computer virus

Status
Not open for further replies.
M

matt boyd

Baseband Member
Messages
47
hey guys, just signed up to this forum for alittle bit of help!! i seem to have some sort of vrus on my computer which is alittle annoying! this is a brief outline of whats wrong>>
the time/date gets changed everytime i switch the computer on, when going onto a website the certificate/secure bit gets blocked and i get asked if i want to proceed as it may not be safe to do so, in other words the bar at the top which wouldn ormaly be green meaning its ok is now red on every website, something on my security certificate seems to have ben changed or is getting blocked, if i go into google and type in a website and click the link i get redirected to any random website so its a nightmare trying to get into a link! if i go into pandora(the online radio station) a white box appears over the page not alowing me to view my stations, if i go onto another online radio station it now says, not able to connect or will connect for a few seconds then comes up with that message.....i also had acople days ago the microsoft certificate come up telling my to activate my software! i've had the software on this computer for approx 5-6 years!! so not sureif its related? i had something else from microsoft come up too, but can't remember right now what it was..so yeah, randome things are happening..more annoying than anything really!
i'm running windows xp, explorer 8, all my updates are..upto date, i run avg, spybot, adaware and recently have used the malwarebytes...heres the first log>>

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4163

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/1/2002 12:45:56 AM
mbam-log-2002-01-01 (00-45-56).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 240240
Time elapsed: 1 hour(s), 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\JOANNE\Application Data\Move Networks\MoveMediaPlayer_07103010.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


i ran it again after i restarted the computer and this is the second log>>

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4164

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/1/2002 1:18:07 AM
mbam-log-2002-01-01 (01-18-07).txt

Scan type: Quick scan
Objects scanned: 146823
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



so as you can see it didn;t pick anything up the second time around, avg doesn't pick anything up period, spybot picks up something>>>>>>
Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

and thats everyime i run spybot, so its not fixing the problem if it is a problem(i read on the internet its not abig deal ).

so, i still have the exact same problems as before even running the programmes etc! any suggestions as to how i can get my computer back to running normal again??

thanks
matt
 
ComboFix 10-06-03.01 - JOANNE 01/01/2002 6:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1435 [GMT -5:00]
Running from: c:\documents and settings\JOANNE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JOANNE\mqdmbus.sys
c:\documents and settings\JOANNE\mqdmcmnt.sys
c:\documents and settings\JOANNE\mqdmcr.sys
c:\documents and settings\JOANNE\mqdmmdfl.sys
c:\documents and settings\JOANNE\mqdmmdm.sys
c:\documents and settings\JOANNE\mqdmserd.sys
c:\documents and settings\JOANNE\mqdmwhnt.sys
c:\documents and settings\JOANNE\usbsermpt.sys
c:\documents and settings\JOANNE\usbsermptxp.sys
c:\program files\Ahead\Nero\CDCopy.dll
c:\program files\Ahead\Nero\cdr100.dll
c:\program files\Ahead\Nero\cdr50s.dll
c:\program files\Ahead\Nero\CDROM.dll
c:\program files\Ahead\Nero\cdu920.dll
c:\program files\Ahead\Nero\cr2200cs.dll
c:\program files\Ahead\Nero\Dws114x.dll
c:\program files\Ahead\Nero\Equalize.dll
c:\program files\Ahead\Nero\GENCUSH.dll
c:\program files\Ahead\Nero\Generatr.dll
c:\program files\Ahead\Nero\geniso.dll
c:\program files\Ahead\Nero\GenPCHy.dll
c:\program files\Ahead\Nero\GenUDF.dll
c:\program files\Ahead\Nero\image.dll
c:\program files\Ahead\Nero\ImageGen.dll
c:\program files\Ahead\Nero\ims.dll
c:\program files\Ahead\Nero\ISOFS.dll
c:\program files\Ahead\Nero\MMC.dll
c:\program files\Ahead\Nero\NeMP3Dmo.dll
c:\program files\Ahead\Nero\NeMP3Hlp.dll
c:\program files\Ahead\Nero\NeroDb.dll
c:\program files\Ahead\Nero\NeroErr.dll
c:\program files\Ahead\Nero\neroscsi.dll
c:\program files\Ahead\Nero\NeRSDB.dll
c:\program files\Ahead\Nero\newtrf.dll
c:\program files\Ahead\Nero\ro1420c.dll
c:\program files\Ahead\Nero\UDFImporter.dll
c:\program files\Ahead\Nero\VMPEGEnc.dll
c:\windows\system\winspool.drv
c:\windows\system32\Vb40032.dll

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll

.
((((((((((((((((((((((((( Files Created from 2001-12-01 to 2002-01-01 )))))))))))))))))))))))))))))))
.

2010-06-02 03:51 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\JOANNE\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-02 03:51 . 2010-06-02 03:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-02 03:51 . 2010-06-02 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-02 03:51 . 2010-06-02 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-06-02 03:50 . 2010-06-02 03:50 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-02 03:50 . 2010-06-02 03:50 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-02 03:50 . 2010-06-02 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-01 07:31 . 2010-06-01 07:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-01 04:34 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-01 04:34 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-28 22:59 . 2010-05-28 22:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-23 23:30 . 2010-05-23 23:30 503808 ----a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-52d22d20-n\msvcp71.dll
2010-05-23 23:30 . 2010-05-23 23:30 499712 ----a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-52d22d20-n\jmc.dll
2010-05-23 23:30 . 2010-05-23 23:30 348160 ----a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-52d22d20-n\msvcr71.dll
2010-03-22 14:24 . 2010-06-02 04:01 439816 ----a-w- c:\documents and settings\JOANNE\Application Data\Real\Update\setup3.10\setup.exe
2010-03-11 15:53 . 2010-03-11 15:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 15:51 . 2010-03-11 15:55 -------- d-----w- C:\$AVG
2010-03-11 15:50 . 2002-01-01 04:07 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-11 15:50 . 2010-03-11 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-27 02:03 . 2010-03-18 15:11 -------- d-----w- c:\documents and settings\JOANNE\Local Settings\Application Data\Temp
2010-02-05 15:03 . 2010-02-05 15:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-26 06:48 . 2010-01-26 06:48 116096 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-26 05:11 . 2010-01-26 05:11 -------- d-----w- c:\documents and settings\JOANNE\Local Settings\Application Data\Sanford,_L.P
2010-01-26 00:25 . 2010-01-26 00:30 -------- d-----w- c:\documents and settings\JOANNE\Local Settings\Application Data\DYMO
2010-01-26 00:18 . 2009-05-20 19:06 9216 ----a-w- c:\windows\system32\LW400MON.DLL
2010-01-26 00:17 . 2010-01-26 00:17 -------- d-----w- c:\program files\DYMO
2010-01-26 00:17 . 2010-01-26 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DYMO
2010-01-13 14:01 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2009-12-16 18:43 . 2009-12-16 18:43 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08 . 2009-12-14 07:08 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-11-27 17:11 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:07 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07 . 2009-11-27 16:07 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-08 06:04 . 2009-11-08 06:03 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-08 06:02 . 2009-11-08 06:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-08 06:02 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-26 16:34 . 2009-10-26 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-21 05:38 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-09-30 17:53 . 2009-09-30 17:53 -------- d-----w- c:\program files\MSECache
2009-09-24 04:40 . 2009-09-24 04:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-22 04:35 . 2009-09-22 04:35 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-22 04:25 . 2009-09-22 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-04 21:03 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-21 05:05 . 2009-07-21 05:05 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 16:22 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-07-16 02:22 . 2003-05-22 20:31 55808 ----a-w- c:\windows\system32\lfpsd13n.dll
2009-06-25 08:25 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 08:25 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-06-24 11:18 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 14:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-06-12 12:31 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-06-11 14:19 . 2009-06-11 14:19 152576 ----a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 13:19 . 2009-06-10 13:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 06:14 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-05-07 15:32 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-05-01 15:18 . 2002-01-01 12:06 -------- d-----w- c:\documents and settings\JOANNE\Application Data\ZoomBrowser EX
2009-05-01 15:18 . 2002-01-01 12:06 -------- d-----w- c:\documents and settings\JOANNE\Application Data\CameraWindowDC
2009-05-01 15:18 . 2009-05-01 15:18 -------- d-----w- c:\documents and settings\JOANNE\Application Data\CANON INC
2009-05-01 15:17 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-01 15:17 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-04-15 22:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-04-15 22:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 22:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 22:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 22:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-04-15 22:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 22:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-04-15 22:35 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:51 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-07 03:01 . 2009-04-07 03:01 152576 -c--a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-30 03:26 . 2009-03-30 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-03-30 03:25 . 2009-03-30 03:27 -------- d-----w- c:\program files\Canon
2009-03-30 03:24 . 2009-03-30 03:24 -------- d-----w- c:\program files\Common Files\Canon
2009-03-08 09:33 . 2009-03-08 09:33 18944 -c----w- c:\windows\system32\dllcache\corpol.dll
2009-02-23 15:59 . 2003-11-04 20:11 159744 ----a-w- c:\windows\system32\lfpng13n.dll
2009-02-10 16:12 . 2009-02-10 16:12 -------- d-----w- c:\program files\Quicksys
2009-02-05 16:22 . 2002-01-01 04:00 -------- d-----w- c:\windows\SxsCaPendDel
2009-02-04 17:57 . 2010-01-27 18:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-02-04 16:52 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-02-04 16:43 . 2009-02-04 16:43 -------- d-sh--w- c:\documents and settings\JOANNE\IECompatCache
2009-02-04 16:42 . 2009-02-04 16:42 -------- d-sh--w- c:\documents and settings\JOANNE\IETldCache
2009-02-04 16:34 . 2009-03-08 09:35 2048 -c--a-w- c:\windows\system32\dllcache\iecompat.dll
2009-02-03 19:59 . 2009-06-25 08:25 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-01-20 17:09 . 2009-01-20 17:11 -------- d-----w- c:\documents and settings\JOANNE\Application Data\Weather Clock
2009-01-20 17:09 . 2009-01-20 17:09 -------- d-----w- c:\program files\Weather Clock
2009-01-20 17:02 . 2009-01-20 17:02 -------- d-----w- c:\program files\AccuWeatherDesktop
2009-01-19 15:45 . 2009-01-19 15:45 -------- d-----w- c:\documents and settings\JOANNE\Application Data\Panasonic
2009-01-19 15:45 . 2009-01-19 15:45 -------- d-----w- C:\MC_TMP
2009-01-19 15:33 . 2007-06-15 17:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2009-01-19 15:33 . 2007-06-15 17:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2009-01-19 15:33 . 2006-02-21 00:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2009-01-19 15:33 . 2004-11-19 23:21 36864 ----a-w- c:\windows\system32\sddevmgr.dll
2009-01-19 15:33 . 2009-01-19 15:33 -------- d-----w- c:\program files\Panasonic
2009-01-07 23:20 . 2009-01-07 23:20 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 23:20 . 2009-01-07 23:20 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 23:20 . 2009-01-07 23:20 1497088 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2009-01-07 23:20 . 2009-01-07 23:20 1022976 -c----w- c:\windows\system32\dllcache\browseui.dll
2009-01-02 18:52 . 2010-01-21 17:10 -------- d-----w- c:\program files\Microsoft Silverlight
2008-12-19 07:28 . 2010-05-28 20:49 -------- d-----w- c:\windows\ie8updates
2008-12-16 12:30 . 2009-08-25 09:17 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2008-12-05 07:58 . 2009-05-21 15:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2008-12-05 07:57 . 2008-12-05 07:57 152576 -c--a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2008-12-05 06:44 . 2008-08-30 05:53 151552 ----a-w- c:\windows\system32\securenet.dll
2008-11-28 15:52 . 2008-11-28 15:52 -------- d-sh--w- c:\documents and settings\JOANNE\PrivacIE
2008-11-26 17:40 . 2008-11-26 17:40 -------- d-----w- c:\documents and settings\JOANNE\Local Settings\Application Data\K-Meleon
2008-11-26 17:40 . 2008-11-26 17:40 -------- d-----w- c:\documents and settings\JOANNE\Application Data\K-Meleon
2008-11-26 17:39 . 2008-11-26 17:39 -------- d-----w- c:\program files\K-Meleon
2008-11-12 18:06 . 2008-11-12 18:06 -------- d-----w- c:\documents and settings\JOANNE\Application Data\AdobeAUM
2008-11-12 18:05 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:05 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2008-10-23 12:36 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2008-10-15 17:48 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2008-10-15 17:48 . 2009-08-14 13:21 1850624 -c----w- c:\windows\system32\dllcache\win32k.sys
2008-10-15 17:47 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 17:47 . 2010-02-16 13:25 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

.
 
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 20:39 . 2002-01-01 04:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2002-01-01 04:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15 . 2003-03-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2003-03-31 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-03-31 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 15:01 . 2004-11-03 13:23 691712 ----a-w- c:\windows\system32\inetcomm.dll
2010-01-26 00:25 . 2010-01-26 00:17 17444 --sh--r- c:\program files\uninstall.log
2010-01-13 14:01 . 2003-03-31 12:00 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 06:59 . 2003-03-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 18:43 . 2004-11-03 13:22 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-03-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2003-03-31 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 06:10 . 2009-11-15 06:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-11-15 06:10 . 2009-11-15 06:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-10-26 16:34 . 2004-11-03 14:57 -------- d-----w- c:\program files\Common Files\Real
2009-10-21 05:38 . 2005-12-28 15:54 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2005-12-28 15:54 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28 . 2003-03-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-15 16:28 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-13 10:30 . 2003-03-31 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2003-03-31 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-24 04:58 . 2009-09-24 04:58 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 13:21 . 2003-03-31 12:00 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-08-06 23:24 . 2004-11-03 13:22 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2003-03-31 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-11-03 13:22 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 15:05 . 2008-07-09 22:02 1372672 ------w- c:\windows\system32\msxml6.dll
2009-07-31 04:35 . 2003-03-31 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2003-03-31 12:00 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 03:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25 . 2003-03-31 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-03-31 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-03-31 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-03-31 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18 . 2003-03-31 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2003-03-31 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 13:19 . 2004-11-03 13:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-03-31 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 03:02 . 2004-08-04 07:56 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-08 09:34 . 2003-03-31 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2003-03-31 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 09:32 . 2003-03-31 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2003-03-31 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2003-03-31 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2003-03-31 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2003-03-31 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2003-03-31 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2004-11-03 13:21 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10 . 2004-11-03 13:21 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10 . 2003-03-31 12:00 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-03-31 12:00 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-06 11:11 . 2003-03-31 12:00 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39 . 2003-03-31 12:00 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 10:10 . 2004-11-03 13:21 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-05 16:23 . 2009-02-05 16:23 -------- d-----w- c:\program files\MSBuild
2009-02-05 16:23 . 2009-02-05 16:23 -------- d-----w- c:\program files\Reference Assemblies
2009-01-19 16:48 . 2004-11-03 14:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2008-10-23 12:36 . 2003-03-31 12:00 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-08-14 10:04 . 2003-03-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-09 22:23 . 2004-11-03 13:24 76487 -c--a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2008-07-06 12:06 . 2009-02-05 16:22 575488 ------w- c:\windows\system32\xpsshhdr.dll
2008-07-06 12:06 . 2009-02-05 16:22 117760 ------w- c:\windows\system32\prntvpt.dll
2008-07-06 12:06 . 2009-02-05 16:22 1676288 ------w- c:\windows\system32\xpssvcs.dll
2008-06-24 22:12 . 2006-10-19 02:47 295936 ------w- c:\windows\system32\wmpeffects.dll
2008-06-20 17:46 . 2003-03-31 12:00 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2003-03-31 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-18 10:03 . 2003-03-31 12:00 938496 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2003-03-31 12:00 100864 ----a-w- c:\windows\system32\logagent.exe
2008-06-13 11:05 . 2005-12-28 15:54 272128 ------w- c:\windows\system32\drivers\bthport.sys
2008-06-12 14:23 . 2004-11-03 13:22 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2008-06-12 14:23 . 2004-11-03 13:22 956928 ----a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23 . 2004-11-03 13:22 58880 ----a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23 . 2004-11-03 13:21 428032 ----a-w- c:\windows\system32\msdtcprx.dll
2008-05-30 18:19 . 2008-08-05 18:40 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2008-05-30 18:18 . 2008-08-05 18:40 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2008-05-30 18:17 . 2008-08-05 18:40 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2008-05-30 18:17 . 2008-08-05 18:40 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2008-05-30 18:11 . 2008-08-05 18:40 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2008-05-30 18:11 . 2008-08-05 18:40 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2008-05-30 18:11 . 2008-08-05 18:40 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 860160]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-06 20034600]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"WeatherClock"="c:\program files\Weather Clock\WeatherClock.exe" [2008-11-22 2266112]
"DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-06-24 1882360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mailstation Assistant"="c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant minimize" [X]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2001-08-08 43520]
"Ulead Memory Card Detector"="c:\program files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" [2002-09-10 28672]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-24 155648]
"FLMOFFICE4DMOUSE"="c:\program files\Office Mouse\moffice.exe" [2005-12-14 811008]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-28 122368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-26 198160]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-06-24 55808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AccuWeather.comr Desktop.lnk - c:\windows\Installer\{DEF1F36E-871C-4B5A-B42C-700A963B71FA}\_14092034.exe [2009-1-20 766]
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-11-3 82026]
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2009-1-19 161160]
GSPTray.lnk - c:\gsp\Software\GspTray.exe [2006-1-16 327680]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2004-11-3 233472]
Sitecom WL-115 Utility.lnk - c:\program files\Sitecom\Sitecom Wireless Network PCI Adapter 54G WL-115\Installer\WINXP\WLANUTL.exe [2005-12-9 765952]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]
Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-9-20 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-11 15:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pitney Bowes\\mailstation 2\\mailstationAssistant.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/4/2009 11:52 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/12/2008 12:39 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/11/2010 10:50 AM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/11/2010 10:53 AM 308064]
R2 EdgeStat;EdgeStat;c:\windows\system32\drivers\edgestat.sys [1/16/2006 7:52 AM 6912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
R3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2/4/2008 5:09 PM 20600]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 12:21 AM 135664]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/3/2004 12:02 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/3/2004 12:02 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/3/2004 12:02 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/3/2004 12:02 PM 10368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/27/2008 6:44 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/27/2008 6:44 PM 7680]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\JOANNE\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\JOANNE\LOCALS~1\Temp\pfsvgae.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2002-01-01 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:02]

2002-01-01 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:02]

2002-01-01 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:02]

2002-01-01 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:02]

2010-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:20]

2010-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:20]

2010-06-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-11-03 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tiscali.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyServer = localhost:7000
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\JOANNE\Application Data\Mozilla\Firefox\Profiles\oy9k754b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Weather Clock - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2002-01-01 07:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5752)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\program files\Office Mouse\MOUDL32A.DLL
c:\windows\system32\ieframe.dll
c:\program files\Weather Clock\Clock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wfxsnt40.exe
c:\windows\AGRSMMSG.exe
c:\windows\ALCXMNTR.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Office Mouse\MOUSE32A.DAT
c:\program files\AccuWeatherDesktop\AccuWeatherDesktop.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
**************************************************************************
.
Completion time: 2002-01-01 07:07:11 - machine was rebooted
ComboFix-quarantined-files.txt 2002-01-01 12:06

Pre-Run: 148,721,041,408 bytes free
Post-Run: 149,765,554,176 bytes free

- - End Of File - - 53711E2125036306246FCD86BF74303B
 
ComboFix 10-06-03.01 - JOANNE 01/01/2002 6:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1435 [GMT -5:00]
Running from: c:\documents and settings\JOANNE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JOANNE\mqdmbus.sys
c:\documents and settings\JOANNE\mqdmcmnt.sys
c:\documents and settings\JOANNE\mqdmcr.sys
c:\documents and settings\JOANNE\mqdmmdfl.sys
c:\documents and settings\JOANNE\mqdmmdm.sys
c:\documents and settings\JOANNE\mqdmserd.sys
c:\documents and settings\JOANNE\mqdmwhnt.sys
c:\documents and settings\JOANNE\usbsermpt.sys
c:\documents and settings\JOANNE\usbsermptxp.sys
c:\program files\Ahead\Nero\CDCopy.dll
c:\program files\Ahead\Nero\cdr100.dll
c:\program files\Ahead\Nero\cdr50s.dll
c:\program files\Ahead\Nero\CDROM.dll
c:\program files\Ahead\Nero\cdu920.dll
c:\program files\Ahead\Nero\cr2200cs.dll
c:\program files\Ahead\Nero\Dws114x.dll
c:\program files\Ahead\Nero\Equalize.dll
c:\program files\Ahead\Nero\GENCUSH.dll
c:\program files\Ahead\Nero\Generatr.dll
c:\program files\Ahead\Nero\geniso.dll
c:\program files\Ahead\Nero\GenPCHy.dll
c:\program files\Ahead\Nero\GenUDF.dll
c:\program files\Ahead\Nero\image.dll
c:\program files\Ahead\Nero\ImageGen.dll
c:\program files\Ahead\Nero\ims.dll
c:\program files\Ahead\Nero\ISOFS.dll
c:\program files\Ahead\Nero\MMC.dll
c:\program files\Ahead\Nero\NeMP3Dmo.dll
c:\program files\Ahead\Nero\NeMP3Hlp.dll
c:\program files\Ahead\Nero\NeroDb.dll
c:\program files\Ahead\Nero\NeroErr.dll
c:\program files\Ahead\Nero\neroscsi.dll
c:\program files\Ahead\Nero\NeRSDB.dll
c:\program files\Ahead\Nero\newtrf.dll
c:\program files\Ahead\Nero\ro1420c.dll
c:\program files\Ahead\Nero\UDFImporter.dll
c:\program files\Ahead\Nero\VMPEGEnc.dll
c:\windows\system\winspool.drv
c:\windows\system32\Vb40032.dll

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll

.
((((((((((((((((((((((((( Files Created from 2001-12-01 to 2002-01-01 )))))))))))))))))))))))))))))))
.

2010-06-02 03:51 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\JOANNE\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-02 03:51 . 2010-06-02 03:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-02 03:51 . 2010-06-02 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-02 03:51 . 2010-06-02 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-06-02 03:50 . 2010-06-02 03:50 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-02 03:50 . 2010-06-02 03:50 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-02 03:50 . 2010-06-02 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-01 07:31 . 2010-06-01 07:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-01 04:34 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-01 04:34 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-28 22:59 . 2010-05-28 22:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-23 23:30 . 2010-05-23 23:30 503808 ----a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-52d22d20-n\msvcp71.dll
2010-05-23 23:30 . 2010-05-23 23:30 499712 ----a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-52d22d20-n\jmc.dll
2010-05-23 23:30 . 2010-05-23 23:30 348160 ----a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-52d22d20-n\msvcr71.dll
2010-03-22 14:24 . 2010-06-02 04:01 439816 ----a-w- c:\documents and settings\JOANNE\Application Data\Real\Update\setup3.10\setup.exe
2010-03-11 15:53 . 2010-03-11 15:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 15:51 . 2010-03-11 15:55 -------- d-----w- C:\$AVG
2010-03-11 15:50 . 2002-01-01 04:07 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-11 15:50 . 2010-03-11 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-27 02:03 . 2010-03-18 15:11 -------- d-----w- c:\documents and settings\JOANNE\Local Settings\Application Data\Temp
2010-02-05 15:03 . 2010-02-05 15:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-26 06:48 . 2010-01-26 06:48 116096 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-26 05:11 . 2010-01-26 05:11 -------- d-----w- c:\documents and settings\JOANNE\Local Settings\Application Data\Sanford,_L.P
2010-01-26 00:25 . 2010-01-26 00:30 -------- d-----w- c:\documents and settings\JOANNE\Local Settings\Application Data\DYMO
2010-01-26 00:18 . 2009-05-20 19:06 9216 ----a-w- c:\windows\system32\LW400MON.DLL
2010-01-26 00:17 . 2010-01-26 00:17 -------- d-----w- c:\program files\DYMO
2010-01-26 00:17 . 2010-01-26 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DYMO
2010-01-13 14:01 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2009-12-16 18:43 . 2009-12-16 18:43 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08 . 2009-12-14 07:08 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-11-27 17:11 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:07 . 2009-11-27 16:07 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07 . 2009-11-27 16:07 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07 . 2009-11-27 16:07 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-08 06:04 . 2009-11-08 06:03 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-08 06:02 . 2009-11-08 06:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-08 06:02 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-26 16:34 . 2009-10-26 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-21 05:38 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-09-30 17:53 . 2009-09-30 17:53 -------- d-----w- c:\program files\MSECache
2009-09-24 04:40 . 2009-09-24 04:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-22 04:35 . 2009-09-22 04:35 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-22 04:25 . 2009-09-22 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-04 21:03 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-21 05:05 . 2009-07-21 05:05 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 16:22 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-07-16 02:22 . 2003-05-22 20:31 55808 ----a-w- c:\windows\system32\lfpsd13n.dll
2009-06-25 08:25 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 08:25 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-06-24 11:18 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 14:36 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-06-12 12:31 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-06-11 14:19 . 2009-06-11 14:19 152576 ----a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 13:19 . 2009-06-10 13:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 06:14 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-05-07 15:32 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-05-01 15:18 . 2002-01-01 12:06 -------- d-----w- c:\documents and settings\JOANNE\Application Data\ZoomBrowser EX
2009-05-01 15:18 . 2002-01-01 12:06 -------- d-----w- c:\documents and settings\JOANNE\Application Data\CameraWindowDC
2009-05-01 15:18 . 2009-05-01 15:18 -------- d-----w- c:\documents and settings\JOANNE\Application Data\CANON INC
2009-05-01 15:17 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-01 15:17 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-04-15 22:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-04-15 22:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 22:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 22:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 22:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-04-15 22:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 22:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-04-15 22:35 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:51 . 2009-04-15 14:51 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-07 03:01 . 2009-04-07 03:01 152576 -c--a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-30 03:26 . 2009-03-30 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-03-30 03:25 . 2009-03-30 03:27 -------- d-----w- c:\program files\Canon
2009-03-30 03:24 . 2009-03-30 03:24 -------- d-----w- c:\program files\Common Files\Canon
2009-03-08 09:33 . 2009-03-08 09:33 18944 -c----w- c:\windows\system32\dllcache\corpol.dll
2009-02-23 15:59 . 2003-11-04 20:11 159744 ----a-w- c:\windows\system32\lfpng13n.dll
2009-02-10 16:12 . 2009-02-10 16:12 -------- d-----w- c:\program files\Quicksys
2009-02-05 16:22 . 2002-01-01 04:00 -------- d-----w- c:\windows\SxsCaPendDel
2009-02-04 17:57 . 2010-01-27 18:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-02-04 16:52 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-02-04 16:43 . 2009-02-04 16:43 -------- d-sh--w- c:\documents and settings\JOANNE\IECompatCache
2009-02-04 16:42 . 2009-02-04 16:42 -------- d-sh--w- c:\documents and settings\JOANNE\IETldCache
2009-02-04 16:34 . 2009-03-08 09:35 2048 -c--a-w- c:\windows\system32\dllcache\iecompat.dll
2009-02-03 19:59 . 2009-06-25 08:25 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-01-20 17:09 . 2009-01-20 17:11 -------- d-----w- c:\documents and settings\JOANNE\Application Data\Weather Clock
2009-01-20 17:09 . 2009-01-20 17:09 -------- d-----w- c:\program files\Weather Clock
2009-01-20 17:02 . 2009-01-20 17:02 -------- d-----w- c:\program files\AccuWeatherDesktop
2009-01-19 15:45 . 2009-01-19 15:45 -------- d-----w- c:\documents and settings\JOANNE\Application Data\Panasonic
2009-01-19 15:45 . 2009-01-19 15:45 -------- d-----w- C:\MC_TMP
2009-01-19 15:33 . 2007-06-15 17:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2009-01-19 15:33 . 2007-06-15 17:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2009-01-19 15:33 . 2006-02-21 00:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2009-01-19 15:33 . 2004-11-19 23:21 36864 ----a-w- c:\windows\system32\sddevmgr.dll
2009-01-19 15:33 . 2009-01-19 15:33 -------- d-----w- c:\program files\Panasonic
2009-01-07 23:20 . 2009-01-07 23:20 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 23:20 . 2009-01-07 23:20 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 23:20 . 2009-01-07 23:20 1497088 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2009-01-07 23:20 . 2009-01-07 23:20 1022976 -c----w- c:\windows\system32\dllcache\browseui.dll
2009-01-02 18:52 . 2010-01-21 17:10 -------- d-----w- c:\program files\Microsoft Silverlight
2008-12-19 07:28 . 2010-05-28 20:49 -------- d-----w- c:\windows\ie8updates
2008-12-16 12:30 . 2009-08-25 09:17 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2008-12-05 07:58 . 2009-05-21 15:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2008-12-05 07:57 . 2008-12-05 07:57 152576 -c--a-w- c:\documents and settings\JOANNE\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2008-12-05 06:44 . 2008-08-30 05:53 151552 ----a-w- c:\windows\system32\securenet.dll
2008-11-28 15:52 . 2008-11-28 15:52 -------- d-sh--w- c:\documents and settings\JOANNE\PrivacIE
2008-11-26 17:40 . 2008-11-26 17:40 -------- d-----w- c:\documents and settings\JOANNE\Local Settings\Application Data\K-Meleon
2008-11-26 17:40 . 2008-11-26 17:40 -------- d-----w- c:\documents and settings\JOANNE\Application Data\K-Meleon
2008-11-26 17:39 . 2008-11-26 17:39 -------- d-----w- c:\program files\K-Meleon
2008-11-12 18:06 . 2008-11-12 18:06 -------- d-----w- c:\documents and settings\JOANNE\Application Data\AdobeAUM
2008-11-12 18:05 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:05 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2008-10-23 12:36 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2008-10-15 17:48 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2008-10-15 17:48 . 2009-08-14 13:21 1850624 -c----w- c:\windows\system32\dllcache\win32k.sys
2008-10-15 17:47 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 17:47 . 2010-02-16 13:25 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:48 PM, on 1/1/2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
C:\Program Files\Office Mouse\moffice.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files\Office Mouse\MOUSE32A.DAT
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Weather Clock\WeatherClock.exe
C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files\AccuWeatherDesktop\AccuWeatherDesktop.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\GSP\Software\GspTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sitecom\Sitecom Wireless Network PCI Adapter 54G WL-115\Installer\WINXP\WLANUTL.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\GSP\Software\GspComposer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Build your own broadband and phone package with TalkTalk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:7000
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mailstation Assistant] C:\Program Files\Pitney Bowes\mailstation 2\mailstationAssistant minimize
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: AccuWeather.com® Desktop.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
O4 - Global Startup: GSPTray.lnk = C:\GSP\Software\GspTray.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Sitecom WL-115 Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network PCI Adapter 54G WL-115\Installer\WINXP\WLANUTL.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...tonmartin.com/configurator/db9coupe_load.html
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134327485609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 15042 bytes
 
Status
Not open for further replies.

Similar threads

W
Covert Communication via modulated Ultrasonic Acoustic Pressure Waves
Replies
0
Views
1K
WhiteHatX74
W
A
Congratulations from Google (claimed to be)
Replies
1
Views
2K
carnageX
carnageX
I
System did boot randomly (after changes - I get stabilty but file log is still full of errors)
Replies
1
Views
1K
1etherer
1
C
SCCM unable to sync with WSUS
Replies
5
Views
4K
Dewanyagen
Dewanyagen
A
Can't delete files from Recycle Bin.
Replies
2
Views
2K
Argingst1550
A
Back
Top Bottom