• WELCOME
Welcome to the Myantispyware - free site offering help and assistance on spyware, malware and adware removal. As a guest you can only browse and view the various topics in the forums, but can not create a new topic and reply to an existing topic. If you are seeking help, you will need to be a logged into the forums with a registered account. Registering is free.
Click here to Create a free account and read How to use Spyware Removal Forum

Microsoft Outlook Virus

Moderator: Moderators

Microsoft Outlook Virus

Postby Kelly535 » Sat Sep 25, 2010 9:04 pm

Hi!
I'm doing this for my dad's computer. He is having trouble where whenever he attempts to open up his email (Microsoft Outlook), the program opens up and then immediately within 2 seconds it shuts down and no matter how many times you attempt to open the program this always happens. I have already run a Malwarebytes Anti-Malware scan and no viruses have come up at all. We have AVG (the free addition) on this computer as well and no viruses have come up with that either! What can I do? How can I fix this? The log of the scan for that HijackThis is below. I would really appreciate any help I could get.
Kelly

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:27 PM, on 9/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Kerry Strand\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/dslextreme.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WeFiBar Toolbar - {0b876028-b388-4f6d-922f-f52faec8535f} - C:\Program Files\WeFiBar\tbWeF0.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: WeFiBar Toolbar - {0b876028-b388-4f6d-922f-f52faec8535f} - C:\Program Files\WeFiBar\tbWeF0.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKA.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Kerry Strand\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer002\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer002\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer002\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer002\MathMLMimer.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WeFi Engine Service (WefiEngSvc) - WeFi - C:\Program Files\WeFi\WefiEngSvc.exe

--
End of file - 10573 bytes
Kelly535
 
Posts: 22
Joined: Fri Apr 23, 2010 3:04 pm

Re: Microsoft Outlook Virus

Postby patrik » Tue Sep 28, 2010 4:21 pm

Hello, welcome to the Myantispyware forum.

If you have previously downloaded ComboFix, please delete that version now.
Download Combofix from here. Close any open browsers. Double click on combofix.exe and follow the prompts.
When the tool is finished, it will produce a log for you.If the log does not automatically open, then it can be found at %systemdrive%\combofix.txt (typically C:\combofix.txt).

If ComboFix will not run, please rename it to myapp.exe and try again!

Post back with combofix log.
patrik
Site Admin
 
Posts: 9277
Joined: Sun Jan 08, 2006 1:11 pm

Re: Microsoft Outlook Virus

Postby Kelly535 » Mon Oct 04, 2010 4:59 am

Hi Patrick!
Here is the combo fix log

ComboFix 10-10-03.01 - Kerry Strand 10/03/2010 21:46:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.505 [GMT -7:00]
Running from: c:\documents and settings\Kerry Strand\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mary Ann Strand\Local Settings\Temporary Internet Files\TestBrowser.html
c:\windows\AutoRun.ini

.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 04:25 . 2010-08-15 13:45 11045880 ---ha-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\in00000\setup.exe
2010-10-04 04:25 . 2010-08-15 13:39 838472 ---ha-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\ar00000\install.exe
2010-10-03 22:11 . 2010-08-15 13:45 11045880 ---ha-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\in00000\setup.exe
2010-10-03 22:11 . 2010-08-15 13:39 838472 ---ha-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\ar00000\install.exe
2010-09-26 05:51 . 2010-09-26 05:51 -------- d-----w- c:\documents and settings\Kelly Strand\Application Data\Yahoo!
2010-09-25 20:57 . 2010-09-25 20:57 -------- d-----w- c:\program files\Trend Micro
2010-09-19 22:04 . 2010-09-19 22:04 -------- d-----w- c:\documents and settings\Mary Ann Strand\Application Data\Yahoo!
2010-09-19 07:23 . 2010-09-19 07:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-19 07:22 . 2010-09-19 07:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-19 00:14 . 2010-09-19 00:14 -------- d-----w- c:\documents and settings\Andrea Strand\Application Data\Yahoo!
2010-09-18 17:09 . 2010-09-18 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-18 17:09 . 2010-09-18 17:09 -------- d-----w- c:\documents and settings\Kerry Strand\Application Data\Yahoo!
2010-09-18 17:09 . 2010-09-18 17:09 -------- d-----w- c:\program files\CCleaner
2010-09-16 04:21 . 2010-09-16 04:21 -------- d-----w- c:\program files\iPod
2010-09-16 04:21 . 2010-09-16 04:22 -------- d-----w- c:\program files\iTunes
2010-09-16 04:18 . 2010-09-16 04:19 -------- d-----w- c:\program files\QuickTime
2010-09-16 04:12 . 2010-09-16 04:12 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 04:25 . 2009-10-18 04:20 -------- d-----w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp
2010-10-03 22:12 . 2009-06-16 02:28 -------- d-----w- c:\program files\WeFi
2010-10-03 22:11 . 2009-11-10 06:08 -------- d-----w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp
2010-10-03 07:17 . 2007-07-16 21:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-21 04:54 . 2009-11-12 20:34 1324 -c--a-w- c:\documents and settings\Andrea Strand\Local Settings\Application Data\d3d9caps.tmp
2010-09-21 04:30 . 2009-04-07 05:21 -------- d-----w- c:\documents and settings\Andrea Strand\Application Data\Apple Computer
2010-09-18 19:16 . 2009-06-16 02:30 -------- d-----w- c:\program files\WeFiBar
2010-09-18 18:05 . 2008-08-21 05:25 -------- d-----w- c:\documents and settings\Kerry Strand\Application Data\Apple Computer
2010-09-18 17:09 . 2007-06-20 22:23 -------- d-----w- c:\program files\Yahoo!
2010-09-16 04:21 . 2007-06-30 03:47 -------- d-----w- c:\program files\Common Files\Apple
2010-09-14 23:55 . 2007-04-16 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-31 16:58 . 2010-08-31 16:58 -------- d-----w- c:\program files\Coupons
2010-08-23 17:24 . 2009-06-16 02:05 -------- d-----w- c:\documents and settings\Mary Ann Strand\Application Data\Apple Computer
2010-08-23 13:08 . 2010-08-23 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2010-08-21 20:07 . 2007-04-16 04:59 79120 -c--a-w- c:\documents and settings\Kelly Strand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-20 19:29 . 2007-04-16 04:56 79120 -c--a-w- c:\documents and settings\Andrea Strand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-18 17:44 . 2007-04-16 04:52 79120 -c--a-w- c:\documents and settings\Mary Ann Strand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-18 04:56 . 2007-02-22 09:21 79120 -c--a-w- c:\documents and settings\Kerry Strand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-17 21:30 . 2010-08-17 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-17 21:24 . 2010-08-17 21:24 -------- d-----w- c:\program files\Bonjour
2010-08-17 21:13 . 2010-08-17 21:13 -------- d-----w- c:\documents and settings\Mary Ann Strand\Application Data\Malwarebytes
2010-08-17 21:12 . 2009-12-13 01:09 -------- d-----w- c:\program files\Design Science
2010-08-17 19:02 . 2010-03-18 22:49 1324 ----a-w- c:\documents and settings\Kelly Strand\Local Settings\Application Data\d3d9caps.tmp
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 13:46 . 2010-08-15 13:46 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\ug00000\magicJack.dll
2010-08-15 13:46 . 2010-08-15 13:46 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\ug00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\st00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\st00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\magicJack.dll
2010-08-15 13:40 . 2010-08-15 13:40 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\lr00000\magicJack.dll
2010-08-15 13:40 . 2010-08-15 13:40 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\lr00000\magicJack.dll
2010-08-15 13:39 . 2010-08-15 13:39 22533520 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\magicJack.exe
2010-08-15 13:39 . 2010-08-15 13:39 22533520 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\magicJack.exe
2010-08-15 13:39 . 2010-08-15 13:39 50592 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\cdloader2.exe
2010-08-15 13:39 . 2010-08-15 13:39 50592 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\cdloader2.exe
2010-08-15 13:39 . 2010-08-24 17:04 838472 ---ha-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\Upgrade\install2.exe
2010-08-15 13:39 . 2010-08-23 13:08 838472 ---ha-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\Upgrade\install2.exe
2010-08-15 13:39 . 2010-08-15 13:39 838472 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\ug00000\install.exe
2010-08-15 13:39 . 2010-08-15 13:39 838472 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\ug00000\install.exe
2010-08-15 13:38 . 2010-08-15 13:38 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\in00000\magicJack.dll
2010-08-15 13:38 . 2010-08-15 13:38 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\in00000\magicJack.dll
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\st00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\in00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\st00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\in00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-08-08 02:16 . 2009-06-23 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-22 15:49 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 00:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 13:21 . 2009-05-24 18:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:21 . 2010-07-15 13:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:21 . 2009-05-24 18:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b876028-b388-4f6d-922f-f52faec8535f}]
2010-09-08 21:44 2735200 ----a-w- c:\program files\WeFiBar\tbWeF0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-17 01:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]
"{0b876028-b388-4f6d-922f-f52faec8535f}"= "c:\program files\WeFiBar\tbWeF0.dll" [2010-09-08 2735200]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{0b876028-b388-4f6d-922f-f52faec8535f}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]
"{0B876028-B388-4F6D-922F-F52FAEC8535F}"= "c:\program files\WeFiBar\tbWeF0.dll" [2010-09-08 2735200]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{0b876028-b388-4f6d-922f-f52faec8535f}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"cdloader"="c:\documents and settings\Kerry Strand\Application Data\mjusbsp\cdloader2.exe" [2010-08-15 50592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\documents and settings\Peter Strand\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Kelly Strand\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Mary Ann Strand\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Kerry Strand\\Application Data\\mjusbsp\\magicJack.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2009 11:28 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2009 11:28 AM 243024]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [5/25/2009 12:45 AM 464264]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 6:21 AM 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 10:22 PM 135664]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\PETERS~1\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\PETERS~1\LOCALS~1\Temp\mdxgthkn.sys [?]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [3/16/2010 8:23 AM 133976]
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 05:22]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 05:22]

2010-10-04 c:\windows\Tasks\User_Feed_Synchronization-{56F00218-8215-4491-BCC1-DF6ED11FAFC1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

2010-10-04 c:\windows\Tasks\User_Feed_Synchronization-{5ABA28E9-0E40-4A21-9145-107DB5A1091E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

2010-10-04 c:\windows\Tasks\User_Feed_Synchronization-{D2AB7BCF-E349-4B3E-8F1F-3D743BB5AACF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://partnerpage.google.com/dslextreme.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-ccc-core-static - msiexec
AddRemove-{FC053571-8507-44E4-8B6D-AACEAB8CA57C} - c:\program files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1482476501-1606980848-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-03 21:55:53
ComboFix-quarantined-files.txt 2010-10-04 04:55

Pre-Run: 261,336,748,032 bytes free
Post-Run: 265,858,818,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 73401EB881473C8036BCCDBA3A93FE5A
Kelly535
 
Posts: 22
Joined: Fri Apr 23, 2010 3:04 pm

Re: Microsoft Outlook Virus

Postby patrik » Tue Oct 05, 2010 5:25 pm

Open notepad, copy/paste the text in the code box below into notepad:
Code: Select all
Driver::
Viewpoint Manager Service
mdxgthkn

Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
Image
When finished, it will produce a report for you.

Post back with a combofix log.
patrik
Site Admin
 
Posts: 9277
Joined: Sun Jan 08, 2006 1:11 pm

Re: Microsoft Outlook Virus

Postby Kelly535 » Sat Oct 09, 2010 2:44 am

Sorry it takes so long for me to get back to you. I can only work on this on the weekends.
Here's the ComboFix log:
ComboFix 10-10-07.02 - Kerry Strand 10/08/2010 19:28:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.401 [GMT -7:00]
Running from: c:\documents and settings\Kerry Strand\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kerry Strand\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mary Ann Strand\Local Settings\Temporary Internet Files\TestBrowser.html

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MDXGTHKN
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_mdxgthkn
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2010-09-09 to 2010-10-09 )))))))))))))))))))))))))))))))
.

2010-10-09 02:18 . 2010-08-15 13:45 11045880 ---ha-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\in00000\setup.exe
2010-10-04 16:06 . 2010-10-04 16:06 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-04 16:06 . 2010-10-04 16:06 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-10-04 16:06 . 2010-10-04 16:06 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-04 04:25 . 2010-08-15 13:39 838472 ---ha-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\ar00000\install.exe
2010-10-03 22:11 . 2010-08-15 13:45 11045880 ---ha-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\in00000\setup.exe
2010-10-03 22:11 . 2010-08-15 13:39 838472 ---ha-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\ar00000\install.exe
2010-09-26 05:51 . 2010-09-26 05:51 -------- d-----w- c:\documents and settings\Kelly Strand\Application Data\Yahoo!
2010-09-25 20:57 . 2010-09-25 20:57 -------- d-----w- c:\program files\Trend Micro
2010-09-19 22:04 . 2010-09-19 22:04 -------- d-----w- c:\documents and settings\Mary Ann Strand\Application Data\Yahoo!
2010-09-19 07:23 . 2010-09-19 07:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-19 07:22 . 2010-09-19 07:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-19 00:14 . 2010-09-19 00:14 -------- d-----w- c:\documents and settings\Andrea Strand\Application Data\Yahoo!
2010-09-18 17:09 . 2010-09-18 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-18 17:09 . 2010-09-18 17:09 -------- d-----w- c:\documents and settings\Kerry Strand\Application Data\Yahoo!
2010-09-18 17:09 . 2010-09-18 17:09 -------- d-----w- c:\program files\CCleaner
2010-09-16 04:21 . 2010-09-16 04:21 -------- d-----w- c:\program files\iPod
2010-09-16 04:21 . 2010-09-16 04:22 -------- d-----w- c:\program files\iTunes
2010-09-16 04:18 . 2010-09-16 04:19 -------- d-----w- c:\program files\QuickTime
2010-09-16 04:12 . 2010-09-16 04:12 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 02:19 . 2009-10-18 04:20 -------- d-----w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp
2010-10-08 02:48 . 2009-06-16 02:28 -------- d-----w- c:\program files\WeFi
2010-10-08 00:35 . 2007-07-16 21:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-03 22:11 . 2009-11-10 06:08 -------- d-----w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp
2010-09-21 04:54 . 2009-11-12 20:34 1324 -c--a-w- c:\documents and settings\Andrea Strand\Local Settings\Application Data\d3d9caps.tmp
2010-09-21 04:30 . 2009-04-07 05:21 -------- d-----w- c:\documents and settings\Andrea Strand\Application Data\Apple Computer
2010-09-18 19:16 . 2009-06-16 02:30 -------- d-----w- c:\program files\WeFiBar
2010-09-18 18:05 . 2008-08-21 05:25 -------- d-----w- c:\documents and settings\Kerry Strand\Application Data\Apple Computer
2010-09-18 17:09 . 2007-06-20 22:23 -------- d-----w- c:\program files\Yahoo!
2010-09-16 04:21 . 2007-06-30 03:47 -------- d-----w- c:\program files\Common Files\Apple
2010-09-14 23:55 . 2007-04-16 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-31 16:58 . 2010-08-31 16:58 -------- d-----w- c:\program files\Coupons
2010-08-23 17:24 . 2009-06-16 02:05 -------- d-----w- c:\documents and settings\Mary Ann Strand\Application Data\Apple Computer
2010-08-23 13:08 . 2010-08-23 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2010-08-21 20:07 . 2007-04-16 04:59 79120 -c--a-w- c:\documents and settings\Kelly Strand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-20 19:29 . 2007-04-16 04:56 79120 -c--a-w- c:\documents and settings\Andrea Strand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-18 17:44 . 2007-04-16 04:52 79120 -c--a-w- c:\documents and settings\Mary Ann Strand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-18 04:56 . 2007-02-22 09:21 79120 -c--a-w- c:\documents and settings\Kerry Strand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-17 21:30 . 2010-08-17 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-17 21:24 . 2010-08-17 21:24 -------- d-----w- c:\program files\Bonjour
2010-08-17 21:13 . 2010-08-17 21:13 -------- d-----w- c:\documents and settings\Mary Ann Strand\Application Data\Malwarebytes
2010-08-17 21:12 . 2009-12-13 01:09 -------- d-----w- c:\program files\Design Science
2010-08-17 19:02 . 2010-03-18 22:49 1324 ----a-w- c:\documents and settings\Kelly Strand\Local Settings\Application Data\d3d9caps.tmp
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 13:46 . 2010-08-15 13:46 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\ug00000\magicJack.dll
2010-08-15 13:46 . 2010-08-15 13:46 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\ug00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\st00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\st00000\magicJack.dll
2010-08-15 13:44 . 2010-08-15 13:44 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\magicJack.dll
2010-08-15 13:40 . 2010-08-15 13:40 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\lr00000\magicJack.dll
2010-08-15 13:40 . 2010-08-15 13:40 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\lr00001\magicJack.dll
2010-08-15 13:39 . 2010-08-15 13:39 22533520 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\magicJack.exe
2010-08-15 13:39 . 2010-08-15 13:39 22533520 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\magicJack.exe
2010-08-15 13:39 . 2010-08-15 13:39 50592 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\cdloader2.exe
2010-08-15 13:39 . 2010-08-15 13:39 50592 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\cdloader2.exe
2010-08-15 13:39 . 2010-08-24 17:04 838472 ---ha-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\Upgrade\install2.exe
2010-08-15 13:39 . 2010-08-23 13:08 838472 ---ha-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\Upgrade\install2.exe
2010-08-15 13:39 . 2010-08-15 13:39 838472 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\ug00000\install.exe
2010-08-15 13:39 . 2010-08-15 13:39 838472 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\ug00000\install.exe
2010-08-15 13:38 . 2010-08-15 13:38 170904 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\in00000\magicJack.dll
2010-08-15 13:38 . 2010-08-15 13:38 170904 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\in00000\magicJack.dll
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\st00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\in00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\st00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 103840 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\in00000\mjsetup.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Mary Ann Strand\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\magicJackSplash.exe
2010-08-15 13:37 . 2010-08-15 13:37 442800 ----a-w- c:\documents and settings\Kerry Strand\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-07-22 15:49 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 00:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 13:21 . 2009-05-24 18:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:21 . 2010-07-15 13:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:21 . 2009-05-24 18:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-10-04_04.53.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-28 12:00 . 2010-10-07 06:13 74788 c:\windows\system32\perfc009.dat
- 2010-03-23 12:31 . 2010-03-23 12:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 16:43 . 2010-09-22 16:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-10-07 15:23 . 2010-10-07 15:23 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-12 05:21 . 2010-08-12 05:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-08-12 05:21 . 2010-08-12 05:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-02-28 12:00 . 2010-10-07 06:13 453822 c:\windows\system32\perfh009.dat
- 2010-03-23 12:31 . 2010-03-23 12:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-22 16:43 . 2010-09-22 16:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-24 04:02 . 2010-09-24 04:02 798208 c:\windows\Installer\463681.msp
+ 2010-10-07 15:23 . 2010-10-07 15:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-08 15:12 . 2010-10-08 15:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-08 15:12 . 2010-10-08 15:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-08 15:12 . 2010-10-08 15:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-08 15:12 . 2010-10-08 15:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-07 15:23 . 2010-10-07 15:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-07 15:23 . 2010-10-07 15:23 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-07 15:23 . 2010-10-07 15:23 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-07 15:22 . 2010-10-07 15:22 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-09-22 16:44 . 2010-09-22 16:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-03-23 12:32 . 2010-03-23 12:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-23 14:39 . 2010-09-23 14:39 4265472 c:\windows\Installer\353956.msp
+ 2010-10-07 15:24 . 2010-10-07 15:24 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-07 15:24 . 2010-10-07 15:24 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-07 15:24 . 2010-10-07 15:24 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-07 15:24 . 2010-10-07 15:24 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-07 15:24 . 2010-10-07 15:24 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-07 15:24 . 2010-10-07 15:24 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-08 15:12 . 2010-10-08 15:12 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-10-08 15:12 . 2010-10-08 15:12 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-10-07 15:22 . 2010-10-07 15:22 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-10-07 15:23 . 2010-10-07 15:23 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-10-07 15:23 . 2010-10-07 15:23 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-08 02:48 . 2010-10-08 02:48 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-05-25 08:44 . 2009-05-25 08:44 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-08-12 05:21 . 2010-08-12 05:21 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-07 06:13 . 2010-10-07 06:13 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-07 15:23 . 2010-10-07 15:23 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-07 15:23 . 2010-10-07 15:23 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-10-07 15:02 . 2010-10-07 15:02 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b876028-b388-4f6d-922f-f52faec8535f}]
2010-09-08 21:44 2735200 ----a-w- c:\program files\WeFiBar\tbWeF0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-17 01:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]
"{0b876028-b388-4f6d-922f-f52faec8535f}"= "c:\program files\WeFiBar\tbWeF0.dll" [2010-09-08 2735200]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{0b876028-b388-4f6d-922f-f52faec8535f}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]
"{0B876028-B388-4F6D-922F-F52FAEC8535F}"= "c:\program files\WeFiBar\tbWeF0.dll" [2010-09-08 2735200]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{0b876028-b388-4f6d-922f-f52faec8535f}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"cdloader"="c:\documents and settings\Kerry Strand\Application Data\mjusbsp\cdloader2.exe" [2010-08-15 50592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\documents and settings\Peter Strand\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Kelly Strand\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Mary Ann Strand\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Kerry Strand\\Application Data\\mjusbsp\\magicJack.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2009 11:28 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2009 11:28 AM 243024]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [5/25/2009 12:45 AM 464264]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 6:21 AM 308136]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 10:22 PM 135664]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [3/16/2010 8:23 AM 133976]
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 05:22]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 05:22]

2010-10-09 c:\windows\Tasks\User_Feed_Synchronization-{56F00218-8215-4491-BCC1-DF6ED11FAFC1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

2010-10-09 c:\windows\Tasks\User_Feed_Synchronization-{5ABA28E9-0E40-4A21-9145-107DB5A1091E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

2010-10-09 c:\windows\Tasks\User_Feed_Synchronization-{D2AB7BCF-E349-4B3E-8F1F-3D743BB5AACF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://partnerpage.google.com/dslextreme.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1482476501-1606980848-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1188)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-10-08 19:42:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-09 02:42
ComboFix2.txt 2010-10-04 04:55

Pre-Run: 265,216,851,968 bytes free
Post-Run: 265,304,858,624 bytes free

Current=1 Default=1 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 8ED7B62AA44A2621A2643707CD7B93D3
Kelly535
 
Posts: 22
Joined: Fri Apr 23, 2010 3:04 pm

Re: Microsoft Outlook Virus

Postby patrik » Mon Oct 11, 2010 2:44 pm

Looks ok.
Please scan your computer with Kaspersky Online Scanner.

Post back with a scan report.
patrik
Site Admin
 
Posts: 9277
Joined: Sun Jan 08, 2006 1:11 pm


Return to Archived Logs

Who is online

Users browsing this forum: Yahoo [Bot] and 0 guests

cron