ComboFix 10-05-13.02 - Angel 05/13/2010 16:08:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.165 [GMT -5:00]
Running from: c:\documents and settings\Angel\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Angel\g2mdlhlpx.exe
c:\documents and settings\Angel\GoToAssistDownloadHelper.exe
c:\program files\Common Files\asembl~1
c:\program files\driver
c:\program files\Drmupgds
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\isgTi19
c:\temp\isgTi19\lPig.log
c:\temp\tn3
c:\windows\system32\dlxckacs.ini
c:\windows\system32\fnts~1
c:\windows\system32\hkcmd.exe
c:\windows\system32\muskyyyx.ini
c:\windows\system32\trngidev.ini
c:\windows\system32\vmtqaxue.ini
c:\windows\system32\vnydvfjs.ini
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Legacy_MSCONTROLSERVICE
-------\Legacy_NNSERV
-------\Service_NNServ
((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.
2010-05-13 15:48 . 2010-05-13 15:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-13 15:15 . 2010-05-13 15:15 -------- d-----w- c:\documents and settings\Angel\Application Data\Malwarebytes
2010-05-13 15:14 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 15:14 . 2010-05-13 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 15:14 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 15:14 . 2010-05-13 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 22:24 . 2010-05-12 22:24 -------- d-----w- c:\documents and settings\Angel\Application Data\OnlineArmor
2010-05-12 22:24 . 2010-05-12 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-05-12 22:18 . 2010-05-12 22:18 -------- d-----w- c:\program files\CCleaner
2010-05-12 21:31 . 2010-04-20 09:13 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-05-12 21:31 . 2010-04-20 09:13 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-05-12 21:31 . 2010-04-20 09:13 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-05-12 21:31 . 2010-05-12 21:31 -------- d-----w- c:\program files\Tall Emu
2010-05-12 20:39 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-12 20:39 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-12 20:39 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-12 20:39 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-12 20:39 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-12 20:39 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-12 20:39 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-12 20:39 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-12 20:39 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-12 20:39 . 2010-05-12 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-12 20:39 . 2010-05-12 20:39 -------- d-----w- c:\program files\Alwil Software
2010-05-12 16:25 . 2010-05-13 16:08 -------- d-----w- c:\program files\Trend Micro
2010-05-11 20:44 . 2010-05-11 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-11 20:39 . 2010-05-11 20:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-11 20:39 . 2010-05-11 20:39 -------- d-----w- c:\documents and settings\Angel\Application Data\SUPERAntiSpyware.com
2010-05-11 20:03 . 2010-05-11 20:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-11 15:48 . 2010-05-11 15:52 -------- d-----w- c:\documents and settings\Angel\Application Data\PrevxCSI
2010-05-10 20:58 . 2010-05-12 22:57 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\jglawheik
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 20:51 . 2005-10-06 16:45 -------- d-----w- c:\program files\Dl_cats
2010-05-13 20:46 . 2008-03-06 21:25 -------- d-----w- c:\program files\AskPBar
2010-05-13 19:21 . 2005-10-05 19:09 -------- d-----w- c:\program files\ESPOnline
2010-05-13 17:03 . 2008-01-31 18:44 2568 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-05-13 15:52 . 2005-09-30 02:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-27 15:21 . 2007-07-02 19:02 4548 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-01 21:55 . 2008-04-25 19:26 -------- d-----w- c:\documents and settings\Angel\Application Data\uTorrent
2010-03-30 14:25 . 2010-03-30 14:22 -------- d-----w- c:\program files\iTunes
2010-03-30 14:22 . 2010-03-30 14:22 -------- d-----w- c:\program files\iPod
2010-03-30 14:22 . 2008-06-25 17:19 -------- d-----w- c:\program files\Common Files\Apple
2010-03-30 14:13 . 2008-11-24 15:04 -------- d-----w- c:\program files\Safari
2010-03-26 20:16 . 2008-02-13 17:41 -------- d-----w- c:\program files\PrevxCSI
2010-03-25 13:02 . 2010-03-04 15:12 -------- d-----w- c:\program files\iMesh Applications
2010-03-24 21:16 . 2010-03-24 21:16 508536 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-24 20:25 . 2005-09-30 02:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 20:22 . 2005-10-19 16:33 -------- d-----w- c:\program files\The Weather Channel FW
2010-03-23 19:19 . 2008-03-24 21:55 -------- d-----w- c:\documents and settings\Angel\Application Data\Facebook
2010-03-22 17:29 . 2010-03-22 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-03-11 12:38 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 22:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 12:31 . 2005-09-30 02:04 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-11 22:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 03:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-02-12 13:43 . 2008-02-12 13:43 10 ----a-w- c:\program files\.autoreg
2006-01-31 16:21 . 2006-01-31 16:21 40960 ----a-w- c:\program files\mozilla firefox\plugins\formback.dll
2006-01-31 16:21 . 2006-01-31 16:21 53248 ----a-w- c:\program files\mozilla firefox\plugins\formcal.dll
2006-01-31 16:21 . 2006-01-31 16:21 86016 ----a-w- c:\program files\mozilla firefox\plugins\formclok.dll
2006-01-31 16:21 . 2006-01-31 16:21 65536 ----a-w- c:\program files\mozilla firefox\plugins\formfade.dll
2006-01-31 16:21 . 2006-01-31 16:21 77824 ----a-w- c:\program files\mozilla firefox\plugins\formfile.dll
2006-01-31 16:22 . 2006-01-31 16:22 143360 ----a-w- c:\program files\mozilla firefox\plugins\formflds.dll
2006-01-31 16:22 . 2006-01-31 16:22 53248 ----a-w- c:\program files\mozilla firefox\plugins\formgif.dll
2006-01-31 16:22 . 2006-01-31 16:22 167936 ----a-w- c:\program files\mozilla firefox\plugins\formgrid.dll
2006-01-31 16:22 . 2006-01-31 16:22 45056 ----a-w- c:\program files\mozilla firefox\plugins\formhpic.dll
2006-01-31 16:22 . 2006-01-31 16:22 57344 ----a-w- c:\program files\mozilla firefox\plugins\formicon.dll
2006-01-31 16:23 . 2006-01-31 16:23 53248 ----a-w- c:\program files\mozilla firefox\plugins\forminfo.dll
2006-01-31 16:23 . 2006-01-31 16:23 147456 ----a-w- c:\program files\mozilla firefox\plugins\formjpeg.dll
2006-01-31 16:23 . 2006-01-31 16:23 49152 ----a-w- c:\program files\mozilla firefox\plugins\formlink.dll
2006-01-31 16:23 . 2006-01-31 16:23 45056 ----a-w- c:\program files\mozilla firefox\plugins\formmarq.dll
2006-01-31 16:24 . 2006-01-31 16:24 143360 ----a-w- c:\program files\mozilla firefox\plugins\formmask.dll
2006-01-31 16:24 . 2006-01-31 16:24 61440 ----a-w- c:\program files\mozilla firefox\plugins\formport.dll
2006-01-31 16:24 . 2006-01-31 16:24 106496 ----a-w- c:\program files\mozilla firefox\plugins\formpri.dll
2006-01-31 16:24 . 2006-01-31 16:24 49152 ----a-w- c:\program files\mozilla firefox\plugins\formprog.dll
2006-01-31 16:24 . 2006-01-31 16:24 77824 ----a-w- c:\program files\mozilla firefox\plugins\formqt3.dll
2006-01-31 16:24 . 2006-01-31 16:24 49152 ----a-w- c:\program files\mozilla firefox\plugins\formroll.dll
2006-01-31 16:24 . 2006-01-31 16:24 45056 ----a-w- c:\program files\mozilla firefox\plugins\formsbar.dll
2006-01-31 16:24 . 2006-01-31 16:24 53248 ----a-w- c:\program files\mozilla firefox\plugins\formslid.dll
2006-01-31 16:25 . 2006-01-31 16:25 65536 ----a-w- c:\program files\mozilla firefox\plugins\formtbar.dll
2006-01-31 16:25 . 2006-01-31 16:25 36864 ----a-w- c:\program files\mozilla firefox\plugins\formtile.dll
2006-01-31 16:25 . 2006-01-31 16:25 45056 ----a-w- c:\program files\mozilla firefox\plugins\formtime.dll
2006-01-31 16:25 . 2006-01-31 16:25 40960 ----a-w- c:\program files\mozilla firefox\plugins\formtran.dll
2006-01-31 16:25 . 2006-01-31 16:25 77824 ----a-w- c:\program files\mozilla firefox\plugins\formtree.dll
2006-01-31 16:25 . 2006-01-31 16:25 45056 ----a-w- c:\program files\mozilla firefox\plugins\formwash.dll
2005-10-05 20:03 . 2005-10-05 20:03 122880 ----a-w- c:\program files\mozilla firefox\plugins\orfc.dll
2006-01-31 16:28 . 2006-01-31 16:28 200704 ----a-w- c:\program files\mozilla firefox\plugins\orfcexec.dll
2006-01-31 16:20 . 2006-01-31 16:20 245760 ----a-w- c:\program files\mozilla firefox\plugins\orfcgui.dll
2006-01-31 16:21 . 2006-01-31 16:21 249856 ----a-w- c:\program files\mozilla firefox\plugins\orfcmain.dll
2007-07-23 18:07 . 2007-07-02 19:14 88 --sh--r- c:\windows\system32\18449F2888.sys
2007-11-13 20:11 . 2007-11-13 20:11 56 --sh--r- c:\windows\system32\88289F4418.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-28 4269296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"QuickBooksDB17"="c:\program files\Intuit\QuickBooks Premier\QBDBMgrN.exe" [2006-09-13 128536]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"g7dcamon"="c:\program files\VersaJette M300-V08\g7dcamon.exe" [2007-08-28 25256]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Outlook Express\profsyxyrtir.html
FriendlyName=
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Desktop Alert.lnk]
backup=c:\windows\pss\Desktop Alert.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^PrevxCSI.lnk]
backup=c:\windows\pss\PrevxCSI.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a88d01ab
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 00:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2007-03-01 22:31 360448 ----a-w- c:\program files\Browser MOUSE\mouse32a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 13:50 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-10-15 18:07 214296 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
2007-05-16 15:18 1856544 ----a-w- c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccPwdSvc"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"NProtectService"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GhostStartService"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AOL ACS"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Premier\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\g7dccoms.exe"=
"c:\\Program Files\\VersaJette M300-V08\\g7dcamon.exe"=
"c:\\Program Files\\VersaJette M300-V08\\App4R.exe"=
"c:\documents and settings\Angel\Application Data\Facebook\facebook.exe"= c:\documents and settings\Angel\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBServerUtilityMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\g7dcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\g7dcpswx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10172:TCP"= 10172:TCP:FileManagement.exe
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2010 3:39 PM 164048]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [5/12/2010 4:31 PM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [5/12/2010 4:31 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [5/12/2010 4:31 PM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/12/2010 3:39 PM 19024]
R2 g7dc_device;g7dc_device;c:\windows\system32\g7dccoms.exe -service --> c:\windows\system32\g7dccoms.exe -service [?]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [5/12/2010 4:31 PM 1284600]
S3 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [5/12/2010 4:31 PM 3364856]
.
Contents of the 'Scheduled Tasks' folder
2010-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2010-05-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
www.nbc15.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {03846D71-5032-4097-A653-14529479A481} = 195.242.208.40
TCP: {7894E062-F09F-4719-8DA6-BE881C500E11} = 195.242.208.40
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Angel\Application Data\Mozilla\Firefox\Profiles\fpll780x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2310656&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nbc15.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com//web?src=ffb&q=
FF - plugin: c:\documents and settings\Angel\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Angel\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_orfc.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npcpbrk7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeployJava1.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npmozax.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppl3260.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nprjplug.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npsnapfish.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_orfc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE
08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9
EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90
D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0E
CEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF2
5635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27
B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF8
49DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF
1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE
1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4E
A0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44
6462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID08
62E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2
A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B
05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8
E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID65
9796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78
071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC
3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE6
7D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC
5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6E
C5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67
CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73
600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB0
2EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBA
E5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28
B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D
53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3
266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB3
3AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID15
3B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3B
BE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B
5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5
C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06
969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFB
F37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1
A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID36
8F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43
969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA2
05DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06
8D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF4
43E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3
6A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID37
9805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6
240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26
C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92
B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2A
A5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0A
AACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D
56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID94
6121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB8
53303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E
578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D
065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44
51D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06
4B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38
F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4E
C68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44
F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
HKCU-Run-Tair - c:\progra~1\COMMON~1\ASEMBL~1\netdde.exe
HKLM-Run-dlccmon.exe - c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
HKLM-Run-igfxhkcmd - c:\windows\system32\hkcmd.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
MSConfigStartUp-AcctMgr - c:\program files\Norton SystemWorks\Password Manager\AcctMgr.exe
MSConfigStartUp-GhostStartTrayApp - c:\program files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL
MSConfigStartUp-Norton SystemWorks - c:\program files\Common Files\Symantec Shared\CfgWiz.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Drmupgds - c:\program files\Drmupgds\Drmupgds.exe
AddRemove-Router - c:\program files\Router\UnInstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-13 16:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\
W32X86\3\DLCCtime.dll,_RunDLLEntry@16?
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
?
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
?
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
![Huh? ???](https://www.computerhope.com/forum/Smileys/classic/huh.gif)
??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(500)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(436)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\g7dccoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-13 16:38:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-13 21:37
Pre-Run: 27,412,525,056 bytes free
Post-Run: 27,538,432,000 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3CA39C587EE5C5979F80361ECB4F0F2A