007-11-18 17:33 -------- d-----w- c:\program files\CyberLink
2009-09-07 17:09 . 2008-01-12 16:02 -------- d-----w- c:\program files\Nokia
2009-09-01 11:00 . 2009-09-01 11:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Malwarebytes
2009-09-01 10:59 . 2009-09-01 10:59 -------- d-----w- c:\programdata\Malwarebytes
2009-08-29 00:27 . 2009-09-02 20:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 07:45 . 2009-02-04 10:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-27 07:45 . 2008-09-06 17:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 07:45 . 2008-09-06 17:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-27 05:22 . 2009-10-14 17:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 17:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-14 17:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-14 17:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-25 14:30 . 2007-12-20 12:00 -------- d-----w- c:\program files\Safari
2009-08-14 16:27 . 2009-09-09 07:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 07:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 07:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 07:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 07:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 07:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 07:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 07:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 07:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2007-11-21 10:30 . 2007-11-21 10:30 8 --sh--r- c:\windows\System32\AAF25136A3.sys
2009-01-21 18:30 . 2007-11-21 10:30 4704 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-11-19 00:53 . 2007-11-19 00:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-22 171448]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-08-04 31552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"DeskSpace"="c:\program files\DeskSpace\deskspace.exe" [2008-12-04 1157344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"googletalk"="c:\users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2002-07-22 145920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"WireLessMouse"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"WireLessKeyboard"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]

c:\users\Gillianm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2009-7-28 2007040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
SpeedTester.lnk - c:\windows\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe [2008-12-10 33610]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:):9a,b9,20,73,36,f4,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1004]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A3A25361-A337-40D6-8A4E-82510611AC82}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BCF4979C-BAEC-4B43-B0DC-68A2F75A73F0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{456096FC-91EF-4F86-ACC1-B4864B37E12A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5201B59F-8F0C-4965-8B78-2FF06D0E5485}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5AA1E0F2-2061-4DD2-AF37-0637EB85E965}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{74BFFDF8-737C-4130-A81C-B786686FE235}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{0FD1FE1C-3C96-46D7-8BCE-82AED1719F02}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{A11CEFDC-FCA6-4942-A808-FB0CDCCDAEBC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{9C300B0E-B6F5-4B3B-BB43-214FE62B69B8}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{7E5933C2-DF70-49D0-A23B-4A575253B78D}c:\\users\\gillianm\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{2060AE22-EC50-4735-8C1D-6839FD61A7D1}c:\\users\\gillianm\\appdata\\local\\temp\\ixp001.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp001.tmp\smwinvnc.exe:smwinvnc.exe
"TCP Query User{83FD335A-0D16-45A7-9D9E-1B6B5ACE7339}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DA16B58C-7995-46BD-BCB7-E9218E1E1FDB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{44442735-EADD-4D25-BC50-420212EE87B2}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= UDP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"UDP Query User{31F8961C-0985-4B58-8E32-AC71EEF9AA9E}c:\\users\\gillianm\\appdata\\local\\temp\\ixp000.tmp\\smwinvnc.exe"= TCP:c:\users\gillianm\appdata\local\temp\ixp000.tmp\smwinvnc.exe:smwinvnc.exe
"{687871C3-BAFB-412E-BE66-8E6D026BB9E4}"= UDP:c:\program files\TalkTalk\bin\sprtsvc.exe:sprtsvc.exe
"{EEAB5D9A-CD90-4806-9D32-762C3A94E0FD}"= TCP:c:\program files\TalkTalk\bin\sprtsvc.exe:sprtsvc.exe
"{B141A411-435E-4180-B5F8-8449A1983993}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{930C7B7D-6C68-406F-8497-D99BCC3E6DBB}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{E88BC0CF-C0A9-4BEC-B0CD-BA37144BA25C}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{83AB00AF-AAC2-40E4-914D-4B56D56B6F41}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{E3476E94-C497-4E20-A3C5-322887DF719A}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{DA66B3E3-00E3-4103-ABE7-5430418C315E}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{4F00CBA0-DEE1-4D6A-B195-34FB09722327}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{A9ADCAC7-28B7-4F86-B827-06D84F17AF0B}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{42CA3922-1986-4CD7-89B9-7B487FABB9FC}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{A88AD36C-A0DE-4308-9FD6-A4A62C626DD6}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{71986BAD-3810-4455-9287-AF9A8C3BB630}"= UDP:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C0B11AEF-AFA6-4553-9E89-DACEF5468EE7}"= TCP:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{9F0CA105-44DB-4DB4-9963-074EF579C47E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{060FB70E-0A2B-425B-9554-30C0066F65AD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{05006164-B61F-4D60-A14E-76A39AE211B2}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{4D8A1118-E230-4F53-B935-10D5FD6C8252}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify
"{9B6CC949-23B2-4421-8146-0410F183DFC8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CC2DBC02-0391-49EC-8D00-A758B559CFFB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{1D4FD878-508E-4CEF-9D8E-E8134CE40318}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{6BD364E6-BF80-4FD6-8A43-053F10269C89}"= UDP:c:\program files\CalgooConnect\CalgooConnect.exe:CalgooConnect
"{25EAC28C-8BA5-4FC7-8135-271B35CDC186}"= TCP:c:\program files\CalgooConnect\CalgooConnect.exe:CalgooConnect
"{DC6D5A79-0C35-4ED3-8824-AEACD12BD75F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B1A4E05A-0E29-44F0-8AD8-D9A101939C22}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FDF0989B-0B6A-4C5F-8D87-16BA20B12A40}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/09/2008 18:27 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/03/2009 21:18 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [09/10/2008 09:39 12800]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/02/2009 11:13 297752]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [28/03/2008 23:19 208896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/09/2008 15:49 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 10:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\supportsoft\bin\tgsrvc.exe [02/08/2007 15:42 148768]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [07/05/2009 02:21 45288]
R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\System32\drivers\fw220.sys [05/08/2002 05:00 33280]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\TDSupportApp\cdrom_mon.exe [26/02/2009 11:23 81920]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/03/2009 21:18 908056]
S2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [04/03/2009 11:50 266240]
S2 gupdate1c9e9a8d9f6df35;Google Update Service (gupdate1c9e9a8d9f6df35);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2009 09:52 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\System32\drivers\CE6230StandaloneDriver.sys [26/04/2008 12:12 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\System32\drivers\CE6230BDA.sys [26/04/2008 12:12 19328]
S3 CE9500;CE9500.Sys driver;c:\windows\System32\drivers\ce9500.sys [29/11/2007 10:12 114176]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [30/09/2009 12:11 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\System32\drivers\PLCND532.sys [08/08/2007 16:40 26656]
S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [26/02/2009 11:39 65024]
S3 qcusbnmea;WP-S1 NMEA Port;c:\windows\System32\drivers\qcusbnmea.sys [03/10/2007 06:30 65024]
S3 qcusbpcsync;WP-S1 PCSYNC Port;c:\windows\System32\drivers\qcusbpcsync.sys [03/10/2007 06:30 65024]
S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [03/10/2007 06:30 65024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000Core.job
- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000UA.job
- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

2009-10-15 c:\windows\Tasks\User_Feed_Synchronization-{E8E77C39-A6C9-42D3-A152-9C307E0E81E3}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.webexp...s.com/login.jsp
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\CSLSP.DLL
TCP: {23F005BB-A1CE-4B48-A382-D2A638EE7745} = 4.2.2.3 4.2.2.4
FF - ProfilePath - c:\users\Gillianm\AppData\Roaming\Mozilla\Firefox\Profiles\xmh90jmh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT766895&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Gillianm\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Gillianm\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 17:15
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Gillianm\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3088100052-2713238192-65485237-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62F4398-6AB9-8E99-99E4-36DF5A6629E0}*]
"papdpklfojojpiehbdmanghlhiklbhhp"=hex:6a,61,65,6f,68,68,6a,65,63,6a,6f,6c,65,
62,68,62,6d,6d,68,66,00,8b
"abbfffklbdciabekaehppfjofcadgpghcb"=hex:6a,61,6e,6e,6f,67,63,65,6d,6d,65,62,
63,66,6e,62,6b,63,64,6e,00,8b

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}04\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}05\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}06\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}07\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}08\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-15 17:20
ComboFix-quarantined-files.txt 2009-10-15 16:20

Pre-Run: 27,193,450,496 bytes free
Post-Run: 26,996,518,912 bytes free

373 --- E O F --- 2009-10-15 08:31

#6 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 19 October 2009 - 04:54 PM

Hi,

There are some signs of McAfee firewall there. Is it still installed and have you given permission for Ad-Aware to connect internet?

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
Regnull::
[HKEY_USERS\S-1-5-21-3088100052-2713238192-65485237-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62F4398-6AB9-8E99-99E4-36DF5A6629E0}*]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#7 Gilli

Gilli

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 19 October 2009 - 07:24 PM

Hi,

There are some signs of McAfee firewall there. Is it still installed and have you given permission for Ad-Aware to connect internet?

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
Regnull::
[HKEY_USERS\S-1-5-21-3088100052-2713238192-65485237-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62F4398-6AB9-8E99-99E4-36DF5A6629E0}*]
Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



ComboFix 09-10-18.06 - Gillianm 19/10/2009 18:53.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2038.925 [GMT 1:00]
Running from: c:\users\Gillianm\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\Gillianm\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Gillian McKearney\AppData\Local\temp
2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Battery Power\AppData\Local\temp
2009-10-19 18:12 . 2009-10-19 18:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-19 00:16 . 2009-10-19 00:16 -------- d-----w- c:\users\Battery Power\AppData\Local\AVG Security Toolbar
2009-10-18 22:54 . 2009-10-18 22:54 -------- d-----w- c:\users\Battery Power\AppData\Local\MediaDirect
2009-10-18 22:54 . 2009-10-18 22:54 -------- d-----w- c:\users\Battery Power\AppData\Roaming\CyberLink
2009-10-16 09:49 . 2009-10-16 09:49 -------- d-----w- c:\program files\Trend Micro
2009-10-16 09:29 . 2009-10-16 09:29 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-16 01:30 . 2009-10-16 01:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Xobni
2009-10-15 12:07 . 2009-10-15 12:07 -------- d-----w- c:\program files\VS Revo Group
2009-10-14 17:15 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 17:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 13:01 . 2009-10-14 13:01 -------- d-----w- c:\program files\JRE
2009-10-14 13:00 . 2009-10-14 13:01 -------- d-----w- c:\program files\OpenOffice.org 3
2009-10-14 11:19 . 2009-10-14 11:19 -------- d-----w- c:\users\Gillianm\AppData\Local\Microsoft Corporation
2009-10-14 11:01 . 2009-10-14 11:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-07 08:27 . 2009-10-07 08:27 -------- d-----w- c:\program files\Audible
2009-10-03 08:13 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 07:34 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 07:34 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 07:34 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 07:34 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 07:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 07:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 07:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 07:33 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 07:33 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-01 07:39 . 2009-10-01 07:39 -------- d-----w- c:\programdata\Messenger Plus!
2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\TechSmith
2009-09-30 12:16 . 2009-09-30 12:16 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-30 11:12 . 2009-09-30 11:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-30 11:11 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-30 11:09 . 2009-09-30 11:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-29 14:25 . 2009-09-29 14:25 -------- d-----w- c:\program files\iPod
2009-09-29 14:25 . 2009-09-29 14:26 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 18:13 . 2008-04-05 21:10 -------- d-----w- c:\programdata\Kontiki
2009-10-19 18:13 . 2009-03-02 11:09 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Skype
2009-10-19 16:36 . 2007-11-21 10:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-19 15:01 . 2009-03-02 11:12 -------- d-----w- c:\users\Gillianm\AppData\Roaming\skypePM
2009-10-19 01:06 . 2008-07-15 13:16 0 ----a-w- c:\users\Gillianm\AppData\Local\prvlcl.dat
2009-10-19 01:06 . 2008-07-15 12:22 0 ----a-w- c:\users\Battery Power\AppData\Local\prvlcl.dat
2009-10-18 22:54 . 2008-07-15 11:16 122560 ----a-w- c:\users\Battery Power\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-17 18:26 . 2009-02-25 12:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Spotify
2009-10-16 09:28 . 2008-05-01 16:54 -------- d-----w- c:\program files\Lavasoft
2009-10-16 09:28 . 2008-01-24 19:47 -------- d-----w- c:\programdata\Lavasoft
2009-10-16 01:30 . 2009-06-03 10:20 -------- d-----w- c:\program files\Xobni
2009-10-15 15:30 . 2008-02-05 15:42 1356 ----a-w- c:\users\Gillianm\AppData\Local\d3d9caps.dat
2009-10-15 11:11 . 2007-11-21 11:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 08:56 . 2007-11-18 17:33 -------- d-----w- c:\program files\Microsoft Works
2009-10-14 22:01 . 2007-11-21 09:41 122560 ----a-w- c:\users\Gillianm\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-14 21:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 12:59 . 2008-05-21 10:41 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-14 12:55 . 2008-05-21 10:55 -------- d-----w- c:\users\Gillianm\AppData\Roaming\OpenOffice.org2
2009-10-14 11:43 . 2008-10-06 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 12:56 . 2008-10-03 13:53 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Image Zone Express
2009-09-30 11:13 . 2007-11-21 10:35 -------- d-----w- c:\program files\Windows Live
2009-09-29 14:25 . 2007-12-27 17:44 -------- d-----w- c:\program files\Common Files\Apple
2009-09-18 21:27 . 2007-12-20 12:03 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Apple Computer
2009-09-17 15:22 . 2007-11-21 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-17 14:44 . 2009-09-01 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 08:29 . 2009-09-16 08:29 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-15 09:48 . 2007-11-21 13:10 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-10 13:54 . 2009-09-01 10:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-09-01 10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:44 . 2009-09-10 13:44 -------- d-----w- c:\program files\##nospam Configuration Utility
2009-09-10 13:42 . 2009-09-10 13:39 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 13:34 . 2009-09-10 13:33 -------- d-----w- c:\program files\QuickTime
2009-09-10 07:56 . 2008-01-08 17:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 06:58 . 2008-11-25 16:39 -------- d-----w- c:\program files\SugarSync
2009-09-07 17:13 . 2007-11-18 17:33 -------- d-----w- c:\program files\CyberLink
2009-09-07 17:09 . 2008-01-12 16:02 -------- d-----w- c:\program files\Nokia
2009-09-01 11:00 . 2009-09-01 11:00 -------- d-----w- c:\users\Gillianm\AppData\Roaming\Malwarebytes
2009-09-01 10:59 . 2009-09-01 10:59 -------- d-----w- c:\programdata\Malwarebytes
2009-08-29 00:27 . 2009-09-02 20:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 07:45 . 2009-02-04 10:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-27 07:45 . 2008-09-06 17:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 07:45 . 2008-09-06 17:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-27 05:22 . 2009-10-14 17:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 17:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-14 17:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-14 17:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-25 14:30 . 2007-12-20 12:00 -------- d-----w- c:\program files\Safari
2009-08-14 16:27 . 2009-09-09 07:39 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 07:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 07:39 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 07:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 07:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 07:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 07:39 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 07:39 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 07:39 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 07:39 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2007-11-21 10:30 . 2007-11-21 10:30 8 --sh--r- c:\windows\System32\AAF25136A3.sys
2009-01-21 18:30 . 2007-11-21 10:30 4704 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-11-19 00:53 . 2007-11-19 00:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-15_16.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-18 17:39 . 2009-10-19 17:12 93254 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-11-21 09:42 . 2009-10-19 17:12 19138 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3088100052-2713238192-65485237-1000_UserData.bin
- 2007-11-21 09:40 . 2009-10-15 15:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-21 09:40 . 2009-10-19 17:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-11-21 09:40 . 2009-10-19 17:11 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-21 09:40 . 2009-10-15 15:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-21 09:40 . 2009-10-15 15:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-21 09:40 . 2009-10-19 17:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-21 12:57 . 2009-10-19 17:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-21 12:57 . 2009-10-15 15:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-21 12:57 . 2009-07-30 09:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-21 12:57 . 2009-10-15 17:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-21 12:57 . 2009-10-15 17:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-21 12:57 . 2009-07-30 09:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-11-22 00:19 . 2009-10-19 16:50 5058 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-07-15 11:15 . 2009-10-18 22:56 3670 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3088100052-2713238192-65485237-1004_UserData.bin
+ 2009-10-19 17:08 . 2009-10-19 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-15 07:39 . 2009-10-15 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-19 17:08 . 2009-10-19 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-15 07:39 . 2009-10-15 15:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:02 . 2009-10-19 17:12 133690 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-16 07:01 . 2009-10-19 17:08 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-09-16 07:01 . 2009-10-15 15:27 245760 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-07-30 09:19 . 2009-07-30 09:19 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-30 09:19 . 2009-10-15 17:54 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-16 09:29 . 2009-10-16 09:29 1860608 c:\windows\Installer\13e76b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" [2003-06-03 122948]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-22 171448]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-08-04 31552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"DeskSpace"="c:\program files\DeskSpace\deskspace.exe" [2008-12-04 1157344]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"googletalk"="c:\users\Gillianm\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"McAfee Guardian"="c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2002-07-22 145920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"WireLessMouse"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"WireLessKeyboard"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]

c:\users\Gillianm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Back2zip.lnk - c:\program files\Back2zip\Back2zip.exe [2009-7-28 2007040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
SpeedTester.lnk - c:\windows\Installer\{32729FF3-AD6A-45CC-8E55-E1916420F7F1}\_7EA94809FE219030A883C8.exe [2008-12-10 33610]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:):9a,b9,20,73,36,f4,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3088100052-2713238192-65485237-1004]
"EnableNotificationsRef"=dword:00000001

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/09/2008 18:27 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/03/2009 21:18 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [09/10/2008 09:39 12800]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/03/2009 21:18 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/02/2009 11:13 297752]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [28/03/2008 23:19 208896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/09/2008 15:49 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 10:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\supportsoft\bin\tgsrvc.exe [02/08/2007 15:42 148768]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [07/05/2009 02:21 46824]
R3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\System32\drivers\fw220.sys [05/08/2002 05:00 33280]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\TDSupportApp\cdrom_mon.exe [26/02/2009 11:23 81920]
S2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [04/03/2009 11:50 266240]
S2 gupdate1c9e9a8d9f6df35;Google Update Service (gupdate1c9e9a8d9f6df35);c:\program files\Google\Update\GoogleUpdate.exe [10/06/2009 09:52 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\System32\drivers\CE6230StandaloneDriver.sys [26/04/2008 12:12 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\System32\drivers\CE6230BDA.sys [26/04/2008 12:12 19328]
S3 CE9500;CE9500.Sys driver;c:\windows\System32\drivers\ce9500.sys [29/11/2007 10:12 114176]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [30/09/2009 12:11 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\System32\drivers\PLCND532.sys [08/08/2007 16:40 26656]
S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\System32\drivers\qcusbmdm6k.sys [26/02/2009 11:39 65024]
S3 qcusbnmea;WP-S1 NMEA Port;c:\windows\System32\drivers\qcusbnmea.sys [03/10/2007 06:30 65024]
S3 qcusbpcsync;WP-S1 PCSYNC Port;c:\windows\System32\drivers\qcusbpcsync.sys [03/10/2007 06:30 65024]
S3 qcusbser6k;WP-S1 Diagnostic Port;c:\windows\System32\drivers\qcusbser6k.sys [03/10/2007 06:30 65024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 01:05]

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000Core.job
- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

2009-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3088100052-2713238192-65485237-1000UA.job
- c:\users\Gillianm\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 07:58]

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{E8E77C39-A6C9-42D3-A152-9C307E0E81E3}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.webexp...s.com/login.jsp
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\CSLSP.DLL
TCP: {23F005BB-A1CE-4B48-A382-D2A638EE7745} = 4.2.2.3 4.2.2.4
FF - ProfilePath - c:\users\Gillianm\AppData\Roaming\Mozilla\Firefox\Profiles\xmh90jmh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT766895&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 19:13
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}01\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}02\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}03\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}04\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}05\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}06\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}07\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}08\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-19 19:20
ComboFix-quarantined-files.txt 2009-10-19 18:20
ComboFix2.txt 2009-10-16 08:56
ComboFix3.txt 2009-10-15 16:20

Pre-Run: 26,937,790,464 bytes free
Post-Run: 26,619,883,520 bytes free

- - End Of File - - 102FCE699214EF5841B62FEC2D4B73F3

#8 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 19 October 2009 - 08:29 PM

You didn't reply my question about firewall yet.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#9 Gilli

Gilli

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 19 October 2009 - 10:44 PM

You didn't reply my question about firewall yet.


Sorry yes I still have the firewall and ad-aware is allowed all access.

Thanks for your help on this BTW

#10 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 20 October 2009 - 09:56 AM

Hi,

If you disable McAfee FW is Ad-Aware able to connect? If not, try to reinstall Ad-Aware.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#11 Gilli

Gilli

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 22 October 2009 - 10:41 AM

Hi,

If you disable McAfee FW is Ad-Aware able to connect? If not, try to reinstall Ad-Aware.


Still Cannot connect to service

I disabled Firewall and no joy
I uninstalled Ad Aware and reinstalled with firewall still disabled no joy

#12 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 22 October 2009 - 02:05 PM

Hi,

Just to narrow things down a bit, does updating work properly with your antivirus software or does it have similar connection issues?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#13 Gilli

Gilli

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 23 October 2009 - 08:58 AM

Hi,

Just to narrow things down a bit, does updating work properly with your antivirus software or does it have similar connection issues?


HI No Updating Anti Virus works without issue.

Gilli

#14 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 23 October 2009 - 03:50 PM

Hi,

In that case, it could be Ad-Aware related issue. I recommend to open a topic at your version's subforum here.

Lets uninstall ComboFix first though:
  • Click START then RUN
  • Now copy-paste "c:\users\Gillianm\Documents\Downloads\ComboFix.exe" /u in the runbox and click OK

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#15 Gilli

Gilli

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 29 October 2009 - 06:09 PM

Hi,

In that case, it could be Ad-Aware related issue. I recommend to open a topic at your version's subforum here.

Lets uninstall ComboFix first though:

  • Click START then RUN
  • Now copy-paste "c:\users\Gillianm\Documents\Downloads\ComboFix.exe" /u in the runbox and click OK


Hi Not to worry Have just updated Windows to Windows 7 and all works fine now

Thanks for your help anyway

#16 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 29 October 2009 - 06:10 PM

Ok. Thanks for letting us know :)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users