Author Topic: windows security alert (Read 13007 times)

calli · « **on:** May 12, 2010, 11:07:43 AM »

I keep getting Windows Security alert pop up in the bottom right corner. It says the windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now. Then an antivirus software alert also pops up in the bottom right corner. It is an infiltration alert computer is being attacked by an internet virus. I am unable to open any programs except firefox. When I do attempt to open a program I get a Security Warning stating that the application cannot be executed. The file**** is infected. Do you want to activate your antivirus software now? Also Internet Explorer opens to a porn site.
The only way I can get any programs to open is if I reboot the computer, I can open programs in the first minute or so of the computer rebooting!
Any thing you can do to help would be greatly appreciated!!
Thanks!!!

Allan · « **Reply #1 on:** May 12, 2010, 11:14:06 AM »

http://www.computerhope.com/forum/index.php/topic,46313.0.html

SuperDave · « **Reply #2 on:** May 12, 2010, 06:42:14 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

calli · « **Reply #3 on:** May 13, 2010, 09:07:29 AM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/13/2010 at 09:44 AM

Application Version : 4.37.1000

Core Rules Database Version : 4900
Trace Rules Database Version: 2712

Scan type : Quick Scan
Total Scan Time : 01:14:53

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 663
Registry threats detected : 1
File items scanned : 29195
File threats detected : 0

Rogue.AntivirusSoft
HKU\S-1-5-21-411853214-3381289921-4094553337-1005\Software\avsoft

calli · « **Reply #4 on:** May 13, 2010, 09:34:33 AM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4096

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

5/13/2010 10:31:12 AM
mbam-log-2010-05-13 (10-31-12).txt

Scan type: Quick scan
Objects scanned: 132653
Time elapsed: 14 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driver (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driverdrv (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\driver (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c8fb8631-14eb-4bd0-9eba-74664fe3af1e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ea219350-b25f-4304-b0a7-ca6c15d25c3f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cz6 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps5 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rp4 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\v9 (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146115110.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465452.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465652.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146115110.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465452.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465749.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\th823567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

calli · « **Reply #5 on:** May 13, 2010, 10:12:02 AM »

exeHelper by Raktor
Build 20100414
Run at 11:15:09 on 05/13/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

calli · « **Reply #6 on:** May 13, 2010, 10:13:48 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:39 AM, on 5/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\g7dccoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\VersaJette M300-V08\g7dcamon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\sniper\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.nbc15.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {0C0BC35A-79F4-4B5D-B3A5-0394515E2C84} - (no file)
O2 - BHO: {55f46b79-e096-9a0b-8e14-17ba39757851} - {15875793-ab71-41e8-b0a9-690e97b64f55} - (no file)
O2 - BHO: (no name) - {295D9DE7-31D1-4D17-9B65-0C24A4F04535} - (no file)
O2 - BHO: (no name) - {2CD6C95B-4F7D-47F3-A1DF-D7EAB67F353D} - (no file)
O2 - BHO: (no name) - {3328DED7-F4C3-4288-B6E1-AE2918B9BE98} - (no file)
O2 - BHO: (no name) - {377B7ACF-1B39-421C-8D69-0A9356F3969D} - (no file)
O2 - BHO: (no name) - {436E96E6-5100-5DFF-5315-2E00B8C780BC} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {755CBD7F-7298-492D-9A4E-44C21460D817} - (no file)
O2 - BHO: (no name) - {857D76A7-F269-48D0-A728-22EDB3FD7B45} - (no file)
O2 - BHO: (no name) - {92C7B15F-38C1-489F-B380-094216CA2EDF} - (no file)
O2 - BHO: (no name) - {950AC5A5-3EB8-46D1-8A7A-C373EFF4840D} - (no file)
O2 - BHO: (no name) - {9C13FFE6-FE2D-42F0-2080-A8BF070AC9DD} - (no file)
O2 - BHO: (no name) - {B0EA457B-4507-49C0-98B6-D91B2526A582} - (no file)
O2 - BHO: (no name) - {BCA98CE9-49DA-4C5C-A393-F340637C53ED} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DE43CFDF-5EF8-46D0-AEE4-EE2FEDC8EBFD} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickBooksDB17] C:\Program Files\Intuit\QuickBooks Premier\QBDBMgrN.exe -n QB_CALLI_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe C:\DOCUME~1\Angel\LOCALS~1\APPLIC~1\Intuit\QUICKB~1\Log\DBSTAR~1.LOG -y
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [g7dcamon] "C:\Program Files\VersaJette M300-V08\g7dcamon.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aahqmkh] C:\WINDOWS\system32\F?nts\w?aclt.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\ASEMBL~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_14.dll' missing
O16 - DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (13.0)) - http://aceonline.asicentral.com/ace/ltocx13n.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03846D71-5032-4097-A653-14529479A481}: NameServer = 195.242.208.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{7894E062-F09F-4719-8DA6-BE881C500E11}: NameServer = 195.242.208.40
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: g7dc_device - - C:\WINDOWS\system32\g7dccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Outlook Express\profsyxyrtir.html

--
End of file - 13260 bytes

SuperDave · « **Reply #7 on:** May 13, 2010, 01:21:17 PM »

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

=============================================

Please download AskRemover from here[/URL]
Extract the zip file to your Desktop, then run AskRemover.bat
Allow it to run, and select yes to the registry merge warning.
Copy and paste the resulting log in your next post.

===================================

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Program Files\Router\Router.exe

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

=============================================

Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for newdotnet and uninstall it.
================================================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {0C0BC35A-79F4-4B5D-B3A5-0394515E2C84} - (no file)
O2 - BHO: {55f46b79-e096-9a0b-8e14-17ba39757851} - {15875793-ab71-41e8-b0a9-690e97b64f55} - (no file)
O2 - BHO: (no name) - {295D9DE7-31D1-4D17-9B65-0C24A4F04535} - (no file)
O2 - BHO: (no name) - {2CD6C95B-4F7D-47F3-A1DF-D7EAB67F353D} - (no file)
O2 - BHO: (no name) - {3328DED7-F4C3-4288-B6E1-AE2918B9BE98} - (no file)
O2 - BHO: (no name) - {377B7ACF-1B39-421C-8D69-0A9356F3969D} - (no file)
O2 - BHO: (no name) - {436E96E6-5100-5DFF-5315-2E00B8C780BC} - (no file)
O2 - BHO: (no name) - {755CBD7F-7298-492D-9A4E-44C21460D817} - (no file)
O2 - BHO: (no name) - {857D76A7-F269-48D0-A728-22EDB3FD7B45} - (no file)
O2 - BHO: (no name) - {92C7B15F-38C1-489F-B380-094216CA2EDF} - (no file)
O2 - BHO: (no name) - {950AC5A5-3EB8-46D1-8A7A-C373EFF4840D} - (no file)
O2 - BHO: (no name) - {9C13FFE6-FE2D-42F0-2080-A8BF070AC9DD} - (no file)
O2 - BHO: (no name) - {B0EA457B-4507-49C0-98B6-D91B2526A582} - (no file)
O2 - BHO: (no name) - {BCA98CE9-49DA-4C5C-A393-F340637C53ED} - (no file)
O2 - BHO: (no name) - {DE43CFDF-5EF8-46D0-AEE4-EE2FEDC8EBFD} - (no file)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Aahqmkh] C:\WINDOWS\system32\F?nts\w?aclt.exe
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

============================================
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

calli · « **Reply #8 on:** May 13, 2010, 02:42:40 PM »

Ask Remover Version 1.1 - Written by Belahzur

The current time and date is 15:46:05.85 Thu 05/13/2010

Microsoft Windows XP [Version 5.1.2600]

==== STARTING CHECK ====
C:\Program Files\AskPBar has been found!

==== Starting removal of Ask ====
C:\Program Files\AskPBar Deleted.

Applying removal of Ask Toolbar registry keys.

==== REGISTRY DUMP ====

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page   REG_SZ   www.nbc15.com

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Search_URL   REG_SZ   http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL   REG_SZ   http://www.yahoo.com/

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page   REG_SZ   http://www.yahoo.com/

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Search Bar   REG_SZ   http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

*** The above keys may not need fixing ***

calli · « **Reply #9 on:** May 13, 2010, 03:44:45 PM »

ComboFix 10-05-13.02 - Angel 05/13/2010 16:08:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.165 [GMT -5:00]
Running from: c:\documents and settings\Angel\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Angel\g2mdlhlpx.exe
c:\documents and settings\Angel\GoToAssistDownloadHelper.exe
c:\program files\Common Files\asembl~1
c:\program files\driver
c:\program files\Drmupgds
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\isgTi19
c:\temp\isgTi19\lPig.log
c:\temp\tn3
c:\windows\system32\dlxckacs.ini
c:\windows\system32\fnts~1
c:\windows\system32\hkcmd.exe
c:\windows\system32\muskyyyx.ini
c:\windows\system32\trngidev.ini
c:\windows\system32\vmtqaxue.ini
c:\windows\system32\vnydvfjs.ini

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Legacy_MSCONTROLSERVICE
-------\Legacy_NNSERV
-------\Service_NNServ

((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-13 15:48 . 2010-05-13 15:51   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-13 15:15 . 2010-05-13 15:15   --------   d-----w-   c:\documents and settings\Angel\Application Data\Malwarebytes
2010-05-13 15:14 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 15:14 . 2010-05-13 15:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 15:14 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-13 15:14 . 2010-05-13 15:14   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-12 22:24 . 2010-05-12 22:24   --------   d-----w-   c:\documents and settings\Angel\Application Data\OnlineArmor
2010-05-12 22:24 . 2010-05-12 22:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-05-12 22:18 . 2010-05-12 22:18   --------   d-----w-   c:\program files\CCleaner
2010-05-12 21:31 . 2010-04-20 09:13   24440   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-05-12 21:31 . 2010-04-20 09:13   29560   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-05-12 21:31 . 2010-04-20 09:13   228216   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-05-12 21:31 . 2010-05-12 21:31   --------   d-----w-   c:\program files\Tall Emu
2010-05-12 20:39 . 2010-05-06 20:33   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-05-12 20:39 . 2010-05-06 20:39   164048   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-05-12 20:39 . 2010-05-06 20:34   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-05-12 20:39 . 2010-05-06 20:39   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-05-12 20:39 . 2010-05-06 20:33   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-05-12 20:39 . 2010-05-06 20:33   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-05-12 20:39 . 2010-05-06 20:33   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-05-12 20:39 . 2010-05-06 20:59   38848   ----a-w-   c:\windows\system32\avastSS.scr
2010-05-12 20:39 . 2010-05-06 20:59   165032   ----a-w-   c:\windows\system32\aswBoot.exe
2010-05-12 20:39 . 2010-05-12 20:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-12 20:39 . 2010-05-12 20:39   --------   d-----w-   c:\program files\Alwil Software
2010-05-12 16:25 . 2010-05-13 16:08   --------   d-----w-   c:\program files\Trend Micro
2010-05-11 20:44 . 2010-05-11 20:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-11 20:39 . 2010-05-11 20:39   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-05-11 20:39 . 2010-05-11 20:39   --------   d-----w-   c:\documents and settings\Angel\Application Data\SUPERAntiSpyware.com
2010-05-11 20:03 . 2010-05-11 20:03   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-05-11 15:48 . 2010-05-11 15:52   --------   d-----w-   c:\documents and settings\Angel\Application Data\PrevxCSI
2010-05-10 20:58 . 2010-05-12 22:57   --------   d-----w-   c:\documents and settings\Angel\Local Settings\Application Data\jglawheik

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 20:51 . 2005-10-06 16:45   --------   d-----w-   c:\program files\Dl_cats
2010-05-13 20:46 . 2008-03-06 21:25   --------   d-----w-   c:\program files\AskPBar
2010-05-13 19:21 . 2005-10-05 19:09   --------   d-----w-   c:\program files\ESPOnline
2010-05-13 17:03 . 2008-01-31 18:44   2568   --sha-w-   c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-05-13 15:52 . 2005-09-30 02:20   --------   d-----w-   c:\program files\Common Files\Java
2010-04-27 15:21 . 2007-07-02 19:02   4548   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-04-01 21:55 . 2008-04-25 19:26   --------   d-----w-   c:\documents and settings\Angel\Application Data\uTorrent
2010-03-30 14:25 . 2010-03-30 14:22   --------   d-----w-   c:\program files\iTunes
2010-03-30 14:22 . 2010-03-30 14:22   --------   d-----w-   c:\program files\iPod
2010-03-30 14:22 . 2008-06-25 17:19   --------   d-----w-   c:\program files\Common Files\Apple
2010-03-30 14:13 . 2008-11-24 15:04   --------   d-----w-   c:\program files\Safari
2010-03-26 20:16 . 2008-02-13 17:41   --------   d-----w-   c:\program files\PrevxCSI
2010-03-25 13:02 . 2010-03-04 15:12   --------   d-----w-   c:\program files\iMesh Applications
2010-03-24 21:16 . 2010-03-24 21:16   508536   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-03-24 20:25 . 2005-09-30 02:25   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-03-24 20:22 . 2005-10-19 16:33   --------   d-----w-   c:\program files\The Weather Channel FW
2010-03-23 19:19 . 2008-03-24 21:55   --------   d-----w-   c:\documents and settings\Angel\Application Data\Facebook
2010-03-22 17:29 . 2010-03-22 17:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\FileCure
2010-03-11 12:38 . 2004-08-11 22:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 22:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 22:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 22:00   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-02-24 12:31 . 2005-09-30 02:04   454016   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-11 22:00   2181376   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 03:59   2058368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2008-02-12 13:43 . 2008-02-12 13:43   10   ----a-w-   c:\program files\.autoreg
2006-01-31 16:21 . 2006-01-31 16:21   40960   ----a-w-   c:\program files\mozilla firefox\plugins\formback.dll
2006-01-31 16:21 . 2006-01-31 16:21   53248   ----a-w-   c:\program files\mozilla firefox\plugins\formcal.dll
2006-01-31 16:21 . 2006-01-31 16:21   86016   ----a-w-   c:\program files\mozilla firefox\plugins\formclok.dll
2006-01-31 16:21 . 2006-01-31 16:21   65536   ----a-w-   c:\program files\mozilla firefox\plugins\formfade.dll
2006-01-31 16:21 . 2006-01-31 16:21   77824   ----a-w-   c:\program files\mozilla firefox\plugins\formfile.dll
2006-01-31 16:22 . 2006-01-31 16:22   143360   ----a-w-   c:\program files\mozilla firefox\plugins\formflds.dll
2006-01-31 16:22 . 2006-01-31 16:22   53248   ----a-w-   c:\program files\mozilla firefox\plugins\formgif.dll
2006-01-31 16:22 . 2006-01-31 16:22   167936   ----a-w-   c:\program files\mozilla firefox\plugins\formgrid.dll
2006-01-31 16:22 . 2006-01-31 16:22   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formhpic.dll
2006-01-31 16:22 . 2006-01-31 16:22   57344   ----a-w-   c:\program files\mozilla firefox\plugins\formicon.dll
2006-01-31 16:23 . 2006-01-31 16:23   53248   ----a-w-   c:\program files\mozilla firefox\plugins\forminfo.dll
2006-01-31 16:23 . 2006-01-31 16:23   147456   ----a-w-   c:\program files\mozilla firefox\plugins\formjpeg.dll
2006-01-31 16:23 . 2006-01-31 16:23   49152   ----a-w-   c:\program files\mozilla firefox\plugins\formlink.dll
2006-01-31 16:23 . 2006-01-31 16:23   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formmarq.dll
2006-01-31 16:24 . 2006-01-31 16:24   143360   ----a-w-   c:\program files\mozilla firefox\plugins\formmask.dll
2006-01-31 16:24 . 2006-01-31 16:24   61440   ----a-w-   c:\program files\mozilla firefox\plugins\formport.dll
2006-01-31 16:24 . 2006-01-31 16:24   106496   ----a-w-   c:\program files\mozilla firefox\plugins\formpri.dll
2006-01-31 16:24 . 2006-01-31 16:24   49152   ----a-w-   c:\program files\mozilla firefox\plugins\formprog.dll
2006-01-31 16:24 . 2006-01-31 16:24   77824   ----a-w-   c:\program files\mozilla firefox\plugins\formqt3.dll
2006-01-31 16:24 . 2006-01-31 16:24   49152   ----a-w-   c:\program files\mozilla firefox\plugins\formroll.dll
2006-01-31 16:24 . 2006-01-31 16:24   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formsbar.dll
2006-01-31 16:24 . 2006-01-31 16:24   53248   ----a-w-   c:\program files\mozilla firefox\plugins\formslid.dll
2006-01-31 16:25 . 2006-01-31 16:25   65536   ----a-w-   c:\program files\mozilla firefox\plugins\formtbar.dll
2006-01-31 16:25 . 2006-01-31 16:25   36864   ----a-w-   c:\program files\mozilla firefox\plugins\formtile.dll
2006-01-31 16:25 . 2006-01-31 16:25   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formtime.dll
2006-01-31 16:25 . 2006-01-31 16:25   40960   ----a-w-   c:\program files\mozilla firefox\plugins\formtran.dll
2006-01-31 16:25 . 2006-01-31 16:25   77824   ----a-w-   c:\program files\mozilla firefox\plugins\formtree.dll
2006-01-31 16:25 . 2006-01-31 16:25   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formwash.dll
2005-10-05 20:03 . 2005-10-05 20:03   122880   ----a-w-   c:\program files\mozilla firefox\plugins\orfc.dll
2006-01-31 16:28 . 2006-01-31 16:28   200704   ----a-w-   c:\program files\mozilla firefox\plugins\orfcexec.dll
2006-01-31 16:20 . 2006-01-31 16:20   245760   ----a-w-   c:\program files\mozilla firefox\plugins\orfcgui.dll
2006-01-31 16:21 . 2006-01-31 16:21   249856   ----a-w-   c:\program files\mozilla firefox\plugins\orfcmain.dll
2007-07-23 18:07 . 2007-07-02 19:14   88   --sh--r-   c:\windows\system32\18449F2888.sys
2007-11-13 20:11 . 2007-11-13 20:11   56   --sh--r-   c:\windows\system32\88289F4418.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-28 4269296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"QuickBooksDB17"="c:\program files\Intuit\QuickBooks Premier\QBDBMgrN.exe" [2006-09-13 128536]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"g7dcamon"="c:\program files\VersaJette M300-V08\g7dcamon.exe" [2007-08-28 25256]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Outlook Express\profsyxyrtir.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Desktop Alert.lnk]
backup=c:\windows\pss\Desktop Alert.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^PrevxCSI.lnk]
backup=c:\windows\pss\PrevxCSI.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a88d01ab
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 00:51   39792   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2007-03-01 22:31   360448   ----a-w-   c:\program files\Browser MOUSE\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 21:15   221184   ----a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15   81920   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07   141608   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50   53248   ----a-w-   c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 13:50   131072   ----a-w-   c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08   417792   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-10-15 18:07   214296   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
2007-05-16 15:18   1856544   ----a-w-   c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccPwdSvc"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"NProtectService"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GhostStartService"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Premier\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\g7dccoms.exe"=
"c:\\Program Files\\VersaJette M300-V08\\g7dcamon.exe"=
"c:\\Program Files\\VersaJette M300-V08\\App4R.exe"=
"c:\documents and settings\Angel\Application Data\Facebook\facebook.exe"= c:\documents and settings\Angel\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBServerUtilityMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\g7dcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\g7dcpswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10172:TCP"= 10172:TCP:FileManagement.exe

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2010 3:39 PM 164048]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [5/12/2010 4:31 PM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [5/12/2010 4:31 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [5/12/2010 4:31 PM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/12/2010 3:39 PM 19024]
R2 g7dc_device;g7dc_device;c:\windows\system32\g7dccoms.exe -service --> c:\windows\system32\g7dccoms.exe -service [?]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [5/12/2010 4:31 PM 1284600]
S3 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [5/12/2010 4:31 PM 3364856]
.
Contents of the 'Scheduled Tasks' folder

2010-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-05-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = www.nbc15.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {03846D71-5032-4097-A653-14529479A481} = 195.242.208.40
TCP: {7894E062-F09F-4719-8DA6-BE881C500E11} = 195.242.208.40
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Angel\Application Data\Mozilla\Firefox\Profiles\fpll780x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2310656&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nbc15.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com//web?src=ffb&q=
FF - plugin: c:\documents and settings\Angel\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Angel\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_orfc.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npcpbrk7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeployJava1.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npmozax.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppl3260.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nprjplug.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npsnapfish.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_orfc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE 08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9 EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90 D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0E CEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF2 5635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27 B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF8 49DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF 1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE 1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4E A0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44 6462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID08 62E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2 A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B 05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8 E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID65 9796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78 071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC 3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE6 7D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC 5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6E C5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67 CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73 600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB0 2EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBA E5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28 B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D 53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3 266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB3 3AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID15 3B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3B BE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B 5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5 C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06 969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFB F37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1 A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID36 8F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43 969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA2 05DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06 8D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF4 43E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3 6A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID37 9805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6 240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26 C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92 B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2A A5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0A AACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D 56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID94 6121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB8 53303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E 578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D 065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44 51D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06 4B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38 F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4E C68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44 F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
HKCU-Run-Tair - c:\progra~1\COMMON~1\ASEMBL~1\netdde.exe
HKLM-Run-dlccmon.exe - c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
HKLM-Run-igfxhkcmd - c:\windows\system32\hkcmd.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
MSConfigStartUp-AcctMgr - c:\program files\Norton SystemWorks\Password Manager\AcctMgr.exe
MSConfigStartUp-GhostStartTrayApp - c:\program files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL
MSConfigStartUp-Norton SystemWorks - c:\program files\Common Files\Symantec Shared\CfgWiz.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Drmupgds - c:\program files\Drmupgds\Drmupgds.exe
AddRemove-Router - c:\program files\Router\UnInstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 16:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\
W32X86\3\DLCCtime.dll,_RunDLLEntry@16?

?

??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(436)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\g7dccoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-13 16:38:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-13 21:37

Pre-Run: 27,412,525,056 bytes free
Post-Run: 27,538,432,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3CA39C587EE5C5979F80361ECB4F0F2A

SuperDave · « **Reply #10 on:** May 13, 2010, 06:01:26 PM »

Did you send that file to Jotti's for scanning? I will need the log.

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
=======================================

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

If you agree, you should uninstall RegistryBooster 2

=======================================================

P2P - I see you have P2P software installed on your machine. (uTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

===========================================

Can you please tell me what this is: c:\program files\.autoreg
==========================================

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Folder::
c:\program files\AskPBar
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

calli · « **Reply #11 on:** May 14, 2010, 07:11:02 AM »

I tried to send that file to Jotti's but when I click in the window next to browse a file upload box comes up and I am unable to paste the file into the box. Any ideas? I have also deleted all the programs that you suggested.

calli · « **Reply #12 on:** May 14, 2010, 07:57:14 AM »

Here is the combo fix scan
ComboFix 10-05-13.03 - Angel 05/14/2010 8:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.193 [GMT -5:00]
Running from: c:\documents and settings\Angel\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Angel\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskPBar

.
((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.

2010-05-13 21:20 . 2004-08-04 10:00   50176   ----a-w-   c:\windows\system32\proquota.exe
2010-05-13 21:20 . 2004-08-04 10:00   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2010-05-13 15:48 . 2010-05-13 15:51   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-13 15:15 . 2010-05-13 15:15   --------   d-----w-   c:\documents and settings\Angel\Application Data\Malwarebytes
2010-05-13 15:14 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 15:14 . 2010-05-13 15:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 15:14 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-13 15:14 . 2010-05-13 15:14   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-12 22:24 . 2010-05-12 22:24   --------   d-----w-   c:\documents and settings\Angel\Application Data\OnlineArmor
2010-05-12 22:24 . 2010-05-12 22:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-05-12 22:18 . 2010-05-12 22:18   --------   d-----w-   c:\program files\CCleaner
2010-05-12 21:31 . 2010-04-20 09:13   24440   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-05-12 21:31 . 2010-04-20 09:13   29560   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-05-12 21:31 . 2010-04-20 09:13   228216   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-05-12 21:31 . 2010-05-12 21:31   --------   d-----w-   c:\program files\Tall Emu
2010-05-12 20:39 . 2010-05-06 20:33   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-05-12 20:39 . 2010-05-06 20:39   164048   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-05-12 20:39 . 2010-05-06 20:34   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-05-12 20:39 . 2010-05-06 20:39   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-05-12 20:39 . 2010-05-06 20:33   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-05-12 20:39 . 2010-05-06 20:33   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-05-12 20:39 . 2010-05-06 20:33   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-05-12 20:39 . 2010-05-06 20:59   38848   ----a-w-   c:\windows\system32\avastSS.scr
2010-05-12 20:39 . 2010-05-06 20:59   165032   ----a-w-   c:\windows\system32\aswBoot.exe
2010-05-12 20:39 . 2010-05-12 20:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-12 20:39 . 2010-05-12 20:39   --------   d-----w-   c:\program files\Alwil Software
2010-05-12 16:25 . 2010-05-13 16:08   --------   d-----w-   c:\program files\Trend Micro
2010-05-11 20:44 . 2010-05-11 20:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-11 20:39 . 2010-05-11 20:39   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-05-11 20:39 . 2010-05-11 20:39   --------   d-----w-   c:\documents and settings\Angel\Application Data\SUPERAntiSpyware.com
2010-05-11 20:03 . 2010-05-11 20:03   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-05-11 15:48 . 2010-05-11 15:52   --------   d-----w-   c:\documents and settings\Angel\Application Data\PrevxCSI
2010-05-10 20:58 . 2010-05-12 22:57   --------   d-----w-   c:\documents and settings\Angel\Local Settings\Application Data\jglawheik

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 13:07 . 2008-04-25 19:26   --------   d-----w-   c:\documents and settings\Angel\Application Data\uTorrent
2010-05-13 20:51 . 2005-10-06 16:45   --------   d-----w-   c:\program files\Dl_cats
2010-05-13 19:21 . 2005-10-05 19:09   --------   d-----w-   c:\program files\ESPOnline
2010-05-13 17:03 . 2008-01-31 18:44   2568   --sha-w-   c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-05-13 15:52 . 2005-09-30 02:20   --------   d-----w-   c:\program files\Common Files\Java
2010-04-27 15:21 . 2007-07-02 19:02   4548   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-03-30 14:25 . 2010-03-30 14:22   --------   d-----w-   c:\program files\iTunes
2010-03-30 14:22 . 2010-03-30 14:22   --------   d-----w-   c:\program files\iPod
2010-03-30 14:22 . 2008-06-25 17:19   --------   d-----w-   c:\program files\Common Files\Apple
2010-03-30 14:13 . 2008-11-24 15:04   --------   d-----w-   c:\program files\Safari
2010-03-26 20:16 . 2008-02-13 17:41   --------   d-----w-   c:\program files\PrevxCSI
2010-03-25 13:02 . 2010-03-04 15:12   --------   d-----w-   c:\program files\iMesh Applications
2010-03-24 21:16 . 2010-03-24 21:16   508536   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-03-24 20:25 . 2005-09-30 02:25   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-03-24 20:22 . 2005-10-19 16:33   --------   d-----w-   c:\program files\The Weather Channel FW
2010-03-23 19:19 . 2008-03-24 21:55   --------   d-----w-   c:\documents and settings\Angel\Application Data\Facebook
2010-03-22 17:29 . 2010-03-22 17:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\FileCure
2010-03-11 12:38 . 2004-08-11 22:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 22:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 22:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 22:00   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-02-24 12:31 . 2005-09-30 02:04   454016   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-08-11 22:00   2181376   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 03:59   2058368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2008-02-12 13:43 . 2008-02-12 13:43   10   ----a-w-   c:\program files\.autoreg
2006-01-31 16:21 . 2006-01-31 16:21   40960   ----a-w-   c:\program files\mozilla firefox\plugins\formback.dll
2006-01-31 16:21 . 2006-01-31 16:21   53248   ----a-w-   c:\program files\mozilla firefox\plugins\formcal.dll
2006-01-31 16:21 . 2006-01-31 16:21   86016   ----a-w-   c:\program files\mozilla firefox\plugins\formclok.dll
2006-01-31 16:21 . 2006-01-31 16:21   65536   ----a-w-   c:\program files\mozilla firefox\plugins\formfade.dll
2006-01-31 16:21 . 2006-01-31 16:21   77824   ----a-w-   c:\program files\mozilla firefox\plugins\formfile.dll
2006-01-31 16:22 . 2006-01-31 16:22   143360   ----a-w-   c:\program files\mozilla firefox\plugins\formflds.dll
2006-01-31 16:22 . 2006-01-31 16:22   53248   ----a-w-   c:\program files\mozilla firefox\plugins\formgif.dll
2006-01-31 16:22 . 2006-01-31 16:22   167936   ----a-w-   c:\program files\mozilla firefox\plugins\formgrid.dll
2006-01-31 16:22 . 2006-01-31 16:22   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formhpic.dll
2006-01-31 16:22 . 2006-01-31 16:22   57344   ----a-w-   c:\program files\mozilla firefox\plugins\formicon.dll
2006-01-31 16:23 . 2006-01-31 16:23   53248   ----a-w-   c:\program files\mozilla firefox\plugins\forminfo.dll
2006-01-31 16:23 . 2006-01-31 16:23   147456   ----a-w-   c:\program files\mozilla firefox\plugins\formjpeg.dll
2006-01-31 16:23 . 2006-01-31 16:23   49152   ----a-w-   c:\program files\mozilla firefox\plugins\formlink.dll
2006-01-31 16:23 . 2006-01-31 16:23   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formmarq.dll
2006-01-31 16:24 . 2006-01-31 16:24   143360   ----a-w-   c:\program files\mozilla firefox\plugins\formmask.dll
2006-01-31 16:24 . 2006-01-31 16:24   61440   ----a-w-   c:\program files\mozilla firefox\plugins\formport.dll
2006-01-31 16:24 . 2006-01-31 16:24   106496   ----a-w-   c:\program files\mozilla firefox\plugins\formpri.dll
2006-01-31 16:24 . 2006-01-31 16:24   49152   ----a-w-   c:\program files\mozilla firefox\plugins\formprog.dll
2006-01-31 16:24 . 2006-01-31 16:24   77824   ----a-w-   c:\program files\mozilla firefox\plugins\formqt3.dll
2006-01-31 16:24 . 2006-01-31 16:24   49152   ----a-w-   c:\program files\mozilla firefox\plugins\formroll.dll
2006-01-31 16:24 . 2006-01-31 16:24   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formsbar.dll
2006-01-31 16:24 . 2006-01-31 16:24   53248   ----a-w-   c:\program files\mozilla firefox\plugins\formslid.dll
2006-01-31 16:25 . 2006-01-31 16:25   65536   ----a-w-   c:\program files\mozilla firefox\plugins\formtbar.dll
2006-01-31 16:25 . 2006-01-31 16:25   36864   ----a-w-   c:\program files\mozilla firefox\plugins\formtile.dll
2006-01-31 16:25 . 2006-01-31 16:25   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formtime.dll
2006-01-31 16:25 . 2006-01-31 16:25   40960   ----a-w-   c:\program files\mozilla firefox\plugins\formtran.dll
2006-01-31 16:25 . 2006-01-31 16:25   77824   ----a-w-   c:\program files\mozilla firefox\plugins\formtree.dll
2006-01-31 16:25 . 2006-01-31 16:25   45056   ----a-w-   c:\program files\mozilla firefox\plugins\formwash.dll
2005-10-05 20:03 . 2005-10-05 20:03   122880   ----a-w-   c:\program files\mozilla firefox\plugins\orfc.dll
2006-01-31 16:28 . 2006-01-31 16:28   200704   ----a-w-   c:\program files\mozilla firefox\plugins\orfcexec.dll
2006-01-31 16:20 . 2006-01-31 16:20   245760   ----a-w-   c:\program files\mozilla firefox\plugins\orfcgui.dll
2006-01-31 16:21 . 2006-01-31 16:21   249856   ----a-w-   c:\program files\mozilla firefox\plugins\orfcmain.dll
2007-07-23 18:07 . 2007-07-02 19:14   88   --sh--r-   c:\windows\system32\18449F2888.sys
2007-11-13 20:11 . 2007-11-13 20:11   56   --sh--r-   c:\windows\system32\88289F4418.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-28 4269296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"QuickBooksDB17"="c:\program files\Intuit\QuickBooks Premier\QBDBMgrN.exe" [2006-09-13 128536]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"MXO Auto Loader"="c:\windows\MXOALDR.EXE" [2003-04-07 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"g7dcamon"="c:\program files\VersaJette M300-V08\g7dcamon.exe" [2007-08-28 25256]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Outlook Express\profsyxyrtir.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Desktop Alert.lnk]
backup=c:\windows\pss\Desktop Alert.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^PrevxCSI.lnk]
backup=c:\windows\pss\PrevxCSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 00:51   39792   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2007-03-01 22:31   360448   ----a-w-   c:\program files\Browser MOUSE\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 21:15   221184   ----a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15   81920   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07   141608   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50   53248   ----a-w-   c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 13:50   131072   ----a-w-   c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08   417792   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-10-15 18:07   214296   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccPwdSvc"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"NProtectService"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"GhostStartService"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Premier\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\g7dccoms.exe"=
"c:\\Program Files\\VersaJette M300-V08\\g7dcamon.exe"=
"c:\\Program Files\\VersaJette M300-V08\\App4R.exe"=
"c:\documents and settings\Angel\Application Data\Facebook\facebook.exe"= c:\documents and settings\Angel\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBServerUtilityMgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\g7dcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\g7dcpswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10172:TCP"= 10172:TCP:FileManagement.exe

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2010 3:39 PM 164048]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [5/12/2010 4:31 PM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [5/12/2010 4:31 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [5/12/2010 4:31 PM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/12/2010 3:39 PM 19024]
R2 g7dc_device;g7dc_device;c:\windows\system32\g7dccoms.exe -service --> c:\windows\system32\g7dccoms.exe -service [?]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [5/12/2010 4:31 PM 1284600]
S3 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [5/12/2010 4:31 PM 3364856]
.
Contents of the 'Scheduled Tasks' folder

2010-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-05-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-28 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = www.nbc15.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {03846D71-5032-4097-A653-14529479A481} = 195.242.208.40
TCP: {7894E062-F09F-4719-8DA6-BE881C500E11} = 195.242.208.40
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Angel\Application Data\Mozilla\Firefox\Profiles\fpll780x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2310656&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nbc15.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com//web?src=ffb&q=
FF - plugin: c:\documents and settings\Angel\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Angel\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_orfc.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npcpbrk7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeployJava1.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npmozax.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppl3260.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nprjplug.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npsnapfish.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_orfc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE 08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9 EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90 D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0E CEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF2 5635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27 B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF8 49DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF 1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE 1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4E A0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44 6462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID08 62E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2 A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B 05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8 E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID65 9796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78 071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC 3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE6 7D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC 5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6E C5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67 CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73 600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB0 2EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBA E5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28 B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D 53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3 266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB3 3AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID15 3B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3B BE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B 5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5 C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06 969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFB F37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1 A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID36 8F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43 969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA2 05DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06 8D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF4 43E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3 6A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID37 9805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6 240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26 C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92 B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2A A5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0A AACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D 56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID94 6121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB8 53303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E 578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D 065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44 51D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06 4B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38 F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4E C68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44 F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Uniblue RegistryBooster2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 08:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1348)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\g7dccoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-14 08:56:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-14 13:56
ComboFix2.txt 2010-05-13 21:38

Pre-Run: 27,531,964,416 bytes free
Post-Run: 27,495,464,960 bytes free

- - End Of File - - AF0E8EBA3C709C90343606E674E27279

calli · « **Reply #13 on:** May 14, 2010, 10:52:40 AM »

Also I have no idea what c:\programfiles\.autoreg is.

SuperDave · « **Reply #14 on:** May 14, 2010, 11:14:54 AM »

Ok. Please try this one.

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

Code: [Select]

C:\Program Files\Router\Router.exe
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.
=========================================

Quote

Also I have no idea what c:\programfiles\.autoreg is.

Please see if you can uninstall it.

=========================================

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Computer Hope Forum

News:

Author Topic: windows security alert (Read 13007 times)

calli

windows security alert

Allan

Re: windows security alert

SuperDave

Re: windows security alert

calli

Re: windows security alert

calli

Re: windows security alert

calli

Re: windows security alert

calli

Re: windows security alert

SuperDave

Re: windows security alert

calli

Re: windows security alert

calli

Re: windows security alert

SuperDave

Re: windows security alert

calli

Re: windows security alert

calli

Re: windows security alert

calli

Re: windows security alert

SuperDave

Re: windows security alert